Utilização de Cookies

We use cookies to personalize content and ads, provide social media features and analyze our traffic.


Terms of Use

Terms of Use

General Policy On Privacy And Data Protection

  1. GOAL

the presentGeneral Privacy and Data Protection Policy(“Policy”) is intended toestablish, in a clear and transparent way, the processing of personal data of both users, customers, suppliers, third parties or other parties involved, committing to the privacy and security of information.

Personal information and data will be collected in the ways described in this Policy, in compliance with the rules of the General Data Protection Law (Federal Law 13.709/2018or “LGPD”), and other applicable rules of the Brazilian legal system.

 

  1. AMPLITUDE

The General Privacy and Data Protection Policy is applicable to everyone who, in any way, processes personal data on behalf of Comilbus Sa, whether as employees, business partners, suppliers, representatives, among others who have access to proprietary information, services, systems and resources.

 

  1. DEFINITIONS

For the purposes of this General Privacy and Data Protection Policy, the following concepts are understood with the following meanings:

  1. Data:All personal information, defined and collected in different means, such as computer systems, tablets or smartphones, or forms to be filled in physically or not, are called Data. This data can be in any media or format, electronic mail (e-mail) and computerized records, as well as paper files.
  2. The data is classified as follows:
  1. Personal data:Allows you to directly or indirectly identify a living individual, such as Name, CPF, RG, gender, date and place of birth, telephone, GPS location, photo, bank card, income, consumption habits, internet protocols (IP) among others. Personal Data, however, does not include a business telephone number, business address and business email;
  2. Sensitive data:Data about children and adolescents and those revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic, biometric and health or sexual life issues;
  3. Public data:All Personal Data about the holder, when he/she expresses consent to make them public;
  4. Anonymized data:This is information that has been de-characterized at some level so that its holder can no longer be identified.

 

  1. PRIVACY GUARANTEE

All natural persons who use an internal system or access/visit the website address of Comil Ônibus SA, or maintain legal business with it, may inform personal data, and this information is strictly necessary within the scope of the company's business, and will be protected under the terms of the LGPD and this General Privacy and Data Protection Policy.

 

  1. COLLECTED DATA

By providing the data and or allowing the respective collection through a paper form, or through any computerized system owned, public, or licensed for use, the employee, customer, supplier, partner or other is aware that they may be:

  1. Produced, reproduced, received, classified, used, accessed, transmitted, distributed, processed, archived, stored, eliminated, evaluated, modified, communicated, transferred, disseminated, and may also have extracted data, including personally identifiable information, in accordance with the applicable legal bases and for the designated purposes.

 

  1. USE OF DATA

The data collected may be used to:

  1. User identification and authentication;
  2. Contractual bond;
  3. Expansion and improvement of pages for users/clients;
  4. Creation of new services and products to be offered to users/clients;
  5. Advertising purposes;
  6. Disclosure of events;
  7. Loyalty programs;
  8. Carrying out a purchase satisfaction survey;
  9. Internal purposes, such as auditing, data analysis and research to improve Comil Bus SA's products, services and customer communications;
  10. Enrich the user experience on the Comil Bus SA website, managing your queries and requests;
  11. Enable the registration of new suppliers;
  12. Carry out the recruitment of candidates for job openings, if the user wants to work with us;
  13. Comply with obligations arising from the use of our services and features, including compliance with legal and regulatory provisions;
  14. Protect the user with regard to the prevention of fraud and associated risks, in addition to complying with legal obligations;
  15. Data to make projects.

 

  1. CONSENT

Consent is a free, informed and unequivocal manifestation. In line with General Data Protection Law No. 13709/2018, your data will only be collected, processed and stored with prior and express consent.

Consent will be obtained specifically for each purpose, evidencing Comil's commitment to transparency and good faith towards its employees, customers, suppliers, partners or others. At any time and at no cost, consent may be revoked, provided that they are not under legal penalty, or are essential to provide any type of activity carried out by Comil Ônibus SA, or are data that need to be kept for a stipulated period. by laws or higher bodies.

It is important to highlight that the revocation of consent for the processing of data may imply the impossibility of adequate performance of some functionality of the site/system that depends on the operation.

 

  1. HOLDER'S RIGHTS

The data subject, free of charge and at any time, may:

  1. Confirm the existence of data processing, in a simplified way or in a clear and complete format;
  2. Access your data, being able to request them in a readable copy in printed form or electronically, safe and reputable;
  3. Request the edition, correction or update of these;
  4. Request anonymization, blocking or deletion, when unnecessary, excessive or treated in breach of legislation;
  5. Request the portability of your data, through a registration data report;
  6. Obtain information about the sharing of your personal data;
  7. Revoke your consent.

To exercise the holder's rights, you must contact us via emaillgpd@comilonibus.com.brand describe your need.

To ensure your correct identification as the holder of the personal data object of the request, documents that can prove your identity may be requested.

