The Brazilian Association of Software Companies (ABES) works with the purpose of contributing to the construction of a More Digital and Less Uneven Brazil, in which information technology plays a fundamental role in the democratization of knowledge and the creation of new opportunities for all. ABES' objective is to ensure a business environment conducive to innovation, ethical, dynamic and globally competitive.
The entity actively participates in the revolution promoted by the digital transformation, promoting entrepreneurship and innovation, demanding public policies for the construction of a strong sectorial model, strategically suited to the global reality and with legal certainty.
THE ABES promotes integration among its associates (startups, micro, small, medium and large companies), approximately 2,000 companies, believing that together they will be stronger and more competitive. The association also strengthens its representation through agreements signed with the main regional players in the Brazilian technology sector, in order to be relevant to its members and a national and international reference in the technology sector.
THE ABES is committed to respecting privacy, protection of personal data and data security and handling personal data collected in accordance with legislation relating to privacy and protection of personal data in Brazil, such as Law No. 12.965/14 (Marco Civil da Internet), Law No. 13.709/2018 (LGPD), among other national and international standards relating to privacy and protection of personal data.
- What personal data we collect;
- How and why we use it;
- To whom we disclose them; and
- How we protect your privacy when you use our services or our website.
In carrying out activities, the ABES performs various operations for processing personal data, and can be characterized as the Controller or Operator of Personal Data, in accordance with the definitions of the LGPD, reinforcing, in all positions it occupies, its commitment to complying with the rules of privacy and data protection applicable personnel.
This Policy applies (i) to employees of ABES; (ii) to all third parties, whether individuals or legal entities acting for or on behalf of ABES in operations involving the processing of personal data that are carried out within the scope of the activities carried out by the ABES; (iii) to personal data processing agents external to ABES that in any way relate to the association; and (iii) to the holders of personal data, whose data are processed by ABES.
Holder of Personal Data (Handholder): natural person to whom the personal data that are the object of processing refer;
Personal Data: information related to an identified or identifiable natural person;
Sensitive Personal Data: personal data on racial or ethnic origin, religious conviction, political opinion, membership in a union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person;
Anonymized Data: data relating to a holder that cannot be identified, considering the use of reasonable technical means available at the time of its treatment;
Controller: natural or legal person, under public or private law, who are responsible for decisions regarding the processing of personal data;
Operator: natural or legal person, under public or private law, who processes personal data on behalf of the controller;
In charge: person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD);
Treatment: any operation performed with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction;
Anonymization: use of reasonable technical means available at the time of processing, whereby data loses the possibility of direct or indirect association with an individual;
Consent: free, informed and unequivocal statement by which the holder agrees with the processing of their personal data for a specific purpose;
National Data Protection Authority (ANPD): public administration body responsible for overseeing, implementing and supervising compliance with this Law throughout the national territory.
THE ABES will comply with the following personal data protection principles when processing personal data:
- Goal: a ABES will process personal data only for legitimate, specific, explicit and informed purposes to the holder of personal data, without the possibility of further processing in a manner incompatible with these purposes;
- Adequacy: a ABES will process personal data in a manner compatible with the purposes informed to the data subject, and in accordance with the context of the processing;
- Need: the processing of personal data carried out by ABES it will be limited to the minimum necessary for the accomplishment of its purposes, including the pertinent data, proportional and not excessive in relation to the purposes of the processing;
- Free access: a ABES will guarantee the holders of personal data free and easy consultation on the form and duration of the treatment, as well as on the completeness of their data;
- data quality: a ABES will guarantee, to the holders of personal data, the accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its processing;
- Transparency: a ABES will guarantee, to the holders of personal data, clear, precise and easily accessible information on the processing and the respective agents for the processing of personal data, observing commercial and industrial secrets;
- Safety: a ABES will use technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination;
- Prevention: a ABES take measures to prevent damage from occurring as a result of the processing of personal data;
- non-discrimination: a ABES it will guarantee the impossibility of carrying out the processing of personal data for illegal or abusive discriminatory purposes;
- Accountability and accountability: a ABES undertakes to demonstrate the adoption of effective measures capable of proving the observance and compliance with the rules for the protection of personal data, and the effectiveness of these measures.
3. Rights of Data Subjects
Holders of personal data have the following rights, granted by the Personal Data Protection Law:
- Right of confirmation and access: it is the data subject's right to obtain from the ABES confirmation that the personal data concerning you are or are not the object of processing and, if so, the right to access your personal data;
- right of correction: it is the holder's right to obtain the ABES, without undue delay, the rectification of inaccurate personal data concerning you;
- Right to data deletion: it is the holder's right to have their data deleted by ABES, when possible. In many cases, the ABES will anonymize personal data instead of deleting it.
