Global Data Protection Policy
1. PURPOSE
CIBRAFÉRTIL – COMPANHIA BRASILEIRA DE FERTILIZANTES, a legal entity governed by private law, registered with CNPJ/MF No. 00.117.842/0001-28, headquartered at Rua Alfa, No. 1428, Polo Industrial de Camaçari, Camaçari, State of Bahia, and AGRO INDUSTRIAL SÃO LUIZ LTDA., a legal entity governed by private law, registered with CNPJ/MF No. 95.865.572/0001-40, in this policy, together will be referred to as “CIBRA“.
Law No. 13,709 of August 14, 2018, also known as the General Personal Data Protection Law, or LGPD, legally provides for the processing of Personal Data in Brazil, both by digital, physical and digital means, per person. natural person or legal entity governed by public or private law, with the objective of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person.
Thus, due to the recognition and prestige that guides its performance, and in accordance with the internal governance and management that encompass issues related to Privacy and Data Protection, CIBRA establishes this Personal Data Protection Policy, which aims to establish high standards for the treatment of this Data, including the collection, use, disclosure, storage, access, transfer and disposal of Personal Data provided.
CIBRA is committed to the privacy and protection of the Personal Data of its customers, employees, suppliers and business partners. With that, CIBRA assumes the commitment to ensure that all requirements imposed by data protection legislation are met, as well as expresses its respect for the right to honor, intimacy and privacy of the Holders of this Personal Data.
2. SCOPE
This Policy applies to all employees, suppliers, customers, service providers, interns, apprentices and trainees, business partners, consultants and third parties, as well as competitors, public bodies and entities with which CIBRA have any type of interaction, both for individuals and legal entities, for profit or not, that are related to CIBRA.
Thus, the application of such practices aims to become an internal standard, based on compliance with current legislation and based on ethics, seriousness, commitment and protection of data subjects who, for any reason, need to provide their Personal Data. to CIBRA.
In light of the foregoing and as a result of the obligation to observe the guidelines contained in this document, failure to comply with the rules set forth by CIBRA’s employees and partners will lead to administrative measures such as a warning, without prejudice to other more serious sanctions.
3. REFERENCES
- Constitution of the Federative Republic of Brazil of 1988;
- Law No. 13,709/2018, the General Law for the Protection of Personal Data (LGPD);
- Law No. 10,406/2002, the Civil Code;
- Law No. 12,965/2014, the Civil Rights Framework for the Internet;
- Internal rules and procedures that are constantly reviewed and approved by the competent authorities and made available to all employees.
4. DEFINITIONS
4.1 Database: structured set of Personal Data, established in one or several locations, in electronic or physical support;
4.2 Controller: natural or legal person, of public or private law, who are responsible for decisions regarding the processing of Personal Data;
4.3 Personal Data: information relating to an identified or identifiable natural person;
4.4 Sensitive Data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person;
4.5 Person in charge of the Processing of Personal Data: person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD);
4.6 Purpose: reason for which the personal data will be processed, or the objective that is intended to be achieved with the Data Processing;
4.7 General Personal Data Protection Law (LGPD): Law No. 13,709 of August 14, 2018, also known as the General Law for the Protection of Personal Data, or LGPD, legally provides for the processing of Personal Data in Brazil, either by digital, physical means, by natural person or by person. public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person;
4.8 Operator: natural or legal person, governed by public or private law, who processes Personal Data on behalf of the controller;
4.9 Holder: natural person to whom the Personal Data being processed refers;
4.10 Owner of Personal Data: is any identified or identifiable natural person to whom the processed Personal Data refers, for example, employees and customers;
4.11 Treatment: is the handling, operation, use of Personal Data under our care, such as the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, storage, archiving, elimination, evaluation or control of the information, modification , communication, transfer, diffusion or extraction, among others.
