1. Objective
This document presents the Privacy Policy for data processed by Blockbit Tecnologia Ltda, in compliance with Federal Law No. 13,709/2018 (General Personal Data Protection Law – LGPD).
2. About Blockbit’s Data Collection
This term of agreement aims to clarify how Blockbit uses the personal data collected and stored. To offer its solutions and content, Blockbit collects various data and information, aiming, above all, to provide an increasingly better experience for its users and channels. We have a great responsibility and are committed to ensuring privacy.
Acceptance of our Policy is carried out by lawful means and via consent. In order to use our solutions, even if free of charge, acceptance of this Policy is required, whether using or installing any Blockbit technology – hardware, software, firmware, updates or any solution provided by Blockbit. Acceptance indicates knowledge and full agreement with how personal information and data are used. If you do not agree to this Policy, please do not continue any procedure and do not use the remedies provided.
Whenever you use or install any Blockbit technology – hardware, software, firmware, updates – it will be understood as voluntary acceptance of the terms of this Policy.
In addition, any individual who contacts us, visits any of our websites, portals, or other resources in our ecosystem, applies for a job opening, and/or voluntarily enters information into one of our online forms, will also agree to the terms of this Policy.
Blockbit prioritizes security and transparency, so we have made this Privacy Policy available, which contains relevant information on how Blockbit processes personal data and for what purposes. In this policy you will learn more about:
– Who uses our websites, portals and hardware/software/firmware/ – updates;
– What data we collect and what we do with it;
– Rights of the Data Subject; and
– How to contact Blockbit.
3. Who uses our websites, portals and hardware/software/firmware/updates
3.1 Websites
Our websites are public for access by any individual, but it is advisable to be accessed only by people over 16 years of age, and when used by minors, it will only be possible to collect data with the consent of at least one of their parents or guardians.
3.2 Portals
Our portals can only be accessed by Blockbit contributors, authorized channels, and/or customers, upon signing legal agreements. The logins and passwords provided for these accesses are individual and non-transferable, precisely so that Blockbit has control of the permissions according to the level of each user and the records of all actions carried out in these systems. These users are over 18 years old.
3.3 Software/ Hardware/ Firmware and Updates
Blockbit’s solutions are accessed by end users who have purchased our solution and they may grant access to a Blockbit contributor or contributor to a channel authorized by Blockbit, for support, deployment, configuration, analysis, or any other reason, provided that it is formally and legally consented to by the organization and/or a legal representative who purchased one of our products.
4. What data we collect and what we do with it
Blockbit uses appropriate technologies and procedures to protect all personal data. Our information security policies and procedures are closely aligned with accepted standards and are regularly reviewed and updated as necessary to meet our business needs, changes in technology and/or regulatory requirements. Any data captured by Blockbit products is used for analytical purposes only and restricted to groups that need to know that information in order to process it, as well as being subject to strict contractual confidentiality obligations. Whenever personal data is collected directly by cloud providers, or third-party services to which we may be subscribers, Blockbit is disclaimed from any responsibility for the security, storage, and/or privacy of any information collected.
4.1 Blockbit as Data Controller
Blockbit may ask you to share information such as, but not limited to: your name, company address, phone number, mobile number, or email address. Eventually, the request for some information can be made through Blockbit’s direct contact with users via email or phone. Whenever such data is processed for the benefit of our own business, Blockbit is considered a Data Controller.
As a controller, Blockbit may use data as follows:
– To provide products, services and other offerings of our business;
– To promote events, training and certifications;
– To launch and optimize websites and manage web communities;
– For marketing, advertising and communication purposes;
– For human resources and recruitment purposes;
– For sales and customer service purposes;
– To promote relationships with customers, partners, suppliers, leads, etc.;
– To conduct market research;
– To comply with rules described in the law and market norms; and/or
– To ensure business continuity.
In addition, we may automatically collect information from any of our products for evaluation and optimization purposes. This may include, but is not limited to: IP address, device type, operating system details, unique device identification numbers, browser type, language, time zone, operating system, geographic location, or other technical information.
Some data may be collected through Cookies on our websites. Our software, on the other hand, does not use cookies. For a better understanding, see the cookie statement.
Only Blockbit employees will be able to see the personal information stored in our systems, and among these, only people with the proper authorizations. No personal data may be disclosed publicly. All data collected is confidential and any use of this information will be in accordance with this Policy. Blockbit makes every effort to ensure the security of our systems.
4.2 Blockbit as a Data Operator
In certain cases, where disclosure is legally permitted or granted by the Rightholder, Blockbit may process data on behalf of our partners and customers. In such cases, Blockbit is considered the Data Operator.
As an Operator, Blockbit may use data in the following manner:
– To provide products and services, technical support, deployment, maintenance, upgrades, and evaluation;
– For sales and/or customer service purposes;
– To comply with rules described in the law and market norms; and/or
– To evaluate credit decisions.
4.3 Use of personal data
Blockbit undertakes not to transfer or disclose your personal data, except in the cases indicated below:
– With Blockbit’s internal teams, only for commercial purposes, whenever the processing of information is necessary to provide a quality service;
– With suppliers, service providers, auditing agencies, etc., whenever the processing of information is necessary to provide a quality service;
– With Blockbit’s shareholders;
– With authorized Blockbit channels, to process orders and manage sales, subscriptions, support, etc.;
– With government agencies, always by official request, as a matter of applicable regulation and approved by law; and/or
– With a court, to defend our legal rights, or to limit damages in litigation.
– For any necessary cases mentioned or other adverse situations, there will always be legal consent from the Owner.
We may use services from companies and third parties to:
– Provide the product on behalf of Blockbit;
– Perform services related to Blockbit’s solutions; or
– To help us analyze how the Blockbit solution is used.
