This Privacy and Personal Data Protection Policy (“Policy”) describes how Ebara Bombas América do Sul Ltda . (“EBARA”, “Company” or simply “We”) uses and processes your personal data, based on the General Law on Data Protection, in addition to other national regulations that deal with the personal data protection and privacy, such as the Federal Constitution, Civil Code, Consumer Defense Code and Civil Rights Framework for Internet Use.
The word "You" is used in this Policy as a reference to any person who has a relationship with EBARA and, due to this relationship, provides their personal data, for example, customers, potential customers, users of our website, representatives of business partners of Company, candidates of selection process, visitors of our facilities, among others.
We ask that You carefully read the following information as it explains how your personal data can be collected and used, as well as how it will be protected and stored.
It is worth noting that EBARA is committed to protecting the personal data that You provide us, always acting in accordance with applicable law and your interests, in a clear and transparent manner.
Before we inform You how we collect, use and store your personal data, we would like to define some terms used in this Policy so that, in case of doubt, You can consult its meaning:
- a) "LGPD": Law No. 13.709/2018 - the General Law on Data Protection, as well as the ANPD (National Data Protection Authority) regulations and guidelines;
- b) “Personal Data” or “Data”: any and all information related to an identified or identifiable natural person. An identifiable natural person is someone who can be identified, directly or indirectly, mainly, but not limited to, by reference to a unique identifier such as name, identification document number, location data, electronic identifier or one or more specific factors to the physical, psychological, genetic, mental, economic, ideological, cultural or social identity of the natural person;
- c) "Processing": any and all operations or set of operations which are carried out on Personal Data or on a set of Personal Data, by automated means or not, such as consultation, collection, recording, cataloging or organization, structuring, adaptation or alteration, production, reproduction, reception, classification, use, access, processing, archiving, storage, evaluation or control of information, modification, communication, transfer, dissemination, transmission, distribution, dissemination or any form that makes it available, alignment, combination, restriction, elimination or destruction;
- d) “Owner” or “Owners”: it refers to the natural person, whose Personal Data are the focus of the Processing;
- e) “ANPD”: National Data Protection Authority, public administration body responsible for overseeing, implementing and supervising the compliance with this Law throughout the national territory;
- f) “Security Incident”: means (i) the use of Personal Data for purposes other than those informed to its Owners; (ii) unauthorized access to Personal Data; (iii) the submission of Personal Data to accidental or unlawful situations of destruction, loss, alteration or communication; or (d) any other form of inappropriate or unlawful Processing of Personal Data.
2- WHICH PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSE DO WE USE YOUR PERSONAL DATA?
- 2.1. USE OF THE SITE. When using our website, We collect statistical data through cookies, in order to control traffic, track and record the behavior of the public, in order to measure and analyze the activities carried out on the website. By accessing EBARA's website, at the bottom of the page, You will have access a consent tool for privacy and usability of cookies, in which You will be able to obtain more information about who and how your data can be used and thus allow or not sharing of your login information. It is worth noting that disabling cookies may make our services unavailable or impossible.
- 2.2. PARTICIPATION IN THE SELECTION PROCESS. By enrolling in a selection process, we will have access to your Personal Data. As a good practice, we receive applications for job vacancy via:
In addition, we recommend that only the Personal Data strictly necessary to verify your professional qualifications be included in your resume and, if additional information is needed, we will make the necessary inquiries to You in due course.
- 2.3. VISITING OUR FACILITIES. When visiting our facilities, You will be asked to provide us with the following Personal Information: full name, company name to which you belong (if applicable), ID, arrival and departure times and photo that will be collected by EBARA. The collection of this Data is a security measure that aims to keep a record of those who visit our facilities, as well as having the identification of those who were on site in case of emergency or illegal acts. In addition, we have surveillance cameras monitoring our facilities, with the aim of promoting the safety of all those in the environment and protecting their properties and/or assets, as well as those of EBARA.
- 2.4. CONTACT. When contacting EBARA through the icon “Contact Us” ( https://www.ebara.com.br/contato ) on the Company's website, You will be asked to provide us the following Personal Data: name, e-mail and telephone, in addition to the State and City from which You are sending the message. This data is collected so that We can identify the individual who comes in contact with us and in order to answer them efficiently.