- Right to limitation of data processing: it is the right of the holder to limit the treatment of their personal data, being able to obtain it when they dispute the accuracy of the data, when the processing is unlawful, when the ABES no longer need the data for the proposed purposes and when you have opposed the processing of data and in case of unnecessary data processing;
- right of opposition: it is the holder's right, at any time, to object, for reasons related to his particular situation, to the processing of personal data concerning him, and may also object to the use of his personal data to define a marketing profile ( profiling);
- Data portability right: it is the right of the holder to receive the personal data that concern him and that he has provided to ABES, in a structured, commonly used, machine-readable format, and the right to transmit such data to third parties;
- Right not to be subjected to automated decisions: is the holder's right not to be subject to any decision taken solely on the basis of automated processing, including the definition of profiles (profiling), that have effects in their legal sphere or that affect them significantly in a similar way.
The data subject may exercise their rights by means of written communication sent to ABES, specifying:
– Full name or company name, CPF number (Individual Taxpayer Registration, Federal Revenue Service of Brazil) or CNPJ (National Legal Entity Register, Federal Revenue Service of Brazil) and e-mail address of the holder and, if applicable, case, from your representative;
– Right you want to exercise with ABES;
– Date of order and signature of the holder;
– Document that can demonstrate or justify the exercise of your right.
The request must be sent to the email: email@example.com, or by mail, to the following address: Av. Ibirapuera 2.907 – 8th Floor – Cj. 811 – Moema – CEP: 04029-200 – São Paulo – SP.
4. Duty not to provide third party data
During the relationship with the ABES, in order to safeguard and protect the rights of third parties, the holder must provide only their personal data, not those of third parties.
5. Personal data collected
The personal data that the ABES holder collection are:
5.1. Data entered in the association form: Personal data (name, gender, email, telephone) informed by the holder (Legal Representative, Principal Representative and Alternate Representative of member companies), using the member form provided by ABES, will be collected and stored.
5.2. Newsletter/Webinars/Downloadable Publications: The name, surname and e-mail address registered by the Holder who chooses to register will be collected and stored.
5.3. Navigation Data: This data includes all the information that the ABES collection of the holder when accessing and browsing the website of the ABES, includes, among other data, the browser you use, IP address, average time spent, date and city of access, the pages the Holder visits and how he navigates the website, the duration of visits to certain pages, the services that the Holder viewed and searched for reference sources (eg how the Owner arrived at the website).
6. Sensitive data
Sensitive personal data refers to various categories of personal data identified by data privacy laws as that data that requires special treatment, including in some circumstances the need to obtain your consent from the data subject.
THE ABES recognizes that the processing of sensitive personal data represents higher risks to the holder of personal data and for this reason the company assumes the commitment to safeguard and take special care with regard to the processing of sensitive personal data. If ABES collect sensitive personal data, pursuant to art. 11 et seq. of the LGPD.
7. Data from children and adolescents
THE ABES is concerned with protecting the privacy of children and adolescents. The services offered by ABES they are not designed or intended for use by persons under the age of eighteen (18). For this reason, we do not collect or knowingly request information from persons under 18 (eighteen) years of age in the forms available on our services and if, by chance, we receive personal data from children and adolescents, this data will be treated with the same level of care required and offered to the data sensitive personnel, but will also be subject to the specific provisions set out in Chapter II, Section III, of the LGPD, and other specific applicable regulations.
8. Legal basis for the processing of personal data
All personal data processing operations within the scope of the activities carried out by the ABES they will have a legal basis that legitimizes their realization, with a stipulation of the purpose and designation of those responsible for the processing.
The performance of personal data processing operations by the ABES can be performed:
– by providing consent by the holder of personal data: When the Holder provides his consent in a free, informed and unambiguous way, agreeing to the processing of his personal data for a specific purpose, prior to the Processing.
- for the fulfillment of a legal or regulatory obligation by the controller: When necessary, for the ABES may comply with a legal or regulatory obligation to which it is subject.
– to carry out studies by research body, guaranteed, whenever possible, the anonymization of personal data.
– when necessary for the execution of contract or preliminary procedures relating to a contract to which the Holder is a party, at the request of the Holder: When the ABES enters into a contract with the Cardholder or performs obligations under the Cardholder, for the benefit of the Cardholder or preliminary procedures relating to this contract.
- to regular exercise of rights in judicial, administrative or arbitration proceedings, the latter pursuant to Law No. 9,307, of September 23, 1996 (Arbitration Law).
- to the life protection or the physical safety of the data subject or third parties;
- to the health care, in a procedure performed by health professionals or health entities.
– when necessary to meet the legitimate interests of the controller or third parties, except where fundamental rights and freedoms of the data subject that require the protection of personal data prevail: A ABES has a legitimate interest in carrying out the Processing (including a legitimate interest in operating the business of the ABES, to provide services to the Holder, to alert him to other services that may be of interest to the Holder and to maintain or improve the services of the ABES) and we will always respect the rights, freedoms or interests of the Holders.
- to the credit protection, including the provisions of the relevant legislation.