– These third parties may have access to personal information. The reason is to perform the tasks assigned to them on our behalf. However, -Blockbit is legally secured so that third parties cannot disclose or use the information for any other purpose.
4.4 Retention and deletion of personal data
Blockbit may retain your information for as long as necessary for the purposes described in this Privacy Policy and to comply with applicable regulatory requirements, provided that we have legitimate business purposes and are permitted by law.
Once the storage periods of personal data have expired, they are removed from our databases or anonymized, except in cases where storage is possible or necessary due to legal or regulatory provisions.
4.5 Sensitive data
No sensitive data will be collected from any user on our website, portals and/or systems, understood as those defined in articles 11 et seq. of the General Data Protection Law. In other words, Blockbit will not collect any sensitive data related to racial or ethnic origin, religious conviction, political opinion, membership in a trade union or organization of a religious, philosophical or political nature, data regarding health or sex life, genetic or biometric data, when linked to a natural person.
4.6 Legal Bases
4.6.1 Consent
Consent is defined as a clear and unambiguous statement of will. This is the case where the person agrees to the use of their data for the purposes proposed by Blockbit. A practical example of the legal basis of consent, in the context of Digital Marketing, is the checkbox (opt-in) in our form fields, to request authorization to send communications. Here are some of the requirements:
Consent is free: the person cannot be forced to provide consent. It’s a choice. If you are interested in consenting to the data to Blockbit, you can choose in one click whether or not to share the personal data for a certain purpose;
Consent is informed: the user must understand what they are consenting to. Blockbit makes sure that it will clearly explain exactly what the person is agreeing to;
Consent must be unambiguous: from the manifestation through a positive act of the individual. In other words, Blockbit will receive the personal data if there is an action by the user indicating their acceptance, either by sending an email, electronic signature, or even by clicking on a certain location. There will be no doubt as to whether consent has been given or not;
Consent needs to be provided for specific and determined purposes: Consent must be provided for a specific and determined purpose. It is part of the entire logic of the LGPD to specify the reason why personal data is used. Blockbit will not use the data for a purpose other than that for which the person has provided consent.
4.6.2 Legitimate Interest
For certain personal data processing operations, we rely solely on our legitimate interest. To find out in which cases, specifically, Blockbit avails itself of this legal basis, or for more information about the tests we carry out to make sure we can use the data, please contact our data protection officer or through the channels informed in this Privacy Policy, in the section “How to contact Blockbit”.
4.6.3 Contracts
In the case of the legal basis of contracts, personal data may be processed by Blockbit in two cases: the first is for the fulfillment of an obligation provided for in the contract, and the second when the data processing serves for the validation and entry into force of an agreement.
4.6.4 Other legal bases
In addition to those mentioned above, there are other types of legal bases that may justify the processing of personal data:
Legal Obligation: In this case, the processing of personal data is justified by the requirements of other laws. These are the scenarios where Blockbit needs to use or store personal data to comply with legal obligations;
Execution of Public Policies: when the processing of personal data is safeguarded by the public interest or by the need of an official authority exercising the role of controller of that data;
Studies by research bodies: personal data may be processed for the purposes of studies by officially accredited research bodies. In this case, whenever possible, the data must be anonymized by Blockbit, ensuring the privacy of the holders as much as possible;
Judicial Process: personal data may still be processed for the exercise of rights in lawsuits;
Protection of Life: it is possible to justify the processing of personal data when its use is of vital interest, whether of the data subject or of another person;
Health Protection: when health professionals, health services or health authorities need to process personal data;
Credit Protection: for credit approval, reducing the risks of the transaction, it is possible that personal data is consulted by evaluating the citizen’s payer profile.
5. Rights of the Data Subject
As defined in the LGPD, the holder of personal data has the following rights:
Confirmation of the existence of processing: to know whether or not your data is being processed by Blockbit, as the Controller;
Access to data: if the processing is confirmed, the data subject has the right to access them in a controlled manner, in order to prevent access to their data by others;
Correction of incomplete, inaccurate or outdated data: respecting the limitations required by law for historical maintenance, your data may be corrected. Depending on the treatment given to them, it may be necessary to provide documentation that proves the update, completeness or correction carried out by Blockbit;
Anonymization: transformation that prevents the identification of the data subject, when this is not necessary;
Limitation of processing: is the right of the data subject to limit the processing of their personal data, which can be obtained when they contest the accuracy of the data, when the processing is unlawful, when Blockbit no longer needs the data for the proposed purposes and when they have opposed the processing of the data;
Deletion of data that is unnecessary, excessive, or processed in non-compliance with the LGPD: is the right to delete data, except under the conditions provided for in the same Law;
Data portability: at the time of publication of this policy it was still pending regulation by the national authority;
Deletion of data or right to be forgotten: represents the right to have your data deleted from Blockbit’s systems, except under the conditions provided for in the same Law;
Information about sharing: to be informed about the sharing of your data and with which entities;
Non-consent: when consent is requested for data collection and processing, the consequences of non-consent will be informed;
Revocation of consent: the revocation may be requested at any time by the express manifestation of the data subject. The revocation does not cancel previous treatments, unless the deletion is also formalized.
6. Changes to the Privacy Policy
This Privacy Policy may be updated and any changes will be published on Blockbit’s website, as a way of confirming privacy and protection of personal data.
If any purpose of data collection is different from the one presented here, we will request new authorizations and promptly update this Policy.
7. How to Contact Blockbit
At any time, the holder of the personal data may contact the Data Protection Officer to ask questions or exercise the rights mentioned above. Just send an email to privacy@blockbit.com
