Business Contacts Contact Work with us Investors Privacy - LGPD
Linkedin Instagram Facebook Youtube
Search

PRIVACY TERM

Home > PRIVACY TERM

PRIVACY STATEMENT

The privacy and protection of personal data is important to Electro Aço Altona S.A., and it is effectively practiced in all our business processes, by all our employees and in the relationship with all our customers, suppliers, third parties, service providers and business partners.  

To this end, we have developed this Privacy Statement in order to present to data subjects how we treat and protect personal data and how we guarantee rights related to privacy and data protection.

In addition to this Privacy Statement, Electro Aço Altona S.A. maintains an internal governance program in Information Security and Data Protection covering the continuous development and maintenance of an Information Security Policy and a Data Protection Policy.

1. WHO ARE WE?

We are Electro Aço Altona S.A., under CNPJ 82.643.537-0001/34, specialized in Foundry and Machining for more than 100 years in the market, with headquarters in Blumenau.

We represent or own other companies or CNPJs in our group:

  • Industria Magayver Eireli 09.157.440/0001-21
  • Modelacao Kimze Eireli 82.173.980/0001-99
  • Altona Engenharia Industrial Ltda 45.543.096/0001-72
  • Altona Administradora de Bens S.A 30.821.861/0001-00

2. GENERAL INFORMATION AND PRINCIPLES

In this Privacy Statement we observe the privacy and data protection requirements defined in LAW No. 13.709, OF AUGUST 14, 2018 – General Data Protection Law.

The concepts, terms and definitions that we apply in this Privacy Statement are defined in Art. 5 of LAW No. 13.709, OF AUGUST 14, 2018 – General Data Protection Law.

For the privacy and protection of personal data, Electro Aço Altona S.A. observes the following principles in this Privacy Statement and in its internal governance program for Information Security and Data Protection, in accordance with LAW No. 13.709, OF AUGUST 14, 2018 - General Data Protection Law:

  1. Purpose: the processing of personal data can only take place after a clear purpose has been defined, duly recorded in the purpose statement and with a defined legal basis.
  2. Adequacy: the treatment must be restricted to the defined purpose and must not occur in a manner incompatible with that purpose.
  3. Necessity: the information obtained must be restricted to the minimum necessary to carry out the previously defined purpose, covering only the relevant data for this purpose.
  4. Free Access: the holders of personal data must have a service channel that allows them to consult on the form, treatment and security of their personal data.
  5. Data Quality: the data processed must be clear, accurate, relevant and updated, in relation to their respective specific purposes.
  6. Transparency: personal data subjects must have a service channel that allows them to obtain clear and accurate information about the processing carried out with their data, including in relation to the processing agents involved.
  7. Security: Electro Aço Altona S.A. must plan, implement, maintain, critically analyze and continuously improve technical and administrative information security management measures.
  8. Prevention: technical and administrative information security management measures must also act to prevent incidents from occurring.
  9. Non-Discrimination: under no circumstances will the processing of data of individuals be used in discriminatory, unlawful or abusive situations.
  10. Responsibility and Accountability: Electro Aço Altona S.A. must have controls and mechanisms to demonstrate the effectiveness of its information security and data protection measures.


3. FOR WHAT PURPOSES AND LEGAL BASES DO WE PROCESS PERSONAL DATA?

We at Electro Aço Altona S.A. only process personal data after defining a specific purpose and legal basis for doing so.

In our internal Information Security and Data Protection governance program, we have a detailed mapping of all the purposes and legal bases we use for processing personal data, through our Record of Processing Activities (RoPA), including definitions of categories of data used, resources involved (e.g. information systems used), transfers abroad and sharing with other companies.

Basically, we process personal data in the following cases and with the following legal bases:

Purpose Case and Legal Basis Personal Data Sensitive
Personal
Data
1. Administrative and operational processes for the fulfillment of contracts signed with our customers.

X

-
2. Administrative and operational processes, when requested by customers explicitly through consent.

X

X
3. Internal procedures of legitimate interest that make it possible to serve customers, at their request via contract or consent, always with the legitimate aim of better serving the customer's interests.

X

-
4. Internal procedures for compliance with legal obligation, according to cases and needs provided for by law.

X

X
5. Situations related to credit protection when so identified, applicable and always in accordance with the law.

X

-
6. Situations related to our regular exercise of rights, when so identified, applicable and always in accordance with the law.

X

X
7. Compliance with requirements for public policies, when so identified, applicable and always in accordance with the law.

X

X
8. Compliance with requirements for research bodies, when so identified, applicable and always in accordance with the law.

X

X
9. Situations related to the protection of life, when so identified, applicable and always in accordance with the law.

X

X
10. Situations related to health protection, when so identified, applicable and always in accordance with the law.

X

X
11. Situations related to fraud prevention and security of the holder, always observing the fundamental rights and freedoms of the holder.

-

X

If you wish to receive detailed information on the purposes and legal bases relating specifically to the processing of your personal data, please refer to section 12 of this Privacy Statement.

