Privacy Policy

1. Introduction


This Privacy Policy, herein referred to as “Policy”, aims to explain what personal data Agidesk may collect from its customers, as well as specify the purposes of this collection, when and with whom they may be shared and how the company deals with the information collected, created, entered, sent, published, transmitted, stored or displayed by your customers, operators and contacts/end users.

In the event of changes to this Policy, we will use reasonable efforts to notify our customers. This notification can be made by email, or through our website, or directly through the Agidesk application. However, we strongly suggest that all our customers periodically access this Policy available on our website.

Periodic or continued use of our Services or Sites signifies your agreement to be subject to changes in this Policy.

If you do not agree, you may discontinue using the Service and Agidesk Sites.

This Policy explains the what, how and why of the personal information we collect when you visit our Sites or use our Services.

Personal information collected and used by Agidesk is limited to the purpose for which subscribers interact with any member of Agidesk and other purposes explicitly described in this Policy.

2. Coverage


This Policy applies to all Agidesk employees, regardless of their position, to members, to any suppliers or service providers and to Agidesk resellers.

This privacy policy covers data processing carried out pursuant to license agreements for use and technical support for our solutions and for the use of our websites.

3. Glossary of terms that will be used


In order to better understand the terms that will be used in this Policy, we have listed below some of the main terms used and their meaning when applied in this document that are in line with those used in the personal data protection legislation:

Personal data: information related to the identified or identifiable natural person;

Sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, affiliation to a union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person;

Holder: natural person to whom the personal data that are the object of processing refer;

Controller: natural or legal person, under public or private law, who is responsible for decisions regarding the processing of personal data;

Operator: natural or legal person, under public or private law, who processes personal data on behalf of the controller;

Data Supervisor - DPO: person appointed by the controller to act as a communication channel between the controller, the data subjects and the National Data Protection Authority;

Treatment agents: the controller and the operator;

Treatment: any operation performed with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication , transfer, diffusion or extraction;

Anonymization: use of reasonable technical means available at the time of processing, whereby data loses the possibility of association, directly or indirectly, with an individual;

Minimization: limitation of the processing to the minimum necessary for the accomplishment of its purposes, with the scope of pertinent data, proportional and not excessive in relation to the purposes of the data processing;

Consent: free, informed and unequivocal expression by which the holder agrees with the processing of his/her personal data for a specific purpose;

Sharing: communication, dissemination, international transfer, interconnection of personal data or shared treatment of personal data banks by public bodies and entities in compliance with their legal powers, or between these and private entities, reciprocally, with specific authorization, for one or more treatment modalities allowed by these public entities, or between private entities;

National authority (ANPD in Brazil): bodies responsible for overseeing, implementing and supervising compliance with data protection legislation in their countries, in accordance with their local competences.

4. Principles


This privacy policy will follow the principles established in the LGPD for the proper treatment and protection of personal data:

Purpose: The purposes of the processing of personal data must be clear, legitimate and, therefore, specific, non-directed processing being prohibited;

Adequacy: The treatment must be adequate to the needs informed to the holders;

Need: Linked to the principles of purpose and adequacy, this principle guides us so that only personal data strictly necessary to achieve the intended purpose are processed;

Free access: Those who process personal data must always promote easy access to these to their holders, including speed and transparency in the availability of information;

Data quality: It is an obligation of those who carry out the processing to ensure that personal data are relevant, accurate, clear and therefore up-to-date;

Transparency: Safeguarding commercial and industrial secrets, the holder must have access to clear, precise information that respects free access to their personal data;

Security: Technical and organizational measures must be used not only preventively, but at all times in the processing chain of personal data, thus avoiding unauthorized treatment, regardless of the reason;

Prevention: The processing of personal data must always observe the prior adoption of measures that seek to prevent the occurrence of leaks and other occurrences that may harm the owner or third party;

Non-discrimination: The treatment can never be used for the purpose of promoting unlawful discriminatory or even abusive acts;

Accountability and accountability: The party processing personal data must be able to demonstrate the adoption of effective measures and evidence of compliance and compliance with data protection rules.

