The purpose of this Policy of Personal Data Protection and Data Subject Privacy is to present to the internal and external environment, market, customers, suppliers, partners, government authorities, consumer protection entities, judiciary bodies, shareholders, and the general public the principles, guidelines, rules and the organizational commitment of FASTPAY regarding Data and Personal Information Protection in order to meet the applicable legislation and regulations targeted at preserving the Data Subject Privacy.
FASTPAY declares its commitment and undertakes to:
2.1. Supervise the privacy and protection of personal data of its customers, collaborators, and partners in the performance of its activities;
2.2. Adopt guidelines ensuring the broad fulfillment of rules and good practices related to privacy and personal data protection;
2.3. Promote transparency on the manner FASTPAY treats personal data;
2.4. Adopt protection measures related to the risk of security incidents involving personal data;
3.1. Data and personal information under the responsibility of FASTPAY;
3.2. FASTPAY is responsible for personal data:
a) Collected by FASTPAY or collected by service or product providers (Operators) hired by FASTPAY;
b) Collected by customers and passed on to FASTPAY for the performance of services hired by such customers with FASTPAY;
c) Treated by FASTPAY or treated by service or product providers (Operators) hired by FASTPAY;
3.3. The Compliance with Brazil’s General Data Protection Act (Act 13.709/2018), as well as with all the Brazilian legislation addressing personal data protection, such as, without limitation: the Federal Constitution, the Consumer Protection Code, the Civil Code, the Civil Rights Framework for the Internet in Brazil, and sector regulations.
4.1. Principles of this Policy
All existing and future actions related to the Treatment of Personal Data and to Data Subjects must follow the principles below:
a. Purpose. To treat such data for lawful and specific purposes which are transparent to the Data Subject;
b. Need. To limit the treatment of personal data to the minimum necessary and exclusively to comply with its purpose;
c. Data Subjects’ Rights. Data Subject, without prejudice to other rights granted by this Policy or by the current legislation, have the right to: (i) consult their personal data that are under the responsibility of FASTPAY; (ii) request the correction of your personal data that is incomplete, inaccurate or out of date; (iii) oppose the treatment of any specific personal data; (iv) withdraw consent for the processing of your personal data at any time; (v) be informed about the public and private entities with which FASTPAY shares its personal data; and (vi) request the portability of your data to another organization. In the event that the Data Subject opposes the treatment of any specific personal data or withdraws consent for the treatment of his personal data, FASTPAY is responsible for informing the Data Subject regarding the possible consequences, such as the impossibility of providing the services.
d. Information Security. FASTPAY has an Organizational Program for Information Security that defines, implements, and manages controls targeted at protecting personal data and information;
e. Non-discrimination. FASTPAY does not treat personal data for unlawful or abusive discriminatory purposes;
f. Transparency. FASTPAY is transparent in regard to the personal data treatment procedures;
g. Data Retention. Personal data should be retained only for the time required for FASTPAY to meet the applicable legal regulations and ensure its protection as an organization.
4.2. Respect for the Data Subject
FASTPAY respects Individual Data Subjects and undertakes to perform all required controls, considering the reasonableness of the existing technology, to protect Personal Data under its responsibility and to ensure the Data Subject Privacy.
4.3. Personal Data Treatment
a. FASTPAY treats personal data exclusively for the specific purpose of its professional relationship with the Data Subject, collecting as few data as possible to meet this purpose;
b. FASTPAY shares personal data with other organizations, with the public administration, and with judiciary bodies exclusively for the operational management of the relationship established with the Data Subject, passing on only as few data as possible as required by this activity;
c. Should the Data Subject wish to know it, the entire personal data treatment performed by FASTPAY can be made available to the Data Subject observing the confidentiality and the business intelligence of FASTPAY;
d. Should the service performance or other treatments require the transfer of data to other countries, always limited to the established purpose, such data will only be transferred to countries that have a personal data protection legislation and to organizations that have an established policy to manage the personal data protection;
e. The treatment of personal data performed by FASTPAY is based on at least one Legal Basis for the Treatment of Personal Data as defined by Brazil’s General Data Protection Act;
f. FASTPAY has defined the responsibilities of its professionals and collaborators in relation to the treatment of personal data and offers ongoing training on personal data protection;
g. FASTPAY achieves new procedures and ongoing technological improvements to protect all personal data treated under the responsibility of FASTPAY.
4.4. Communication between Data Subjects and FASTPAY
a. Data Subjects can get in contact with FASTPAY using the channel available on the website of FASTPAY (www.fastpays.com.br), in the section Contacts and Contact us. In such a case, the following subject should be indicated: Personal Data Alternatively, send an email to firstname.lastname@example.org.
5. – REVIEWS
This Policy will be reviewed annually or whenever there is any change that affects it.
© Copyright - 2019 - All rights reserved