Personal data

CHARTER RELATING TO THE PROTECTION OF PERSONAL DATA OF THE DIVERSE-LTDA GROUP

Diverse-ltda Participations, which is part of the Diverse-ltda Group, is very committed to the protection of personal data and your privacy, which are two principles protected by the Charter of Fundamental Rights of the European Union.

The processing of personal data implemented within the framework of the activities of the Diverse-ltda Group complies with the rules relating to privacy, in particular the General Data Protection Regulation (EU Regulation 2016/679) known as "GDPR", and the law of 6 January 1978, as amended, relating to information technology, files and freedoms, known as the "Information Technology and Freedoms" law.

The Diverse-ltda Group has set up a department dedicated to the protection of personal data, which ensures the effective implementation of specific procedures and processes, in order to raise awareness among its employees, involve its partners and subcontractors in the protection of personal data and guarantee the compliance of the processing of personal data for which it is responsible.

This charter (hereinafter “the Charter”) aims to inform you of the reasons why the Diverse-ltda Group is required to process your personal data, the manner in which the Diverse-ltda Group does so and your rights in this regard.

DIVERSE-LTDA GROUP COMMITMENTS TO THE PROTECTION OF PERSONAL DATA

In order to ensure the best level of protection for your personal data, the Diverse-ltda Group is committed to complying with the GDPR by establishing a certain number of basic principles in the processing of personal data carried out, including:

  • Lawfulness, fairness, transparency: your personal data is processed in a lawful, fair and transparent manner;
  • Purpose limitation: your personal data is collected for specific, explicit and legitimate purposes, and is not further processed in a manner incompatible with those purposes;
  • Data minimization: only adequate and relevant data is collected and is limited to what is necessary for the purposes for which it is processed;
  • Retention limitation: your personal data is retained for a limited period which does not exceed the period necessary to achieve the purpose of the processing. These periods are in accordance with legal retention periods;
  • Accuracy: your personal data is accurate, kept up to date and all reasonable steps are taken to ensure that inaccurate data, having regard to the purposes for which it is processed, is erased or rectified as soon as possible;
  • Security: your personal data is subject to security by effective technical and organizational measures adapted to the risks that the processing presents for your right to respect for your private life and your other rights and freedoms.

Internal procedures are in place to comply with the guiding principles of personal data protection regulations from the outset and by default. Where applicable, our relationships with external service providers are secured by contracts that provide a real level of security for your personal data Most of our services, service providers, remote applications, and servers required to process your personal data are located within the European Union. When your personal data is transferred outside the European Union, we adopt the appropriate safeguards provided for by the applicable regulations. Where applicable, you can access the relevant documents (i.e., the European Commission's standard contractual clause).

RIGHTS OF DATA SUBJECTS

With regard to the processing of personal data, you have a number of rights in accordance with applicable regulations:

  • Right to information on processing: in order to respect the principle of loyalty and transparency, the Diverse-ltda Group must inform you prior to the collection of your personal data. This information allows you to understand and, where applicable, to consent to the processing that the Diverse-ltda Group offers you;
  • Right of access to your personal data: once your data has been collected and processed by the Diverse-ltda Group, you have the possibility of obtaining a copy of your personal data held by the Diverse-ltda Group;
  • Right of rectification: to the extent that your data will not always be up to date, you have the right to correct any data concerning you that is not accurate;
  • Right to withdraw consent: If you have given your consent to processing, you can withdraw it at any time, without affecting the lawfulness of the processing before its withdrawal;
  • Right to object to processing:you have the possibility to restrict processing in the following cases:
    • You contest the accuracy of the personal data, for a period enabling the Diverse-ltda Group to verify the accuracy of the personal data;
    • The processing is unlawful and you want the use of the data to be restricted instead of being erased
    • Diverse-ltda no longer needs the personal data for the purposes of processing but you wish for it to be retained for the establishment, exercise or defense of your legal rights;
    • You have objected to the processing under your right to object pending verification of whether the legitimate grounds pursued by Diverse-ltda override yours.
  • Right to erasure of data: You can request to erase the data we process for a legitimate reason in the following cases:
    • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • You wish to withdraw your consent (see right to withdraw your consent)
    • You object to the processing of your personal data for a legitimate reason
    • The personal data has been unlawfully processed;
    • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • Right to portability: when processing is based on your consent, you can request the transfer of personal data to another controller, or receive said data in a structured, commonly used and machine-readable format;
  • Right not to be subject to automated individual decision-making (including profiling): Except where otherwise provided, you have the right not to be subject to automated individual decision-making, such as profiling, which produces legal effects or significantly affects you.

To process your request, we invite you to:

  • Mention your first and last name(s)
  • If it is a right of access, specify the categories of data you wish to access
  • If it is another right, specify the reason for your request (which right you wish to exercise and for what reason)
  • Attach proof of identity

If the request is made by a representative:

  • Provide proof of mandate and identity of the agent
  • Provide proof of identity of the authorized person

LEGAL BASES

The legal justifications on the basis of which we can process your personal data are:

  • Consent;
  • The legitimate interest of the data controller.

RETENTION PERIOD

Your personal data is kept for the period necessary to achieve the purposes described in this Charter. It is then archived in accordance with legal and/or regulatory obligations, and/or to enable the Diverse-ltda Group to establish proof of a right or contract (applicable limitation periods).

IT SECURITY

The security of processing and personal data is one of the Diverse-ltda Group's priorities. We make every effort to implement appropriate technical and organizational measures in light of the challenges and risks associated with personal data protection. Training is provided to our employees on personal data protection. They are subject to an obligation of confidentiality. Our websites are subject to technical protection, and communication with your computer is encrypted via an HTTPS (TLS) stream.