5. Personal information that you give us or that we collect


Agidesk, according to the mapping of personal data carried out, handles in its environments, as controller and/or data operator, the following types of personal data:

As a data controller

• Customer Contact Data - We store the name, telephone and e-mail of individuals who are our contacts, with our customers, to allow us to maintain contact with them, in order to carry out commercial, technical support and marketing transactions.

• Customer employee data - Name, telephone and e-mail informed when opening calls, to enable technical support assistance.

• Supplier Data - We handle data from suppliers who are individuals, or from contact persons with our corporate suppliers, such as: name, telephone, e-mail and bank details, for the purposes of commercial negotiations and making payments.

• Lead Data - We receive and store data from leads (possible customers), such as name, email, phone, title and name of the company they represent. We transcribe this information into our CRM system. Our purpose is commercial prospecting for new customers.

• Job Applicant Data - We receive and store data contained in the résumés of job applicants at Agidesk, through our talent bank, for evaluation and interviewing purposes.

As a data operator

• Agidesk Platform User Registration - Name, CPF, email, address, telephone, hierarchy and password, which are used to operationalize the use of the Agidesk Platform.

• Some Agidesk Contracting companies may collect from their customers, who will be registered on the Agidesk platform, the Date of Birth and Gender (gender), whose purpose will be determined by the Agidesk Contractor. These data may be removed from the registration, if their collection is not the purpose of the provision of services made by the Contractor of the platform with its customers.

• Backup of customer database - All personal data mentioned above, for security reasons, in order to guarantee data availability.

• Tickets - In addition to the above data, due to the functionality existing in the Agidesk Platform that allows documents and/or images to be attached to tickets, it is possible for unstructured personal data to occur, contained in such documents, such as PDF, DOC files, spreadsheets, emails, images and others, the content of which we cannot predict. The purpose is the operationalization of the tool itself, and will depend on the use applied by each Contractor. Agidesk cannot predict or prevent the collection of this data.

• Agents/operators, supervisors and administrators users - Name, email, address, telephone, hierarchy, password and department, to enable the maintenance of the Agidesk Platform settings by the employee(s) indicated by the client.

Single Sign-On

You can access Agidesk using login services such as Facebook Connect, Google Connect or an Open ID provider. These services will authenticate your identity and give you the option to share certain personal information with us, such as your name and email address to pre-populate our registration form. Services like these may give you the option of posting information about your Agidesk activities on your profile page to share with people in your network.

Choices

• If you do not wish to receive advertising communications from Agidesk, please contact us at dpo@atendimento.agidesk.com or follow the unsubscribe instructions included in each advertising email.

Personal information of minors

• Agidesk does not knowingly collect personal information from children under 13 years of age. If you are under 13 years of age, please do not submit personal information. We encourage parents and legal guardians to monitor children's internet usage and help comply with our Policy by instructing their children never to provide personal information without their permission. If you have reason to believe that children under the age of 13 are submitting personal information to us through our Services, please contact us and we will use commercially reasonable efforts to delete this information. Subscribers are responsible for establishing policies and complying with applicable laws for the collection of personal information related to the use of our Services.

6. Legal bases


Agidesk undertakes to only carry out the processing of personal data based on any of the legal bases provided for in the legislation for the protection of personal data.

Currently, we have the following legal bases for the storage and use of personal data:

• Legislation or regulatory standards (Art.7, II and VI);

• Execution of contracts or preliminary procedures (Art. 7, V);

• Legitimate interest (Art. 7, IX).

7. Use and Sharing of Personal Data


The sharing of personal data must be carried out with caution and observing the necessary technical and procedural measures to ensure adequate security in such operations.

Agidesk shares personal data regarding its customers and suppliers with the following companies:

Dondoni Accounting: Data from individual suppliers, forwarded for accounting and compliance with tax and accessory obligations.

