Skip to main content
0

ESPRESSO EXPLORER is aware of the importance and necessity to adapt its data processing operations to Law No. 13.709/18 – General Data Protection Law – GDPL and other related regulations. It disseminates this policy to demonstrate its commitment to the privacy of personal data of those who interact on its platforms, applications, websites, or any other digital or physical means of communication.

PURPOSE

The Privacy and Data Protection Policy aims to establish rules and procedures for the collection, processing, and storage of information and/or personal data obtained in the course of its business activities, specifically those collected on the website, applications, and other interactive systems available on the Internet and used by the company. The terms and provisions outlined in this Policy align with the LGPD and other national and international data protection regulations.

RECIPIENTS

This policy applies to (a) employees; (b) all third parties, whether individuals or legal entities, who act for or on behalf of the company in operations involving the processing of personal data; (c) external personal data processing agents who in any way relate to the company; and (d) data subjects whose personal data is processed by the company.

OBJECTIVES

The objectives of this Privacy and Data Protection Policy of ESPRESSO EXPLORER are:

    • Establish the company’s guidelines and responsibilities, ensuring and reinforcing its commitment to complying with applicable personal data protection laws;
    • Describe the rules to be followed in conducting personal data processing activities and operations carried out by the company and the Recipients of this Policy, ensuring its compliance with the LGPD and applicable legislation on the subject.

The Policy should always be analyzed in conjunction with the obligations set forth in the following documents:

    • Employment contracts of the company’s employees and other related documents;
    • Policies and procedures for information security, as well as terms of use addressing confidentiality, integrity, and availability of the company’s information;
    • All internal rules regarding personal data protection that may be drafted or updated;
    • All contracts related to the company, involving personal data or confidential information.

PRIVACY AND PERSONAL DATA PROTECTION PRINCIPLES

ESPRESSO EXPLORER will comply with the following privacy and personal data protection principles concerning data processing:

    • Purpose: process personal data only for legitimate and specific purposes informed to the data subject, without any possibility of further processing that does not respect the purpose;
    • Adequacy: process personal data in a manner compatible with the purposes informed to the data subject and according to the context of the processing;
    • Necessity: ensure data processing within the minimum necessary to achieve its purposes, covering relevant, proportional, and not excessive data for its purpose;
    • Free Access: guarantee data subjects facilitated and free access to information about how their data is used and processed, as well as the completeness of the data provided;
    • Data Quality: ensure data subjects the accuracy, clarity, and updating of data, according to the need and fulfillment of the purpose;
    • Transparency: provide data subjects with clear and easily accessible information about data processing and the respective data processing agents, observing industrial and commercial secrets;
    • Security: utilize technical and administrative measures to protect personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication, or publication;
    • Prevention: adopt measures to prevent damage due to personal data processing;
    • Non-Discrimination: ensure the impossibility of data processing for unlawful or abusive discriminatory purposes;
    • Accountability and Responsibility: commit to demonstrating the adoption of effective measures to prove compliance and respect for personal data protection regulations.

LEGAL BASES FOR PERSONAL DATA PROCESSING

The personal data processing operations by ESPRESSO EXPLORER respect the legal bases that legitimize their realization, with the respective purposes and designation of the data processing controllers.

ESPRESSO EXPLORER commits to periodically evaluating the purposes of its processing operations, considering the context in which they are inserted, the risks and benefits that may arise for data subjects, and the legitimate interest of the company.

The company’s personal data processing operations may be carried out in the following situations:

    • With the data subject’s consent;
    • For compliance with a legal or regulatory obligation;
    • For conducting studies by official research bodies;
    • When necessary in the formation of contracts or related procedures in which the data subject is a party;
    • For the regular exercise of rights in judicial, administrative, or arbitration processes;
    • For the protection of the data subject’s life;
    • For credit protection.

ESPRESSO EXPLORER will record its data processing operations, indicating the purpose of each to compose the periodic evaluation procedure for LGPD compliance and related regulations.

The data processing operation records can be consulted by data subjects as well as by competent public authorities, safeguarding the rights of data subjects.

Sensitive personal data processing, which poses higher risks to its subjects, will be treated with special care by the company, as per Article 5, II of the LGPD.

Sensitive personal data processing operations may be carried out in the following situations:

    • When the data subject or their legal representative specifically consents, clearly highlighting its purpose;
    • Without the data subject’s consent when necessary for compliance with a legal or regulatory obligation; for conducting internal research; for the regular exercise of rights in contracts and judicial, administrative, and arbitration processes; for the protection of the data subject’s life; for fraud prevention and security of the data subject; and for identification and authentication processes in electronic systems.

RELATIONSHIP WITH THIRD PARTIES

The LGPD establishes that all agents in the data processing chain are jointly liable for any patrimonial, moral, individual, or collective damages resulting from violations of the legislation and may be held accountable for any damages caused.

In this regard, given the possibility of the company’s liability for third-party acts, ESPRESSO EXPLORER will make every effort to ensure that third parties comply with data protection laws, always reviewing and subjecting contracts to the adequacy of legislation.

INTERNATIONAL DATA TRANSFERS

In cases where ESPRESSO EXPLORER is authorized to process personal data independently of the data subject’s consent, it may transfer personal data to other countries, provided that:

    • The country is classified at an adequate level by the ANPD (National Data Protection Authority), or the data transfer is authorized by it;
    • While the ANPD’s list of adequately classified countries is not available, the country is classified by the European Commission as having an adequate level according to international LGPD criteria;
    • Explicit and highlighted consent is obtained from data subjects, duly informed about the purpose clearly and explicitly.

ESPRESSO EXPLORER commits to informing data subjects about the occurrence of international personal data transfers, specifying the provided data set, the purpose of the transfer, and its destination.

CONTACT:

If you have any questions or concerns about our Privacy Policy or how we handle your personal data, please contact us through the following means:

[email protected] or phone number +55 (11) 3136-0583.

GENERAL PROVISIONS:

ESPRESSO EXPLORER reserves the right to alter the content of this Policy at any time, as needed, such as for compliance with legal requirements or regulations with equivalent legal force, and will disclose changes through the contact channels provided at the time of negotiation or service contracting.