5. PRINCIPLES OBSERVED IN THE PROCESSING OF PERSONAL DATA
Ensure that the processing of Personal Data provided toCIBRA, the following precautions:
- Transparency: Personal Data will be treated legally, fairly and transparently in relation to the subject holding the Personal Data;
- Purpose and suitability: Personal Data will be collected for specified, explicit and legitimate purposes and not processed in a way that is incompatible with those purposes;
- Quality: Personal Data will be accurate and, where necessary, updated. Furthermore, reasonable measures will be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased, corrected and sanitized without delay;
- Need: Minimum and necessary Personal Data will be processed to carry out the purposes for which they were collected, only those that are relevant, proportionate and that are not excessive in relation to the purposes of the stipulated data processing;
- Safety and prevention: technical and administrative measures will be adopted to protect Personal Data from unauthorized access and from accidental or illegal situations, such as destruction, loss, alteration, communication or dissemination. In addition, all these measures will be taken to prevent the occurrence of damages due to the processing of Personal Data;
- Free access: the holders of Personal Data will be guaranteed easy and free consultation on the form, duration of treatment and completeness of their Personal Data;
- Accountability and non-discrimination: the Personal Data collected will be processed for lawful purposes, and the processing of Personal Data for abusive or discriminatory purposes is prohibited. Furthermore, CIBRA is able to prove compliance and compliance with the Personal Data protection rules and even the effectiveness of the measures adopted.
In addition, together with the care listed above, the CIBRA will facilitate any request from holders who wish to exercise their rights, guaranteed by the Personal Data Protection Law, in an accessible and free way, through the service channel provided at the end of this document.
6. GENERAL GUIDELINES FOR THE PROCESSING OF PERSONAL DATA
CIBRA guides its performance with responsibility, observing the principles listed above and following the general guidelines of:
a. The Responsibility during the processing of Personal Data:
CIBRA, in accordance with the basic principles for the processing of Personal Data provided for in the General Data Protection Law, and in internal regulations, handles information related to Personal Data responsibly, in clear, ethical and transparent attitudes and treatments.
b. Effectiveness of Data Processing:
CIBRA adopts all appropriate measures for the proper treatment of Personal Data that it already has or will have access to, regardless of who the holder is, based on such data being collected for specific purposes and in compliance with the need, adequacy and relevance.
c. Retention Term of this Personal Data:
CIBRA does not store information in its database for a longer time than allowed, only to comply with the sufficient period of the cases provided for in the laws that regulate the procedures or that need to fulfill specific purposes according to the nature of the activity performed.
All these internal processes and methods make the CIBRA constantly seek suppliers, partners in relationships that also adopt protection measures, supported by governance policies on privacy and Personal Data, as well as internal events and training with employees of CIBRA.
7. GUARANTEES OF THE COMMITMENT TO THE PROTECTION OF PERSONAL DATA
To fulfill its commitment to the protection of Personal Data, CIBRA guarantees that:
- The legal basis for the processing of Personal Data will be identified in advance and that all processing complies with applicable legislation;
- Will not use Personal Data for purposes other than those informed to the holder at the time of collection;
- There are adequate privacy policies, informing the holders of the treatment of their Personal Data and their rights;
- It will only collect the Personal Data necessary for the processing and purposes that it will identify in advance;
- It adopts adequate security measures to ensure that Personal Data is accessed only by those who need it and that it is maintained or transferred with the necessary security.
8. RESPONSIBILITIES
The Person in Charge of the Processing of Personal Data is responsible for meeting the Data Subject’s contact demands for any reason or desire to exercise one of their rights regarding the processing of their Personal Data. The Data Subject may, if desired, contact the Person in Charge of the Processing of Personal Data who is also responsible for:
i) Provide that the organization’s employees are properly trained and oriented on the requirements of compliance with the LGPD;
ii) Arrange for regular assessments and audits to be carried out to ensure compliance with the LGPD;
iii) Serve as a point of contact between the company and the supervisory authority;
iv) Assist CIBRA in organizing and maintaining records of data processing activities carried out by the CIBRA;
v) Respond to and inform the holders of personal data about how their data is being used and what protection measures are implemented by the organization and,
vi) Ensuring that requests for access or deletion of data made by holders of personal data are answered or answered, as necessary.
External Privacy Policy
1. PURPOSE
CIBRAFÉRTIL – COMPANHIA BRASILEIRA DE FERTILIZANTES, a legal entity governed by private law, registered with CNPJ/MF No. 00.117.842/0001-28, headquartered at Rua Alfa, No. 1428, Polo Industrial de Camaçari, Camaçari, State of Bahia, and AGRO INDUSTRIAL SÃO LUIZ LTDA., a legal entity governed by private law, registered with CNPJ/MF No. 95.865.572/0001-40, jointly “CIBRA“, are part of the same economic group, being recognized for importing, producing, mixing, formulating and distributing fertilizers throughout the country.
Fertilizing partnerships to reap results is the company’s purpose, for this reason it is CIBRA is increasingly closer to the producer through the ten units strategically distributed in Brazil.