 

  1. SHARING

Data sharing may occur when there is:

  1. Legal determination, application, requisition or court order, with competent judicial, administrative or governmental authorities;
  2. Corporate transactions, such as mergers, acquisitions and incorporations, automatically;
  3. Contractual and/or legal provision, duly authorized and within the limits and purposes of the business;
  4. Or partner companies.

The company is committed to adopting efficient cybersecurity and data protection standards, seeking to guarantee and comply with legal requirements.

By agreeing to this Privacy Policy, the holder agrees to this sharing, which will take place according to the purposes described in this instrument.

 

  1. PROTECTION

The data collected by Comil Ônibus SA will be stored and handled in a safe and complete environment. Comil Ônibus SA uses technical and administrative measures capable of protecting users' personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination, with the security standard usually adopted by the market for data protection. personal. It is the website user's free and spontaneous will to provide the requested information. All information collected from users travels securely, using a standard Internet encryption process. Likewise, the personal information of customers and visitors is restricted to those employees or other parties who need the data for the execution and performance of their duties.

To keep information secure, we have taken the following measures:

  1. Only authorized persons have access to the personal data provided on the Comil Bus SA website;
  2. Access to the collected data is only done after the commitment of confidentiality;
  3. In order to contain attacks and ensure information security, the company has implemented several protection measures. Currently, it has a replicated firewall in high availability (HA), with active security modules, to protect the network against threats;
  4. All workstations have endpoints to protect devices from malicious files. Users are created in Active Directory, where permissions are assigned according to their roles and industries, ensuring that they only have access to the information and resources necessary for their roles;
  5. Comil Ônibus SA adopts a monthly update policy, which covers computers, servers and other devices. In this way, systems and applications are kept up-to-date with the latest versions, including security patches. This practice helps protect against known and unknown vulnerabilities that can be exploited by attackers;
  6. Monitoring of key devices to detect intrusions in real time, along with intrusion prevention system (IPS), event logs and network traffic analysis ensure network security;
  7. Comil Ônibus SA has a Backup Datacenter performing data storage according to periodicity and criticality. These backups are regularly tested to ensure data integrity;
  8. In order to raise the awareness of new employees, the company promotes training on information security and good practices. Topics covered include the protection of confidential information, the safe use of passwords, among other aspects related to information security;
  9. Annually, Comil Ônibus SA undergoes audits conducted by an external company, with the objective of evaluating the security and integrity of the data in its environment. These audits are critical to ensuring that security measures are effective and in line with best practices;
  10. The company follows the legislation regarding data security.

We inform you that even so, data leakage may occur either through inefficiency of a third party system, cyber attacks by hackers, or also as a result of human error by users/customers, and in the event of any security incident, the company will inform those involved and the competent authorities , as provided by General Data Protection Law No. 13709/2018.

 

  1. STORAGE

The collected data and activity records will be stored in a safe and controlled environment for the time necessary to provide the service or for the purposes described, considering the rights of data subjects and controllers, for a minimum period that follows the table below :

Storage Term

Legal Basis

As long as the relationship lasts and there is no request for deletion or revocation of consent

Art. 9, item II of the General Law for the Protection of Personal Data

5 years after the end of the relationship

Arts. 12 and 34 of the Consumer Protection Code

3 years after the end of the relationship

Art. 206, § 3, item V of the Civil Code

6 months for Digital Identification Data

Art. 15 of the Civil Rights Framework for the Internet

 

The information necessary for compliance with legal, judicial and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be maintained.For auditing, security, fraud control and preservation of rights purposes, we may keep the registration history of your Data for a longer period in cases established by law or regulatory rule or for the preservation of rights.

In general, the data will be kept as long as the contractual relationship between the holder and Comil Ônibus SA lasts.

 

  1. AMENDMENT TO THIS PRIVACY POLICY

We reserve the right to modify this General Privacy and Data Protection Policy at any time, mainly depending on the adaptation to any changes made in the company or in the legislative field.

 

  1. RESPONSIBILITY

According to Law nº 13709/2018, articles 42 to 45, agents who work in data processing processes can be held responsible. The company undertakes to keep this General Privacy and Data Protection Policy updated, as there are legal changes and/or updates. The company is responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument.

 

  1. DISCLAIMER OF LIABILITY

The company is exempt from liability if the data leak is due to negligence, imprudence or malpractice of users in relation to their individual data. The user is responsible for the confidentiality of the access data.

In case of security incidents that may generate risk or relevant damage to users/customers, we will inform those involved and the competent authority about the incident and the appropriate measures will be taken, in accordance with current legislation. All information entered is the sole responsibility of the owner.

 

  1. DATA PROTECTION OFFICER

In case of any doubt regarding the provisions contained in this Privacy and Data Processing Policy, thecompany can be contacted throughin the ways below:

  1. Address: Alberto Parenti Street, 1382, Industrial District, Erechim/RS, CEP: 99711-134
  2. Email:lgpd@comilonibus.com.br

 

Policy Updated on 6/16/2023