9. Purposes of processing personal data
THE ABES may use your personal data for a number of different purposes, which may include:
- relate to the people who represent the member companies in ABES;
- provide information about services and sending invitations to events;
- to customize the content offered to the Holder, as well as to give support to ABES to improve the quality and functioning of its services;
- fulfillment of our obligations under any contracts entered into between ABES and its associates, service providers, employees, partners, suppliers;
- keeping a record of your relationship with us;
- analyses, research and study;
- seeking your opinions or comments about the services we provide;
- notifying you of changes to our addresses and services;
- sending communications that you have requested from us that may be of interest to you. These may include information about campaigns, activities and promotions of our services; and other content of interest to you.
THE ABES will only send marketing communications by email, text and telephone if the Rightholder has explicitly provided his prior consent. The Holder may opt-out of receiving marketing communications at any time by clicking on the unsubscribe link at the end of our marketing emails or via email: firstname.lastname@example.org
10. Period for Retention of Personal Data
THE ABES will keep the Holders' personal data for the time necessary to achieve the purpose, and the time for the retention of the Holders' personal data may be determined by contractual and legal considerations.
The personal data of the Holders can only be kept after the end of their treatment in the following cases:
– for compliance with a legal or regulatory obligation by the controller;
– for study by a research body, ensuring, whenever possible, the anonymization of personal data;
– for transfer to a third party, provided that the data processing requirements laid down in legislation are respected;
– for the exclusive use of the controller, its access by a third party being prohibited, and provided that the data is anonymized.
11. Sharing data with third parties
THE ABES may disclose the personal data of Holders with third parties, in order to achieve the purposes established in this policy and to achieve the corporate purpose, defined in the Bylaws of the ABES. These third parties may include service providers, suppliers, agents, subcontractors and other associated organizations for the purpose of completing tasks and providing services to the Rightholder on behalf of the ABES. However, when the ABES uses these third parties, discloses only the personal data necessary for the provision of the services and enters into a contract that requires third parties to keep your information secure and prevents them from using it for purposes other than those that the Holder authorized the ABES.
12. From the Data Protection Officer
The data protection officer is the professional in charge of informing, advising and controlling the data controller, as well as the workers who process the data, regarding the website's obligations under the Personal Data Protection Law and others data protection provisions in national and international law, in cooperation with the competent supervisory authority.
The data protection officer of the ABES can be contacted by email email@example.com.
13. Security in the processing of the Holder's personal data
THE ABES undertakes to apply technical and organizational measures to protect personal data from unauthorized access and from situations of destruction, loss, alteration, communication or dissemination of such data.
To guarantee safety, solutions will be adopted that take into account: the appropriate techniques; application costs; the nature, scope, context and purposes of the processing; and the risks to the rights and freedoms of the Holder.
The website uses a SSL (Secure Socket Layer) certificate which guarantees that personal data are transmitted in a secure and confidential manner, so that the transmission of data between the server and the Owner, and in feedback, occurs in a fully encrypted or encrypted manner.
However, the ABES disclaims liability for the sole fault of third parties, such as in the case of a hacker or cracker attack, or the sole fault of the Owner, as in the case where he himself transfers his data to a third party. THE ABES also undertakes to notify the Holder within an adequate period of time in the event of any type of breach of the security of his/her personal data that may pose a high risk to his/her rights and personal freedoms.
14. Navigation data (cookies)
Cookies are small text files sent by the website to the computer of the Holder and stored on it, with information related to browsing the website.
Through cookies, small amounts of information are stored by the Owner's browser so that our server can read them later. Data can be stored, for example, about the device used by the Owner, as well as their location and time of access to the website.
Cookies do not allow any file or information to be extracted from the Holder's hard drive, and it is not possible, through them, to access personal information that did not come from the Holder or the way he uses the website's resources .
It is important to emphasize that not every cookie contains information that allows the identification of the Owner, and certain types of cookies can be used simply for the site to load correctly or for its functions to work as expected.
14.1. third party cookies
Some of our partners may set cookies on the devices of the Owners who access our website.
These cookies, in general, aim to enable our partners to offer their content and services to the Owner who accesses our website in a personalized way, by obtaining navigation data extracted from their interaction with the website.
Within these principles, definitions and purpose, we use the Google Analytics tool that collects and analyzes the following data from navigations on our portal:
- Source IP address;
- Access time and browsing time on the portal;
- Origin site, including search engines and social networks;
- Browser and operating system used;
- Device Class (PC, smartphone, tablet);
- Pages accessed and “path taken”.
14.2. social media cookies
The site uses social media plugins, which allow you to access them from the site. Thus, in doing so, the cookies used by them may be stored in the Owner's browser.
Each social network has its own privacy and personal data protection policy, with the individuals or legal entities that hold them responsible for the data collected and for the privacy practices adopted.
The Holder may search, along social networks, for information on how his/her personal data are treated. For information purposes, we provide the following links, from which the privacy and cookie policies adopted by some of the main social networks can be consulted:
THE ABES reserves the right to modify these rules at any time, especially to adapt them to the evolution of the services provided by the ABES, either by making new features available, or by suppressing or modifying existing ones.
By accessing the ABES Portal and/or using the services after any changes, the Holder demonstrates his agreement with the new standards.