4. HOW, WHEN AND WHAT PERSONAL DATA DO WE COLLECT?

We collect your data only through our information systems and corporate channels duly approved by our data protection officer, i.e. Electro Aço Altona S.A. does not collect personal data through any type of personal resources (e.g. e-mail, whatsapp, etc.) from its employees, suppliers, service providers or business partners.

At the time we collect your data, we have already defined the specific purpose and legal basis for processing the data, duly defined in our Record of Processing Activities (RoPA), as mentioned in section 3 of this Privacy Statement.

We collect only the data strictly necessary to carry out the specific purpose defined in the Operations Record. The categories of data that can be collected, according to the need of each specific purpose are:

  1. Registration – category that involves basic information of an individual. E.g. Name, ID, CPF, telephone, address, etc.
  2. Administrative – category that involves administrative information produced from registration data. E.g. Contracts, forms, reports, etc.
  3. Financial – category of data that involves financial information when related to an individual. E.g. billing slip, financial history, payments, etc.
  4. Sensitive Medicals – category to represent sensitive medical data such as medical records, exam results, clinical information on the patient, genetic data, psychological information, diseases and the like.
  5. Sensitive Others – category to represent non-medical sensitive data such as racial or ethnic origin, religious conviction, political opinion, union membership or organization of a religious, philosophical or political nature, data related to sexual or biometric life.
  6. Minors – this category relates to the others to indicate that the data involved may be from minors.
  7. Multimedia – in this category the data involves the treatment of photos, videos, audios, image, voice, geolocation and the like.
  8. Digital Logs – category of data that includes cookies, IP addresses and system logs to denote user behavior. E.g. navigation logs.
  9. Anonymized - category used to indicate the existence of data that does not identify individuals.
  10. Others – category to represent exceptional data that did not fall into the previous categories, in this case the specific data type will be mentioned in the Record of Personal Data Processing Activities (RoPA).


5. HOW DO WE STORE AND ACCESS PERSONAL DATA?

At Electro Aço Altona S.A. we store and access personal data only through duly approved corporate resources and only after the definition of a specific purpose and legal basis in our Record of Personal Data Processing Activities (RoPA).

To protect the storage and access to personal data, we use technical and administrative Information Security controls, which are defined in our Information Security Policy and maintained through our internal information security and data protection governance program.

Personal data are stored strictly for the time necessary to fulfill the purpose and legal basis, after this time the data may be deleted, anonymized or kept by defining a new purpose and its respective legal basis, always in compliance with current legislation.

For more information on the retention and deletion of personal data please refer to section 8 of this Privacy Statement.

6. WHEN DO WE TRANSFER PERSONAL DATA ABROAD?

The headquarters and internal operations of Electro Aço Altona S.A. are in Brazil, but our suppliers, service providers and business partners may have headquarters and/or operations abroad. In these cases, we may need to transfer personal data abroad.

Whenever Electro Aço Altona S.A. transfers data abroad, we will verify compliance with the recipient company in relation to Brazilian privacy and data protection legislation and the data transfer will only occur if we believe that such compliance is adequate.

All purposes and legal bases that generate data transfer abroad are properly mapped in our Record of Processing Activities (RoPA).

If you would like to receive detailed information about our overseas transfers relating specifically to the processing of your personal data, please contact our Personal Data Officer in accordance with the “Contact Us” section of this Privacy Statement.

7. HOW, WHEN AND WHAT PERSONAL DATA DO WE SHARE WITH OTHER PROCESSING AGENTS?

Other data processing agents, such as operators or controllers, may receive personal data shared by Electro Aço Altona S.A.. In these cases, personal data will only be shared for specific purposes and with defined legal bases.

All situations of sharing personal data with other controllers and operators are duly defined in our Record of Processing Activities (RoPA).
We will only share data with other processing agents when we have a formal relationship with such agent that justifies such sharing. This formal relationship can be defined through a contract or through terms, declarations or agreements between the parties.

The sharing of personal data will only occur through formal resources and channels made available by Electro Aço Altona S.A. or by the processing agents, that is, no exchange of data will occur through resources or channels not agreed between the parties.

Only personal data strictly necessary for the performance of the specific purposes assigned to the processing agent, whether operator or controller, will be shared.

8. HOW LONG DO WE RETAIN AND HOW DO WE DELETE PERSONAL DATA?

Personal data is retained only for as long as necessary for the performance of the purpose for which it was collected. After the performance of this purpose, personal data may be:

  1. Anonymized: in this case, personal data is kept in such a way as not to identify its owner and to guarantee the irreversibility of the data, i.e. it cannot be associated again with data that identifies the owner;
  2. Kept for another purpose: after the end of a purpose, the data may be kept when associated with another purpose and its respective legal basis. For example, at the end of a contract or consent, data may still be kept for compliance with a legal obligation or for the regular exercise of rights of Electro Aço Altona S.A., always observing compliance with current legislation;
  3. Deleted: in this case the data is deleted.

When we delete personal data, whether physical or logical, we do so in such a way that the data can no longer be recovered.
Some of our purposes, due to their specific characteristics, may have a specific personal data retention time, in this case such definition will be included in our Record of Processing Activities (RoPA).