- 2.5. REPRESENTATIVES OF BUSINESS PARTNERS AND SUPPLIERS. Every company has people responsible for its management and for the development of its activities. In this way, we have access to the Personal Data of the Owners who represent our business partners. Regarding the Personal Data of Representatives of Business Partners and Suppliers, we have access to those Data made available as determined by the company that the Owner represents, in general: full name, email, telephone number, cell phone number and position held in the company.
3- HOW DO WE HANDLE THE PERSONAL DATA OF CHILDREN AND ADOLESCENTS?
The EBARA is committed to the Personal Data of children and adolescents will always be treated according to your best interest. If the processing of Personal Data of children is carried out, that is, of persons under twelve years of age, we will collect the consent from at least one of the parents or legal guardian, pursuant to Article 7, I, c/c Article 14, §1 of the LGPD.
4- ON WHICH LEGAL BASIS DO WE SUPPORT OURSELVES TO PROCESS YOUR PERSONAL DATA?
- 4.1. USE OF THE SITE. For the Treatment of Personal Data collected as a result of an access that You carried out in our website, we base ourselves on the hypothesis brought by article 7, IX, of the LGPD, that is, to meet the legitimate interests of the controller (We), so that we can carry out our activities as closely as possible to our customers and other third parties.
- 4.2. PARTICIPATION IN SELECTION PROCESS. For the Treatment of your Personal Data for recruitment and selection purposes, we base ourselves on the hypothesis brought by Article 7, V, of the LGPD, considering that the analysis of the Data present in the resume is a preliminary procedure related to the employment contract of which You, as Owner, is interested in being a party when sending us your resume, as well as in the case brought by Article 7, IX c/c Article 10, II, of the LGPD, that is, to meet the legitimate interests of the controller (We) of fill a job vacancy, as well as the legitimate interest of the candidate (You) in participating in the selection process.
- 4.3. VISITING OUR FACILITIES. For the Treatment of your Personal Data for the purposes of controlling access to our facilities and due to the monitoring of the environment by video surveillance, we base ourselves on the hypothesis brought by Article 7, IX, of the LGPD, that is, in our legitimate interest to promote security of our environment and assets, and by Article 11, g of the LGPD, that is, to guarantee fraud prevention and the security of the Owner, in the identification and authentication processes of registration in electronic systems.
- 4.4. CONTACT. For the Treatment of your Data when you wish to contact EBARA, we base ourselves on the hypothesis brought by Article 7, IX, of the LGPD, that is, on our legitimate interest in receiving contact from potential customers and on their legitimate interest as Data Owners, in being attended to.
- 4.5. REPRESENTATIVES OF BUSINESS PARTNERS AND SUPPLIERS. For the Treatment of Personal Data of representatives of companies with which we still do not have a business relationship, we base ourselves on the hypothesis brought by Article 7, IX, of the LGPD, that is, in our legitimate interest in establishing contact with potential suppliers. In relation to suppliers and business partners with an existing business relationship, we process the Personal Data of their representatives based on the hypothesis brought by Article 7, V, of the LGPD, that is, for the execution of the contract signed with that company, as well as for the development of possible projects and/or operations between EBARA and the company You represent.
5- HOW LONG WILL PERSONAL DATA BE STORED?
- 5.1. USE OF THE SITE. According to our internal rules regarding the protection of Personal Data, the Data collected through cookies as a result of the access that You make to our website is only statistical, and it is impossible by any technical means to reveal who is the owner of the data, due to data to be anonymized.
- 5.2. PARTICIPATION IN SELECTION PROCESS. According to our internal rules regarding the protection of Personal Data, EBARA does not have a CV database. Therefore, all collected resumes will be immediately discarded at the end of the selection process.
- 5.3. VISITING OUR FACILITIES. According to our internal rules regarding the protection of Personal Data, the Personal Data processed by Us for the purposes of controlling access to our facilities will be stored for a period of 30 days, counting from the date of each visit. In the case of Personal Data processed as a result of monitoring carried out by surveillance cameras will be stored for a period of up to 30 days from the date of recording.
- 5.4. CONTACT. Pursuant to our internal rules regarding the protection of Personal Data, the Data processed by Us for the purpose of enabling the OWNER to contact EBARA will be stored for a period of 1 year, counting from the date of the last contact made by the Holder.
