Privacy Policy
it-l10n-ithemes-security-pro domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/fastpays/public_html/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/fastpays/public_html/wp-includes/functions.php on line 6114The purpose of this Policy for the Protection of Personal Data and Privacy of the Holder is to present to the internal environment, external environment, market, customers, suppliers, partners, government authorities, consumer protection entities, judicial bodies, shareholders and the general public , the principles, guidelines, rules and organizational commitment defined by FASTPAY for the Protection of Data and Personal Information, as well as organizing all the necessary points for the construction of a privacy program that guarantees compliance, meeting the provisions of the Law Federal Law No. 13.709/2018 (General Personal Data Protection Law or “LGPD”), amended by Federal Law No. 13.853/2019.
FASTPAY declares and undertakes to:
2.1. Ensure privacy and protection when processing personal data of customers, employees and partners, depending on the performance of their activities;
2.2. Adopt processes and guidelines that ensure comprehensive compliance with standards and good practices relating to privacy and protection of personal data;
2.3. Promote transparency about the way in which FASTPAY handles personal data;
2.4. Adopt protective measures in relation to the risk of a security incident involving personal data;
2.5. Ensuring that the processing of data will be carried out in a manner that respects the fundamental rights of freedom and privacy, under the terms of the law.
3.1. Data and personal information that are under the responsibility of FASTPAY.
3.2. FASTPAY is responsible for personal data:
a. Collected by FASTPAY or collected by product or service providers (Operators) contracted by FASTPAY;
b. Collected by customers and passed on to FASTPAY for the execution of services contracted by these customers with FASTPAY;
c. Treated by FASTPAY or handled by product or service providers (Operators) contracted by FASTPAY.
4.1 Legislation and Reference Norms for the preparation of this Policy.
a. Federal Law No. 13,709/2018 – General Law for the Protection of Personal Data, “LGPD”;
b. Federal Constitution;
c. Consumer Defense Code;
d. Civil Code;
e. Positive Registration Law;
f. Law on access to information;
g. Civil Rights Framework for the internet and sectoral regulations.
4.2 Storage of personal data
Personal data will be stored in a safe and controlled environment, and may be stored on FASTPAY’s own server located in Brazil.
4.3 Applicability
This Policy applies to FASTPAY, as well as to all employees who at any time may have contact with personal data processed or processed by or on behalf of FASTPAY, especially when:
Additional policies may be created in specific cases, particularly if required by law or regulation .
5.1 Principles of this Policy
All existing actions or future actions related to the Processing of Personal Data and the Subject of Personal Data must comply with the following principles:
a. Principle of good faith: All processing operations must be guided by good intentions, ethics, morals and good customs accepted by society;
b. Principle of purpose and adequacy: The processing of personal data must be limited to legitimate, specific, explicit and informed purposes to the holder, occurring in ways compatible with these purposes and cannot be collected for one purpose, and then used for another. The uses of the data must be compatible with the treatment and the purpose informed to the data subject;
c. Principle of Necessity: Limit the processing of personal data to the minimum necessary and exclusively for the achievement of its purpose;
d. Principle of free access and data quality: data subjects must be guaranteed easy and free consultation regarding the form and duration of the treatment and the completeness of their personal data, ensuring the accuracy, clarity, relevance and updating of the data;
e. Transparency: The holders will be guaranteed clear, accurate and easily accessible information about the execution of the treatment and the respective treatment agents, observing commercial and industrial secrets;
f. Information Security: FASTPAY has an Organizational Information Security Program that uses technical and administrative measures to protect personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination;
g. Principle of non-discrimination: The processing of data for illicit or abusive discriminatory purposes is prohibited;
h. Accountability principle: Personal data will be retained exclusively for the time necessary for FASTPAY to comply with legal regulations and guarantee its protection as an organization.
5.2 Respect for the Subject of Personal Data
FASTPAY respects the Natural Person Holder of Personal Data and undertakes to perform all necessary controls, considering the reasonableness of the existing technology, to protect the Personal Data under its responsibility and enable the Privacy of the Holder of Personal Data.
a. The Holders, without prejudice to other rights granted by this Policy or by current legislation, have the right to:
b. Consult your personal data that are under the responsibility of FASTPAY;
Request the correction of your personal data that is incomplete, inaccurate or out of date;
c. Oppose the processing of any specific personal data;
Revoke consent to the processing of your personal data at any time;
d. Be informed about the public and private entities with which FASTPAY shares your personal data;
e. Request portability of your data to another organization. In cases where the Holder opposes the processing of any specific personal data or revokes the consent for the processing of his/her personal data, FASTPAY is responsible for informing the Holder of the possible consequences, such as the impossibility of providing the services.