9. DO WE USE COOKIES OR OTHER TYPES OF DIGITAL TRACES?

Electro Aço Altona S.A. websites, systems, portals and applications may use cookies and other types of digital traces. Digital traces can be of the following types:

  • Essential or Necessary: These are cookies and digital traces required for the basic functioning of websites, systems, portals and applications. In this case the traces will be used strictly for the operation of the respective systems;
  • Optional: these are cookies and optional digital traces for the operation of websites, systems, portals and applications. Examples are marketing traces, statistics, and personalized experience. In these cases, consent will be requested for the use of cookies and digital traces for their specific purposes.

Our Record of Processing Activities (RoPA) defines all the purposes and legal bases that make use of cookies and digital traces.

10.HOW DO WE PROTECT PERSONAL DATA THROUGH INFORMATION SECURITY MANAGEMENT?

We at Electro Aço Altona S.A. are committed to the planning, execution and monitoring of actions, critical analysis and continuous improvement in an Information Security Management System. To this end, we used as a basis the precepts defined in ABNT NBR ISO/IEC 27001 - SGSI-Sistema de Gestão de Segurança da Informação (Information Security Management System) together with Tracker Segurança da Informação's information security management methodologies.

We maintain an Information Security Policy (internal document) with the necessary and adequate controls to guarantee the confidentiality, integrity and availability of the information under our control.

We also act more specifically in the management of privacy and data protection, in this case based on the precepts defined in ABNT NBR ISO/IEC 27701 – SGPI - Information Privacy Management System together with the privacy and data protection management methodologies of Tracker Segurança da Informação.

We maintain a Data Protection Policy (internal document) with the necessary and adequate controls to guarantee the privacy and protection of personal data under our control.

The Information Security Policy and the Data Protection Policy, together with their derived documents (specific policies, rules and procedures) form our internal Information Security and Data Protection program, continuously maintained and updated in our company.

11. WHAT ARE THE RIGHTS OF THE PERSONAL DATA SUBJECT AND HOW ARE THEY EXERCISED?

The following rights of personal data subjects are observed and duly made available by Electro Aço Altona S.A.:

  1. Confirmation: confirm the existence of processing of your personal data.
  2. Access: access your personal data.
  3. Correction: Request that incomplete, outdated, or incorrect data be corrected.
  4. Anonymization, blocking or deletion: request anonymization, blocking or deletion in the case of unnecessary, excessive or processed personal data in violation of the LGPD. Deletion is included here even after consent.
  5. Portability: request the transfer of personal data to another supplier, service, product.
  6. Sharing: request information about the public and private entities with which the controller has shared personal data.
  7. Revocation of Consent: revoke at any time the consent to use your personal data processed.
  8. Automated decision review: request review and information on which criteria and processes are used in automated decision making, when applicable.
  9. Explanation: obtaining information about the possibility of not consenting to the processing of personal data and about the consequences of refusal. This includes any other explanations or requests requested by the holders.

If you wish to exercise your rights, whether those mentioned above or any others related to privacy and protection of personal data, please contact our Data Protection Officer in accordance with section 12 of this Privacy Statement.

12. TALK TO OUR DATA PROTECTION OFFICER.

The data protection officer (DPO-Data Protection Officer) of Electro Aço Altona S.A. is Ricardo Beber, Infrastructure Analyst.

The contact for the Data Protection Officer, as well as the channel for requests about privacy and data protection, is seguranca.informacao@altona.com.br.

If you wish to exercise any of your rights or receive detailed information specifically about the processing of your personal data, please contact our personal data protection officer.
The activities of the person in charge consist of:

  • accept complaints and communications from the holders, provide clarifications and adopt measures;
  • receive communications from the national authority and take action;
  • guide employees, contractors regarding the practices to be taken in relation to the protection of personal data;
  • monitor data protection compliance through the implementation of administrative and technical data protection controls.

13. UPDATES TO THIS PRIVACY STATEMENT.

We are always improving the privacy and protection of personal data, so this Privacy Statement can be updated at any time with immediate effect.

We recommend that you periodically review this privacy statement to keep up to date with the latest version made available.

This Privacy Statement is in version 1.2 made available on 03/07/2024.

You can configure your cookie preference by clicking here

Control your privacy

Our website uses cookies to improve navigation. Click "My Options" to manage your cookie preferences

Privacy Policy - Cookies Policy - Terms of use - Request for removal
My options Accepted

Who can use your cookies?

×

Necessary cookies

They are essential as they ensure the correct functioning of the cookie management system itself and restricted access areas of the website. This is the most basic level and cannot be disabled.
Examples: restricted access to customers and cookie management.

Cookies for a better experience (2)

They are used to measure the volume of access we have, so that we can evaluate the functioning of the website and its navigation and to offer you better products and services.
Examples: Google Tag Manager, Facebook Pixel, Google Ads, Google Analytics.more details ›

Google Analytics - Basic Statistics

Shareaholic