- 5.5. REPRESENTATIVES OF BUSINESS PARTNERS AND SUPPLIERS. According to our internal rules regarding the protection of Personal Data, Data referring to representatives of companies with which we do not have a business relationship will be stored for a period of 1 year, counting from the date of the last contact made by the Owner. If your company becomes one of our suppliers or business partners, your Personal Data will be kept by Us as long as the relationship between EBARA and your company is in effect. In case of termination of the commercial partnership between EBARA and the company that You represent or if You cease to be a member of the staff/representatives of our commercial partners, your Data will be stored for a period of 1 year, counting from the end of the partnership or formal knowledge that You are no longer part of our partner's staff.
6- WHEN DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES AND FOR WHAT REASON?
- 6.1. EBARA requires that all third parties with whom it shares Personal Data to adopt security, technical and administrative measures capable of protecting your personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or any other inappropriate or unlawful form of treatment, as well as maintain the confidentiality of the information and Personal Data shared, stating the commitment that this Data be used exclusively for the purposes expressly permitted by EBARA and/or applicable legislation. It is worth noting that EBARA is committed to protecting personal data, always acting in accordance with applicable legislation and your interests, in a clear and transparent manner. Below are the specifications regarding the cases in which the sharing of your Personal Data with third parties applies.
- 6.2. USE OF THE SITE. Personal Data collected through the use that Your make of our website is not shared with companies that provides data intelligence and market intelligence services.
- 6.3. VISITING OUR FACILITIES. The Personal Data to which we have access as a result of your visit is not shared with third parties.
- 6.4. CONTACT. As a general rule, the Personal Data to which we have access through the “Contact Us” channel on our website are not shared with third parties.
- 6.5. REPRESENTATIVES OF BUSINESS PARTNERS AND SUPPLIERS. As a general rule, the Personal Data of representatives of our suppliers and business partners to which we have access are not shared with third parties.
7- INTERNATIONAL DATA TRANSFER
The EBARA does not make the international transfer of personal data.
8- END OF TREATMENT
- 8.1. The personal data and Personal Data processed by EBARA will remain in our care for the period necessary to carry out the proposed treatment and fulfill the purpose informed to the Owners, as well as during the retention periods required by applicable legislation, as indicated in this Policy.
- 8.2. Personal data and sensitive personal data that are no longer necessary for the activities carried out by EBARA, whether due to compliance with the purpose or the legislation, will be deleted from EBARA's databases or will be anonymized, at the Company's discretion.
- 8.3. In this sense, EBARA emphasizes that, under the terms of Article 12 of the LGDP, anonymized data does not characterize personal data, as they lose the ability to identify and/or directly or indirectly associate with a natural person.
- 8.4. If the personal data and sensitive personal data are processed through the expression of consent by the Owner, the Owner may, by express manifestation sent through our website ( https://www.ebara.com.br/formulario-lgpd ), revoke the consent provided, which will imply the interruption of the treatment, which must happen within 15 (fifteen) days after receiving the request by EBARA in this regard.
- 8.5. All procedures for deleting personal data and sensitive personal data, including computerized data, must guarantee their final destruction so that there is no risk of their unauthorized use or disclosure.
- 8.6. All procedures for anonymization of personal data and sensitive personal data must be carried out using reasonable technical means available at the time of their processing that are capable of guaranteeing their irreversibility.
9- WHAT ARE YOUR RIGHTS AS THE OWNER OF PERSONAL DATA?
- 9.1. You may, upon express request to EBARA sent through our website ( https://www.ebara.com.br/formulario-lgpd ), have access to information regarding the Processing of your Personal Data, request confirmation of existence of the Treatment, the correction of incomplete, inaccurate and/or outdated Personal Data, the anonymization, blocking or deletion of unnecessary, excessive or processed Personal Data in violation of the provisions of the LGPD, as well as requesting information regarding the sharing of your Personal Data with third parties.
- 9.2. In cases where your Personal Data is processed on the basis of consent, You will have the right to be informed about the possibility of not providing consent and about the consequences of the refusal, as well as the right to withdraw this consent.
- 9.3. To enforce any of the rights provided for in items 9.1 and/or 9.2 above, You must contact EBARA through our website ( https://www.ebara.com.br/formulario-lgpd ), informing which requests You wish to make in relation to the Treatment of your Personal Data. We will respond to your requests within 15 (fifteen) days after completing and submitting the Request Form.