5 .3. Processing of Personal Data.
a. FASTPAY treats personal data exclusively for the specific purpose of its professional relationship with the Holder and performs the minimum collection of data to meet this purpose;
b. FASTPAY shares personal data with other organizations, public administration and judicial bodies , exclusively for the operational management of the relationship with the Personal Data Holder and exclusively passes on the minimum data necessary for this activity;
c. All processing carried out on personal data may be known to the Data Subject, if he wishes to know. Respecting FASTPAY’s secrecy and business intelligence;
d. If it is necessary to transfer data to other countries to perform services or other treatments, always limited to the existing purpose, it will only be carried out with countries that have personal data protection legislation and with organizations that have management for the protection of personal data;
e. All processing of personal data carried out by FASTPAY is supported by at least one Legal Basis for the Processing of Personal Data, defined in the General Law for the Protection of Personal Data;
f. FASTPAY has defined the responsibilities of its collaborating professionals in relation to the processing of personal data and carries out continuous training on the protection of personal data;
g. FASTPAY implements new procedures and continuous technological improvements to protect all personal data processed under FASTPAY’s responsibility.
5.4. Communication of the Data Subject with FASTPAY
The Holder of Personal Data may contact FASTPAY using the contact provided on the FASTPAY website ( www.fastpays.com.br ), on the Contacts and Contact Us page. In this case you must put in the subject: Personal Data. Or send an email to compliance@fastpays.com.br .
For the FASTPAY privacy program to prove effective and produce positive results, it is important that the pillars and procedures described below are constantly observed during the processing of personal data.
6.1 MANAGEMENT AND GOVERNANCE :
This policy applies to all work situations in the processing of personal data, and it is extremely important that all points listed in this policy are observed and complied with in the operation of your daily activities.
Aiming at the adherence and effectiveness of the Privacy Program, FASTPAY must adopt the following points for ordering and operation of its governance structure in privacy and data protection:
6.2 PERSONS RESPONSIBLE FOR THE PRIVACY PROGRAM
The management and application of the privacy program shall be carried out by the responsible persons below. To facilitate control of content, publication dates and deadlines for review, privacy-related governance documents (including this policy) must be centrally controlled and managed by the Privacy Committee and the Data Protection Officer.
6.3 PRIVACY COMMITTEE
The members of the Privacy Committee must meet quarterly, or whenever necessary, to properly monitor FASTPAY’s privacy program .
Its composition must be composed of members from key areas of FASTPAY, capable of deliberating and deciding on matters related to privacy and data protection, including representatives of Compliance, Information Security and Data Governance, and other business areas may be called upon to the deliberation of matters inherent to the preservation and protection of personal data.
The committee’s mission is to ensure the communication of the privacy program, to monitor compliance with the rules and procedures inherent to the integrity process of data processing, in addition to discussing and making decisions about new processing activities.
The Privacy Committee should always be involved in making decisions regarding processing activities that involve risks assessed as high. If the risk is considered too high, the decision must be escalated to the Executive Board.
6.4 DATA PROTECTION OFFICER
The Data Protection Officer must enjoy a reasonable degree of independence from the rest of the administration, in order to ensure the rights of data subjects whose personal data are processed by FASTPAY.
a. The main actions of the data protection officer consist of:
b. Manage the data privacy program;
c. Annually develop and review rules and procedures inherent to the entire personal data processing process;
d. Supervise compliance with the rules and policies inherent to the entire process of processing personal data;
e. Accept complaints and communications from holders, provide clarifications and adopt measures;
f. Receive communications from the national authority and take action;
g. Guide the entity’s employees and contractors regarding the practices to be taken in relation to the protection of personal data;
h. Perform other duties determined by the controller or established in supplementary rules;
i. Prepare the Personal Data Protection Impact Reports, with calculation and review of the risks of the activities indicated therein.
Privacy Guardians are employees appointed to be the focal point allocated in the FASTPAY business areas to facilitate communication with the Person in Charge with the respective areas:
a. Support the person in charge in the proper mapping of the data processing cycle;
b. Support the dissemination of the privacy culture related to their respective areas;
c. Support to the data manager in the control and monitoring of the processes established for the proper governance and protection of personal data.
All FASTPAY members will receive periodic training on the prevention of information security incidents , general concepts in data privacy, including this data protection policy.
Access and manipulation of the information collected is restricted to employees and third parties to make the business viable and if they misuse this information, violating our commitment to the treatment of personal data and protection of the privacy of individuals, they will be subject to the appropriate disciplinary and legal measures, as advocated in our Code of Professional Conduct.
© Copyright - 2019 - Todos os direitos reservados