Below you’ll find answers to the following question
1. What do I need to know to understand this Notice?
To make your reading easier, we’ve provided definitions for some of the terms used in this Notice:
- National Data Protection Authority (ANPD): The authority responsible for overseeing, implementing, and monitoring compliance with the LGPD.
- Clients: Companies that purchase products or services from the Clash Group.
- Controller: The natural or legal person who has decision-making authority regarding the processing of personal data.
- Personal Data: Any information that can identify an individual, such as name, identification documents, and contact information.
- Data Protection Officer: The person appointed by Clash Group companies to act as the primary point of contact on matters related to personal data protection.
- Processor: A natural or legal person who processes personal data on behalf of the controller, following its instructions.
- Data Subject: The individual to whom the personal data being processed by Clash Group refers.
- Processing: Any operation involving personal data, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.
2. Who does this Notice apply to?
This Notice is intended for:
- Clients and their legal representatives
- Potential Clients (leads)
- Visitors of websites, platforms, and landing pages of Clash Group companies (collectively referred to as “Digital Environments”)
Clash Group companies offer a broad range of solutions and services to Clients, who maintain direct relationships with their respective end customers (“end customers”). In such cases, we primarily act as data processors, while the Client—acting as the controller—is responsible for the use of their end customers’ information.
Therefore, this Notice only applies to end customers who have completed a registration or engaged directly with us. We recommend that end customers refer to the Privacy Notice of the Client with whom they have a relationship in order to understand how their information is handled. It’s important to highlight that Clash Group has no influence or responsibility regarding the data privacy and protection practices of our Clients.
3. What personal data do we process?
Depending on your relationship with us, we may process the following types of personal data:
- Registration data: name, personal identification documents (such as RG and CPF), email, phone number, date of birth, and address
- Business data: the company you belong to, job title, business segment, corporate phone number and email
- Access credentials: login and password
- Financial data: bank account details, credit card and billing information, and transaction records
- Electronic browsing data: browser used, IP address, access logs (date and time), geographic location, internet service provider, and information related to browsing in our Digital Environments (such as visit duration and pages accessed)
- Audiovisual data: image and voice data from recorded customer service calls or audio
- Other information: depending on your interaction with Clash Group companies, we may process additional details such as information about the products and services we provide or that you’ve inquired about, as well as feedback submitted through satisfaction surveys
4. How is personal data collected?
Personal data may be collected in the following ways:
- Provided directly by the data subject through interactions with Clash Group companies and our products and services—for example, by filling out our forms or contacting us through our service channels
- Provided by third parties, such as business partners and other Clash Group companies
- Automatically collected through the use of our Digital Environments
5. For what purposes do we process personal data?
| Purpose | Personal Data | Data Subjects | Legal Basis |
|---|---|---|---|
| Enable the contracting of products and services offered by Clash Group companies, and related preliminary procedures | Registration and business data | Clients and their legal representatives | Contract execution or preliminary procedures / Legitimate interest |
| Process payments | Financial data | Clients and their legal representatives | Contract execution or preliminary procedures / Legitimate interest |
| Provide services related to those contracted, such as technical support, maintenance, customer service, and provision of information | Registration and business data | Clients and their legal representatives | Contract execution or preliminary procedures / Legitimate interest |
| Enable registration and access to systems and logged-in environments | Access credentials | Clients and their legal representatives | Contract execution or preliminary procedures / Legitimate interest |
| Conduct satisfaction surveys and various statistical studies for business analysis and strategic planning | Registration, business, and additional data | Clients, legal representatives, and potential clients (leads) | Legitimate interest |
| Prevent fraud and other unlawful actions | Registration and electronic navigation data | Clients, legal representatives, potential clients (leads), and visitors | Legitimate interest |
| Send communications about Clash Group’s services, including newsletters, offers, promotions, event invitations, and other internal initiatives | Registration data | Clients, legal representatives, and potential clients (leads) | Legitimate interest |
| Respond to requests, inquiries, and questions submitted through our contact channels | Registration, business, and additional data | Clients, legal representatives, potential clients (leads), and visitors | Legitimate interest |
| Enable pricing, improvement, and update of services and solutions, and creation of new products and features | Business and financial data | Clients, legal representatives, and potential clients (leads) | Legitimate interest |
| Conduct credit analysis | Financial data | Clients | Credit protection |
| Comply with legal and regulatory obligations, such as issuing invoices and maintaining access records | Registration, financial, and electronic navigation data | Clients, legal representatives, and visitors | Legal or regulatory compliance |
| Enable the exercise of rights in judicial, administrative, or arbitration proceedings | Registration, business, and financial data | Clients and their legal representatives | Legitimate exercise of rights |
| Process reports and complaints received through Ombudsman and Customer Service channels | Registration, audiovisual, and additional data | Clients, legal representatives, potential clients (leads), and visitors | Legitimate interest |
| Develop, fix, and optimize features in our Digital Environments, and analyze their effectiveness, usage, and operational errors | Electronic navigation data | Clients, legal representatives, potential clients (leads), and visitors | Legitimate interest |
| Analyze the performance of websites, portals, and applications; measure audience; and study browsing habits and access statistics | Electronic navigation data | Clients, legal representatives, potential clients (leads), and visitors | Legitimate interest |