10- DATA PROTECTION OFFICER (DPO)
The EBARA has appointed as its DPO, that is, as the person indicated to act as a communication channel among EBARA, Owners of personal data and ANPD, the person below, which can be accessed at any time through the following contact:
Name: Rodrigo Bovo
- 11.1. The security of Personal Data is one of EBARA's greatest concerns. To protect your Personal Data, we adopt technical and organizational measures necessary for the proper Treatment of your Personal Data, including, but not limited to, the use of user authentication server, implementation of MDM system and firewall for intrusion detection , encryption for the use of VPN, in addition to performing access controls, always considering the current state of technology, the scale and volume of operations that will be carried out and the security and risk mitigation mechanisms compatible with good practices in digital compliance.
- 11.2. The EBARA adopts the principle of privacy by design (“privacy by design") and ensure that the definition and planning of all new or significantly changed systems that process personal data will be subject to due consideration of privacy issues, including impact assessments of personal data protection that include, but are not limited to:
- a) The verification of how personal data will be processed and for what purposes;
- b) The assessment of whether the proposed processing of personal data is necessary and proportionate to the objective(s) intended by the Company;
- c) The risks assessment for the Owners in the processing of personal data;
- d) Which controls are necessary to deal with the identified risks and demonstrate compliance with legislation;
- e) The use of techniques such as anonymization and pseudonymization of data will be considered and applied when appropriate.
- 12.1. The EBARA ensures that adopts the best and most current information security measures, safeguards and good digital compliance practices, as well as guarantees and contractual safeguards to provide the level of privacy and adequate security for their personal data, seeking to ensure that these Personal Data will receive treatment compatible with current and applicable legislation, with emphasis on the LGPD.
- 12.2. However, we emphasize that EBARA , despite all its efforts, is not able to ensure the absolute and total inviolability of the Treatment, so that it will not be liable for any damage caused by third parties or its employees, due to non-compliance with this Policy and contractual obligations assumed by said third parties with EBARA through their own instruments; as a result of conduct and actions of hackers, crackers or similar ones, provided that such conduct has not been possible due to proven negligence by EBARA in keeping its systems up to date, as well as actions or omissions that may be attributed exclusively to You or third parties .
13- POLICY UPDATE
This Policy may be changed or replaced at any time, whenever necessary and/or at EBARA's sole discretion , without the need for prior notification to You, EBARA undertaking to keep its entire content always updated and available for access through our website ( https://www.ebara.com.br/politica-de-privacidade ), being the Treatment of your Personal Data always linked to the current version of this Policy.
14- GENERAL PROVISIONS
If one or more provisions contained in this Policy are found to be invalid, illegal or unenforceable in any respect, the validity, legality or enforceability of the other provisions contained in this Policy will in no way be affected and/or impaired by this fact. In this case, EBARA will provide for the replacement of the invalid, illegal or unenforceable provisions with valid provisions.
15- LEGISLATION AND JURISDICTION
- 15.1. This Policy will be governed by the legislation of the Federative Republic of Brazil.
- 15.2. For the solution of any questions or conflicts arising from this Policy, the Court of the District of Bauru, State of São Paulo, is elected, waiving any other, however privileged it may be.
IT Associate Director
DPO - Data Protection Officer
CARLOS HENRIQUE VIANNA JÚNIOR
JOÃO APARECIDO CORALI JUNIOR
Procurement Manager - EBAS VGS
VANESSA DE SOUZA FERNANDES FERRARI
Procurement Manager - EBAS BRU
THIAGO RODRIGUES MENDES
Human Resources manager
VINICIUS FERRACINI PICONI
Sales Associate Director - EBAS VGS
SAULO APARECIDO RUY CANO
Sales Manager - EBAS BRU
SANDRA REGINA MACEDO MAZETTO
PRISCILA ANDRADE PRAZERES
Internal Controls Manager
NELSON REGINATO DO CANTO JÚNIOR
Executive Vice President – COO
VASCO FERNANDO DE SOUZA CARDEIRA
Executive Vice President – CFO
ROBERTO MASSAHIRO SERIKAWA
Executive President - CEO
Approvals relating to the members listed above were collected via Approval Form No. 15276, electronically generated through the FA Control Module.