policy of Privacy
Introduction
Founded in 2002, It-One specializes in IT services and works with project planning and support, with solutions for monitoring environments, support in resolving incidents, problems and changes and complete management of all the infrastructure necessary for your company. Among the various segments in which we operate, we highlight Security Consulting, always focused on reducing our customers' operational risks by proposing improvements, architecting and implementing protection solutions for all operations, applications and IT environment. All this expertise and market projection was achieved with hard work, planning and certified technical capacity of our team of architects and consultants.
With the entry into force of the General Law for the Protection of Personal Data, It-One reaffirms its commitment to total transparency, legitimacy and security in the processing of data of all those who somehow share their information with the company, whether as controller or operator.
In this document we make clear the most important information about your personal data and the treatments that we will eventually give to them. And feel free to contact our Personal Data Officer at the address indicated at the end.
Glossary
Most of the terms and entries used in this policy derive from the definitions provided by the General Law for the Protection of Personal Data (Law 13.709/2018), but aiming, as much as possible, to allow their understanding. We will explain each one of them below, in a simplified way, in addition to other terms that we believe are interesting to your knowledge on the subject:
a) Personal Data: Any information relating to an identified or identifiable natural person. It comprises any data, regardless of format, that can allow the identification of a natural person, or that, once the person is identified, can be associated with him, revealing a characteristic about him.
b) Sensitive Personal Data: Any personal data that deals with an individual's racial or ethnic origin, religious conviction, political opinion, union membership or organization of a religious, philosophical or political nature. It also includes data relating to the health or sex life of the individual or their genetic or biometric data, whenever linked to a natural person.
c) Anonymized Data: Data will be considered anonymized, or anonymous, when the natural person to whom it is linked cannot be identified by reasonable and available means during the anonymization process. This means that when certain information about someone is treated in a way that makes it virtually impossible to identify that person by reasonable means, the data will be considered anonymized.
d) Data Holder: It is the natural person to whom the personal data subject to processing refers. This is where you, the user of our services or communication channels, fit in.
e) Controller: It is the natural or legal person, of public or private law, who is responsible for decisions regarding the processing of personal data. It is the controller who has decision-making power over the data processed, including the indication of its need, purposes, legal bases assigned and disposal policy.
f) Operator: It is the natural or legal person, governed by public or private law, who processes personal data on behalf of the controller. The operator only treats the data as determined by the controller, as long as they do not violate provisions of the LGPD or other legislation, so it is up to him to strictly follow the treatment scopes defined by the controller and provide security to the data processed.
g) Person in charge: The Person in Charge, also called DPO (Data Protection Officer) due to the European nomenclature, is the person (may be physical or legal) appointed by the processing agent (controller or operator) to act as a communication channel between the controller, the holders and the National Data Protection Authority (ANPD). It is to the Person in Charge that you must direct any and all questions or requests you may have regarding your personal data.
h) Consent: It is the free, informed and unequivocal expression by which the holder agrees to the processing of their personal data for a specific purpose. Despite being the most popular of the legal bases for processing personal data, consent is not the only one, and it is even certain that it may not even be indicated in some cases, such as those in which the treatment takes place by law.
It is important for the holder to know that any and all personal data processing operations carried out on the basis of their consent must be clear and independent, and must be interrupted at any time upon their request.
i) National Data Protection Authority (ANPD): It is the public administration body responsible for overseeing, implementing and monitoring compliance with this Law throughout the national territory. It is to the ANPD that you, the holder of personal data, may submit complaints or complaints about the processing of your personal data, if you believe that you have had any rights violated, or that any treatment is being carried out with your data in disagreement with the GDPR
Furthermore, it is important for you to know that the ANPD is not the only channel through which you can claim your rights. If you understand that any improper treatment of your personal data has resulted in damage, you may also claim your rights before the judiciary, through your own legal action.
Main Collection Channels
It-One is a company that provides consulting services and IT infrastructure solutions. Focused exclusively on serving companies, it will be very unlikely to treat personal data as the object of its business.
However, there are cases in which we may eventually process your personal data. In these cases, the main collection channels are forms on our institutional website where the user fills in optionally, enrollment in selective processes promoted by It-One, commercial actions through contacts on the social network LinkedIn, voluntary enrollment in registrations to receive newsletter, educational, advertising and promotional material.
In all the cases described above, you have the right to know what types of treatment your data is subjected to, duration, purposes, in which situations and cases are shared or if at any time some type of automated decision-making process is carried out. about your data that has been collected and stored.
Therefore, in case of any doubts or considerations regarding this topic, feel free to contact our DPO through the contacts provided at the end of the policy.
Sharing Personal Data
It-One does not have any commercial activity that directly or indirectly involves sharing personal data with third-party companies, partners or suppliers. In this way, the sharing of your personal data will take place when:
I – Absolutely necessary to provide a service to you or the company you represent;
II – Important to add organization and security to the processed data, for example, when they are stored in a cloud hosted on a server external to It-One's;
III – Interesting in the performance of administrative functions, performance measurement, research, development of our services and customer service, adopting, whenever applicable, the anonymization of data in statistical form;
IV – As a result of a court order, legal obligation or by virtue of the competent administrative authority;
In cases where the sharing of data is at the option of It-One, we inform you that we have contracts with our partners duly prepared and in accordance with the legislation in force regarding the processing of personal data, and that all must be in agreement and in line with this policy. It is also important to point out that our information security criteria are strict, always updated, in order to avoid any type of non-compliance that may, in some way, cause damage to you and your personal data.
Information security
It-One is a company specialized in Technology Infrastructure, Consulting and Services. In addition, we have established relationships and partnerships with some of the largest cybersecurity technology manufacturers in the world.