Omiexperience SA: Company that provides financial ERP Software and CRM System. We share information from Agidesk Contractors or suppliers such as name, e-mail and telephone number, position and company they work for, in order to carry out the financial control of Accounts Payable and Receivable. In the CRM module, we register lead data, such as name, email, telephone, position, and company they work for, in order to carry out commercial prospecting of our products and services.

Banks: Data required to make payments to individual suppliers.

Amazon Web Services, Inc: Company that provides the entire service infrastructure of the Agidesk Platform, where the platform's client and hosting databases are stored.

Google Workspace: E-mail solutions provider, conference call, and business communication applications. We share contact information such as name, email, telephone, title and company, by registering contacts in our email accounts. We also carry out recorded training meetings and workshops, for the purpose of passing on knowledge during the Software implementation process, these recordings are communicated to the participants and will be shared with those present at the events.

JivoChat: Platform providing Chat, WhatsApp, Telephony and Social Networks. The data that can be stored in this solution are: name, e-mail, telephone and company name, whose purpose is commercial service or technical support for the Agidesk platform.

AdOpt: Company that provides Cookie Manager for the website, we do not store sensitive data, we only collect consent to the use of Cookies.

Other Shares

We may share information, including personal information, with our third-party service providers (such as credit card providers, hosting providers, Service Data subprocessors and technology partners) to provide the necessary hardware, software, networks, storage and other services that we use to operate our Services and maintain a high quality user experience. We do not allow our service providers to use the personal information shared by us for their own advertising purposes or for any other purpose unrelated to the services they provide to us.

Therefore, in order to properly provide our Services, in addition to the companies mentioned above, Agidesk may share the collected personal information (such as: name, email, telephone, company, position...) with other suppliers, always that is essential to perform or improve the provision of its services, and when this occurs, it will maintain the same level of security and compliance already adopted with other suppliers.

8. Rights of the Personal Data Subject


Every owner of personal data processed by Agidesk has the following rights, provided for by law and fully respected by our company, as data controller. In cases where we are only Data Operators, the holder must direct his request directly to the Contractor of the Platform, who will provide assistance to the Holder whose data is Controlling through the use of the Agidesk Platform:

• Have confirmed the existence of processing of data owned by them;

• Access to your personal data;

• Correction of incomplete, inaccurate or outdated data;

• Minimization of data, blocking or deleting unnecessary or non-lawful data. Due to the nature of our provision of services, we do not work with Data Anonymization, as the data collected is essential for the provision of the contracted service, without which it will not be possible to carry out the aforementioned provision of services. What we strive to do is Data Minimization, that is, we always collect only what is necessary to perform the services or improve their provision.

• Data portability;

• Revocation of consent, upon express request and consequent deletion of the data processed through the consent of the holder;

• Obtain information about data sharing;

• Complain about your data against the controller, before the national data protection authority.

9. Personal Data Protection


Agidesk always seeks to adopt adequate technical and administrative measures to preserve the security of data, in order to prevent its loss, alteration, unauthorized access, disclosure or misuse, considering the current conditions of the technology and the risks to which the data data is exposed.

Our suppliers undergo a prior qualitative analysis process and we demand from them the same degree of compliance with the data protection legislation adopted by our company.

However, no transmission over the Internet, e-mail or any other electronic means is completely protected or error-free. Therefore, please choose carefully what information you submit to us through these means.

10. Contact us


If it is necessary to make any contact with Agidesk, related to your personal data, in compliance with the legislation, we maintain a specific professional for this purpose, responsible for maintaining our Privacy Program, who will be able to answer your questions, in time skillful.

This is our Data Protection Officer:

Veridiana Cavalheiro

Email: dpo@atendimento.agidesk.com

Phone: +55 (51) 98905 8080

Personal information collected, stored, used and/or processed by Agidesk, as described in this Policy, is collected, stored, used and/or processed in accordance with Law No. 12,965/2014 of Brazil. By using our services, you explicitly consent to our collection, use, storage and processing of your personal information as described in this document.

11. Policy Update


This privacy policy will be periodically revised and updated, or whenever necessary, in order to comply with personal data protection legislation, regulatory standards or technical or administrative changes that justify its maintenance.