Thus, due to the recognition and prestige that guides its performance, and in accordance with the internal governance and management that encompass issues related to Privacy and Data Protection, the CIBRA presents the present External Privacy Policy (“Policy”).
2. DEFINITIONS
To read this Policy, the present terms related to privacy and data protection must be understood:
- Database: structured set of Personal Data, established in one or several locations, in electronic or physical support;
- Controller: natural or legal person, of public or private law, who are responsible for decisions regarding the processing of Personal Data;
- Personal Data: information relating to an identified or identifiable natural person;
- Sensitive Data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person;
- Person in charge of the Processing of Personal Data: person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD);
- Goal: reason for which the personal data will be processed, or the objective that is intended to be achieved with the Data Processing;
- General Personal Data Protection Act (LGPD): Law No. 13,709 of August 14, 2018, also known as the General Law for the Protection of Personal Data, or LGPD, legally provides for the processing of Personal Data in Brazil, either by digital, physical means, by natural person or by person. public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person;
- Operator: natural or legal person, governed by public or private law, who processes Personal Data on behalf of the controller;
- Holder: natural person to whom the Personal Data being processed refers;
- Owner of Personal Data: is any identified or identifiable natural person to whom the processed Personal Data refers, for example, employees and customers;
- Treatment: is the handling, operation, use of Personal Data under our care, such as the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, storage, archiving, elimination, evaluation or control of the information, modification , communication, transfer, diffusion or extraction, among others.
3. THE DATA PROVIDED TO CIBRA
CIBRA protects the privacy of its customers and the general public, so that any Personal Data provided will be treated with the highest level of care and security, being used only for the purposes determined in this Policy.
The provision of Personal Data can be carried out by different means, for example, the Personal Data collected may be different if you navigate through the virtual environment on the website, or even by filling out forms in the physical modality.
The User may provide Personal Data in the following interactions and environments:
PROCESS | COLLECTED DATA |
---|---|
Registration (Commercial) | During the customer registration process carried out by the Commercial Sector, personal data is provided by the customer himself or by a third party, which in this case may be the farm manager or in charge of the cooperative. In this management, the following personal data are provided: name, CPF, address, e-mail, administrative contact name, corporate cell phone and landline. |
Shipping Information POLY4 or other products | To know more information about POLY4 Demoplots and other products, the name and image of the Owner can be provided. Every Demoplot customer is invited to sign a term of use of images and data for the dissemination of their research. |
Work with us Online | To apply for one of the CIBRA vacancies online, it is necessary to access the platform account through Facebook, LinkedIn or email and password. In addition, the following personal data will be informed: full name, e-mail, cell phone (landline optional), country of origin, CPF identification document. |
Online Relationship (Contact Us) | To use the relationship channel through Fale Conosco, it will be necessary to inform the area of interest and the subject, in addition to the following personal data: name, e-mail, cell phone (WhatsApp), city, state and forward the message. |
Online Whistleblower Channel | To use the Whistleblower Channel on the website, it is optional to inform the name, e-mail, telephone. The mandatory information is the subject, message and inform if the complaint is related to any CIBRA unit. There is the possibility of registering such a report by voice, according to the user’s choice. |
Chatbot - WhatsApp “Cibele” | To use “Virtual Assistant”, it will be necessary to inform the name and e-mail. To start the conversation, there is a redirect to the WhatsApp application. |
Contact | E-mail is available to forward messages. Through the following contacts: contato@cibra.com and marketing.cibra@cibra.com. |
Social Media (Facebook, Instagram, LinkedIn and Twitter) | In order to use social networks, CIBRA does not collect personal data, only if the user or client provides any information they deem necessary. |
Registration of visitors, service providers and drivers in general | To access CIBRA’s building and physical facilities, it is necessary to present the following personal data: Name, ID. A visitor’s badge will be issued for access to CIBRA’s premises. |
4. THE DATA COLLECTED BY CIBRA
- Security cameras in physical environments;
- Data from mobile devices from which the digital platform was accessed and other information such as the type and version of the browser used;
- Log data;
- The IP address;
- The CIBRA website collects cookies during user navigation in order to offer a better and more personalized performance on this platform. You can manage Cookies by clicking the button below:
5. WHAT IS PERSONAL DATA PROCESSED FOR?
CIBRA will use the Personal Data collected to achieve any of the following purposes:
- Satisfactory business performance CIBRA;
- Creation, alteration and maintenance of the registers of the consumer public of the CIBRA;
- Obtaining generic statistics to identify the profile of customers and the general public, in addition to the development of campaigns and promotional or marketing actions;
- Protection of the rights of customers, the general public and the CIBRA;
- Claim rights over credits and defaults;
- Actions, advertisements and advertising contracts;
- Service and relationship with potential customers and the general public, as well as the continuous improvement of the service provided by CIBRA;
- Compliance with a legal obligation or requirement of applicable law; in response to legal proceedings; in response to a request from the competent legal authority; to protect rights, privacy, security or property; to enforce the terms of any necessary agreement or contracts or our terms;
- Maintain the safety and physical safety of visitors to the premises.