6. How long do we store personal data?
7. How do we protect personal data?
Personal data is kept secure and confidential. To that end, we implement reasonable technical and organizational security measures to protect personal data against unauthorized access and/or accidental or unlawful situations involving destruction, loss, alteration, disclosure, or dissemination, in accordance with our Information Security Policies.
These measures include the use of technologies such as logical access controls to ensure that information is accessible only to authorized individuals, identity management, encryption, backups, and antivirus/antispam tools. Additionally, we adopt administrative procedures such as policies, protocols, and internal staff training.
Se quiser que eu transforme isso em uma versão resumida para clientes ou parceiros, ou mesmo num material visual para apresentação, posso te ajudar com isso também. Vamos em frente? 🔐🧠📊
8. With whom do we share personal data?
To fulfill the purposes described in this Notice, we may share your personal data with third parties, in compliance with legal justifications and applicable limits.
Some of these third parties include:
- Companies within the Clash Group, to enable centralized business management
- Suppliers, service providers, and business partners that support the operation of our activities, such as technology providers, payment processors, and law firms
- Competent authorities, to comply with legal and regulatory obligations or respond to official requests
- Potential buyers or investors, in the event of corporate transactions involving Clash Group companies
International data transfer:
We may transfer personal data to entities located outside Brazil, such as cloud storage servers in other countries. In such cases, international data transfers will be carried out in accordance with applicable legislation.
9. What are your rights and how can you exercise them?
Under the LGPD, data subjects are granted rights over their personal data, which may be exercised subject to applicable technical and legal limitations, as well as identity verification requirements where appropriate.
These rights include:
- Request confirmation of whether your personal data is being processed
- Request access to your personal data
- Request correction of incomplete, inaccurate, or outdated personal data
- Request blocking, deletion, or anonymization of unnecessary, excessive, or improperly processed personal data
- Request portability of your personal data, subject to criteria defined by the National Data Protection Authority
- Withdraw any consents previously given for the use of your personal data
- Request deletion of personal data processed based on your consent
- Request information about the sharing of your personal data
- Request information about the consequences of denying consent to process your personal data
- Object to the improper use of your personal data
- Request the criteria or review of decisions made solely by automated means (without human involvement)
- File a petition with the National Data Protection Authority (ANPD)
If you wish to exercise your rights regarding the use of your personal data, please contact us through the Data Subject Portal.
In addition, our commercial marketing communications include mechanisms that allow you to opt out or unsubscribe from such communications.
10. How do we use cookies?
To enhance your experience while using our Digital Environments, we may use cookies—files that enable the automatic collection of information when you visit a webpage.
Below, we describe the types of cookies used on our websites and their respective purposes:
10.1. Necessary Cookies
Name | Purpose | Retention Period |
|---|---|---|
Pll_language | Language settings | 12 months |
AdoptVisitorId | Stores anonymized visitor identifier | 2 months |
AdoptConsent | Stores consent | 2 months |
AdoptConsentMode | Controls consent option | 1 second |
10.2. Marketing Cookies
Name | Purpose | Retention Period |
|---|---|---|
rc::f | Tracks browsing activity to deliver ads | Indefinite / local |
10.3. Statistical Cookies
Name | Purpose | Retention Period |
|---|---|---|
_ga_9MN9K79NZG | Identifies users | 13 months |
_ga | Records page views | 13 months |
10.4. Functional Cookies
Name | Purpose | Retention Period |
|---|---|---|
_GRECAPTCHA | Risk and spam analysis and verification | 6 months |
rc::a | Analyzes user behavior | Indefinite / local |
_trf.src | Analyzes marketing campaign performance | 12 months |
_hjSession_2569395 | Stores current session data | 30 minutes |
_hjAbsoluteSessionInProgress | Tracks unique visitor requests | 30 minutes |
Can you block or reject the use of cookies?
Yes, you can configure your browser to block cookies on our websites. However, please note that blocking cookies may impair some functionalities.
For more information about managing cookies, check the following browser-specific links:
11. Third-Party Links
This Notice does not apply to any third-party products, services, or social media features that may be offered or accessed through our Digital Environments. We have no responsibility or influence over how these third-party websites process your personal data.
12. Contact Channel
If you have any questions, please contact our Data Protection Officer:
Name: Ricardo Castro
Contact Channel: privacidade@clashbr.com
This Notice may be updated or amended at any time.
Last updated: November 19, 2024