This partnership allows us to have modern, reliable and up-to-date security solutions close to us. In addition, we have a team of experts trained to meet and deliver the desired solutions. Operating 24 hours a day and 7 days a week, our NOC is able to monitor the entire operational environment both internally and for customers with a contract in force.
Our Data Center has a modern and structured structure following the good security practices referenced by ISO 27001. Regarding cloud storage, we only carry out with internationally certified providers.
Thus, It-One works intensively to mitigate the risks of security incidents and, in cases where any failure may occur, our internal processes of identification, detection, protection, respond efficiently and inform whenever necessary in cases that may pose a risk to your privacy.
Legal Basis and Data Life Cycle
It-One does not have any personal data processing operation that does not comply with the legal bases described in articles 7 and/or 11 of the General Law for the Protection of Personal Data.
Always, in any situation, when we process your data, we do so after your express and unequivocal consent, or in cases where some law establishes the obligation of treatment.
We will certainly also process some data with the aim of enabling the execution or previous procedures of a contract to which you are a party. As an example, some treatments routinely occur as a result of the employment contract established, if you are an employee of It-One.
There are still some cases in which we process your data based on our own legitimate interest, but in these cases we will always give you the express option to exercise your opposition, in which case we will immediately stop processing. To this end, you can express your wish through any communication we send you, or at any time, directly with our Data Officer who is indicated at the end of this policy.
The data processed by It-One is stored for the duration of its treatment, as justified by the LGPD, but in some cases, such as personal data of employees, we may store them for a defined time after the end of the relationship. between employee and company, to ensure legal certainty for all parties involved.
It is very important to make it clear that while we have your data stored, for whatever reason, you can request confirmation and validation of this storage and even access the data or even its correction.
Cookies and Browsing Data
Cookies refer to text files sent by our platform to your computer and stored there, with information related to website navigation. Such information is related to access data such as access location and time and is stored by your browser so that our platform's server can read them later in order to customize your access, speed up and provide a better browsing experience.
However, it is necessary that you acknowledge and accept that we may use a navigation data collection system through the use of cookies.
There are two types of cookies: persistent and session. The persistent cookie remains on your hard drive after your browser is closed and will be used on your next visits to our website. These cookies can be removed by following your browser's instructions.
The session cookie is temporary and disappears after the browser is closed.
You can reset your browser to refuse all cookies, however some features of the platform may not function properly if the ability to accept cookies is disabled.
The Data Subject's Rights
The LGPD provides for the processing of personal data, including in digital media, by a natural person or by a legal entity governed by public or private law, in order to protect the fundamental rights of freedom and privacy, the data subject, who can exercise upon request made to our Person in Charge.
The LGPD lists, in its articles 9, 18 and 20, the rights that can be activated by the holder at any time, and the circumstances that need to be met for each of them.
It-One declares that it will serve everyone and that we will always provide clear, accurate and easily understandable information about the processing of your personal data and the respective processing agents, in compliance with the principle of transparency provided for in art. 6, VI, safeguarding the preservation of our commercial and industrial secrets, as well established in this same article and in article 9, II of the LGPD.
Article 9 determines how you can have access to your data, also establishing that you have the right to know the purpose of the treatment carried out, its form and duration, the identity and contact information of the data controller, information that refer to any sharing of the processed data, the responsibilities of the processing agents involved in the process, and, of course, all their inherent rights, listed in art. 18 of the LGPD, and transcribed and explained below.
a) Confirmation of the existence of treatment: You have the right to receive confirmation of the existence of any treatment of your personal data. This means that, although you may not always be able to object to the treatment, you will always be able to know that it takes place and for what purpose;
b) Access to data: You have the right to have access to the processed data, through which you can exercise other rights, including the right to correct incorrect or outdated data;
c) Correction of data: You have the right to validate that your data is correct in our banks, if you find any inconsistency in any data, it is your right to request that it be corrected and updated;
d) Anonymization, blocking or deletion of data: When data is treated unnecessarily, excessively or in disagreement with the LGPD, you may request that they be deleted, blocked or anonymized;
e) Portability: You have the right to request the portability of your data, at any time, to another provider of goods or services, in a format that allows its reading and use, taking into account any regulations of the National Authority on the modality. , and preserving industrial and commercial secrets;
f) Revocation of Consent and Deletion of Data: You may revoke any consent given for the processing of your personal data, at any time, freely, free of charge and unimpeded, at which time the treatments carried out on the basis of this legal basis will be interrupted and the data, at its discretion, deleted. It is important to remember that storages carried out based on another legal basis or in the case of anonymized data, will not be subject to the deletion provided for herein;
g) Information about any sharing: You have the right to know, when you request, about all the shares carried out with your personal data, regardless of whether the third party is a public or private entity;
h) Consequences of not providing consent: Finally, you have the right to know exactly what will be the consequences of not granting consent to any transaction based on it.
For cases in which It-One cannot take immediate action to meet the holder's requests, in compliance with the rights listed in art. 18 of the LGPD, we will respond by explaining the reasons, which may be one of the following:
- It-One is not an agent for processing your data. In this case we will inform, if in our possession, the correct agent; or
- There is some factual or legal reason that prevents the immediate adoption of the action requested by the data subject, and, if possible, it will be duly described and informed in the response that will be sent.
It is important to make it clear that in order for It-One to be able to meet the requests made by the holder, it is possible that we question some data to be sure of your identity and that in fact it is you. And in that case, this collected information will be stored only for that purpose and until the processing of your request.
Validity of this Policy and Version History
This policy is in its second version and was published on the It-One website on June 20, 2021. Whenever it undergoes any changes, it will be published here and will be in accordance with the legislation in force.
The Person in Charge of the Processing of Personal Data (DPO)
It-One's DPO is currently Peterson Pires and you can contact him directly at dpo@itone.com.br.