6. DO WE SHARE YOUR PERSONAL DATA?
CIBRA may share your Personal Data for legitimate and specific purposes necessary to provide and operate its products and services. You can share data with:
- Other partner companies with which the CIBRA interact, including the other companies that are part of the Cibra Group;
- With financial institutions such as banks and insurance companies;
- Professional consulting companies for financial, credit, banking, insurance, accounting or other technical consulting services aimed at marketing in general or product development, in addition to bodies and institutions mainly in the agricultural sector;
- Government agencies, tax authorities, such as the Judiciary and/or other competent authority to meet existing legal obligations. This treatment may include your complete qualification data;
- With partner companies and service providers and suppliers, for activities exclusively focused on the relationship with the CIBRA;
- With advertising companies, to select and produce ads that match your profile, as authorized;
- With credit protection companies or bodies for complaint of customers with default.
The sharing of Personal Data with third parties will only take place to achieve a legitimate and specific purpose previously informed to You.
7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The information and Personal Data will only be kept for the time necessary to fulfill the specified purpose or the deadlines provided for in legal and contractual provisions.
However, in addition to the constant observance and updating of these regulations, regardless of your consent or request for deletion, the General Data Protection Law allows the CIBRA retain the personal data of customers and the general public in the following situations:
- Compliance with legal or regulatory obligations;
- Transfer to a third party, respecting their rights and provision in the data protection and privacy laws;
- For exclusive use, access by third parties is prohibited, and provided that the data is anonymized.
8. THE SECURE STORAGE OF PERSONAL DATA
All information or Personal Data provided to CIBRA will be treated in accordance with the necessary security standards and efforts will be made to ensure that such information is not destroyed, lost, altered or disseminated.
So, CIBRA adopts several precautions related to information security established in applicable laws and regulations, mainly:
- CIBRA has protection against unauthorized access to its systems/servers/physical files and only authorizes the access of specific people to the place where information and Personal Data are stored – people who need such information and data for the development of the intended activity;
- CIBRA requires that partner companies, service providers and suppliers that process Personal Data, undertake to maintain the absolute confidentiality of the information and Personal Data accessed, as well as to adopt the best practices for handling this information, as determined in the policies and external procedures.
9. WHAT RIGHTS DO THE HOLDERS HAVE ABOUT THEIR PERSONAL DATA?
In compliance with the applicable regulations, with regard to the processing of Personal Data, CIBRA respects and guarantees the holder, upon request, the following rights:
- Confirm the existence of treatment;
- Access your Personal Data;
- Correct incomplete, inaccurate or outdated Personal Data;
- Request the anonymization, blocking or deletion of unnecessary, excessive or processed Personal Data in violation of the provisions of the LGPD;
- Request the portability of Personal Data to another provider of a service or product, in accordance with the regulation of the national authority;
- Erase or anonymize Personal Data processed based on your consent, except when the law authorizes the maintenance of this data for another reason;
- Obtain information about the possibility of not providing consent to the processing of your Personal Data and the consequences of such denial;
- Revoke your consent, as applicable;
- Apresentar petição à Autoridade Nacional de Proteção de Dados (ANPD).Submit a petition to the National Data Protection Authority (ANPD).
Users may exercise any other right provided for by law, even if not listed here. As an exception, it is possible that your request will not be fulfilled, but if this happens, we will explain why. However, this will only happen if there is a legal basis.
For your safety, whenever you make a request to exercise your rights, CIBRA may request some additional information and/or documents so that we can prove your identity, seeking to prevent fraud. We do this to ensure everyone’s security and privacy.
Talk to our supervisor
Mr.: Tadeu Ribeiro Ferreira
Email: privacidade@cibra.com
If you prefer to contact us by letter or other physical means, please forward correspondence to the following address:
Rua Alfa, nº 1428, Polo Industrial de Camaçari, Camaçari, Bahia state, CEP 42816-100