PRIVACY POLICY AND PERSONAL DATA PROTECTION

The Privacy and Personal Data Protection Policy (“Policy”) of SKEDWAY DO BRASIL LTDA, a legal entity governed by private law, registered with CNPJ under No. 44.664.224/0001-73, headquartered at Rua João Preda, 630, joint . 02, Parque Rural Fazenda Santa Cândida, in the Municipality of Campinas, in the State of São Paulo, CEP 13087-552 (“SKEDWAY”) was prepared in accordance with Federal Law No. 13,709/2018 (General Law for the Protection of Personal Data – LGPD ) and Resolution of the Board of Directors of the National Data Protection Authority No. 02/, of January 27, 2022 (Resolution CD/ANPD No. 02/2022), binding all employees, managers, partners and internal and external collaborators of SKEDWAY, on all forms of processing of personal data resulting from its commercial activity.

This Policy contains information about how SKEDWAY treats, in whole or in part, automatically or not, the personal data of the aforementioned people.

The objective is to clarify the interested parties about the types of data that are processed, the respective purposes and the way in which the holder of the personal data can update, manage or delete this information.

When using our services, working with us or applying for a job, the holder of the personal data accepts and agrees with all the terms and conditions set forth that are in force on the date.

We warn that this Policy may be modified at any time by SKEDWAY, due to changes in legislation or in our processes, as a result of the use of new technological tools or partnerships, or even whenever, at SKEDWAY's sole discretion, such changes if necessary.

 

1. PRINCIPLES AND RIGHTS OF HOLDERS

1.1. SKEDWAY undertakes to comply with the rules set forth in the LGPD, in compliance with the following principles:

(i) the holder's personal data will be treated in a lawful, loyal and transparent manner;

(ii) the holder's personal data will only be processed for specific, explicit and legitimate purposes, and cannot be subsequently processed in a way that is incompatible with those purposes;

(iii) the holder's personal data will be collected in an adequate, relevant and limited manner to meet the purposes for which they will be treated;

(iv) the holder's personal data will be accurate and updated whenever necessary, so that inaccurate data is erased or rectified, when possible;

(v) the personal data of the holder will be kept in a way that allows the identification of the data subjects only for the period necessary for the purposes for which they are processed;

(vi) The holder's personal data will be treated securely, protected from unauthorized or unlawful processing and against accidental loss, destruction or damage, adopting the appropriate technical or organizational measures.

 

1.2. The holder of personal data has the following rights, conferred by the LGPD:

(i) Right of confirmation and access: right of the holder to obtain confirmation that the personal data concerning him are or are not being processed and, if that is the case, the right to access his personal data;

(ii) Right of rectification: right of the holder to obtain the rectification of inaccurate personal data concerning him;

(iii) Right to delete data: right of the holder to have their personal data erased from SKEDWAY's systems or database, except for the cases provided for in the LGPD that authorize its maintenance by SKEDWAY;

(iv) Right to limitation of data processing: right of the holder to limit the processing of his personal data, being able to request this limitation when he contests the accuracy of the data, when the treatment is illegal, when SKEDWAY no longer needs the data for the proposed purposes and when you have objected to the processing of data in case of unnecessary data processing;

(v) Right of opposition: right of the holder to oppose, for reasons related to his particular situation, the processing of personal data concerning him, and may also oppose the use of his personal data to define a marketing profile;

(vi) Right to data portability: right of the holder to receive personal data concerning him and that he has provided to SKEDWAY, in a structured, commonly used and machine-readable format, and the right to transmit this data to third parties to be indicated by the holder, under his responsibility.


 

1.3. The holder may exercise his rights by means of a written communication sent by email with the subject “processing of personal data”, specifying:

(i) full name;

(ii) CPF number;

(iii) e-mail address of the holder and, if applicable, of his representative;

(iv) relationship you have or had with SKEDWAY (customer, platform user, employee, candidate for job offers and/or third party individuals);

(v) right you wish to exercise with SKEDWAY;

(vi) date of application and signature of the holder; It is

(vii) any document that can demonstrate or justify the exercise of your right.

 

1.4. Pursuant to art. 11, paragraph 1, of CD/ANPD Resolution No. 02/2022, the communication channel to be used by the holder will be through the email [email protected], or, if you prefer, through physical correspondence, to be forwarded to the following address:

Rua João Preda, 630, conj. 02, Parque Rural Fazenda Santa Cândida, Campinas-SP, CEP 13087-552

1.5. All requests will be received, analyzed and, if necessary, forwarded and answered within a period of up to 15 (fifteen) days, counting from the confirmation of the authenticity of the person who made the request and the corresponding holder of the personal data over which it is intended to exercise rights.

 

2. ORIGIN OF PERSONAL DATA PROCESSED BY SKEDWAY

2.1. The personal data processed by SKEDWAY are originally:

(i) informed by the holder himself, when entering into any commercial relationship with SKEDWAY, registering and using the Platform and/or when contacting SKEDWAY to obtain information about the services provided and commercial proposals;

(ii) collected by SKEDWAY through the integration of its Platform with Office 365 or G-Suite from the accounts used by the data subject to perform activities related to the SKEDWAY customer; and/or

(iii) collected automatically by SKEDWAY when the holder accesses the SKEDWAY website or Platform.

3. PERSONAL DATA PROCESSED BY SKEDWAY

3.1. The processing of personal data by SKEDWAY will take place in accordance with the LGPD, and the data processed includes:

(i) name;

(ii) e-mail;

(iii) commercial phone;

(iv) cell phone;

(v) identification photo and biometric data;

(vi) department in which it operates at the Client;

(vii) identification document; It is

(viii) Bank data.

3.2. In addition to the personal data detailed above, during the use of the Platform or the SKEDWAY website, the following personal data will also be processed:

(i) User's IP address;

(ii) geolocation of the User, when the access takes place through a mobile device;

(iii) accesses containing the User's access times to the Platform;

(iv) pages and screens accessed by the User on the Platform;

(v) dates and times of each User action on the Platform;

(vi) appointments made by the User with his IP address;

(vii) publications made by the User and log of these publications;

(viii) settings customized by the User on the Platform;

(ix) reservation information made through the Platform; It is

(x) information on participation in meetings scheduled through the Platform.



3.3. SKEDWAY is not responsible for the veracity or lack of information provided and provided directly by the holder, as well as for its outdated status, and it is the responsibility of the holder of the personal data to provide them accurately and keep them updated..

4. TREATMENT PURPOSES AND HYPOTHESES

4.1. The personal data processed by SKEDWAY will be used to meet the following purposes:

(i) issue the respective tax documents, record the payment information in the accounting, as well as carry out the corresponding bank transactions;

(ii) collaborate and/or comply with a court order or request by an administrative authority;

(iii) properly identify the holder of the personal data and the User, when using the Platform;

(iv) adequately respond to requests and queries made by the holders of the respective personal data;

(v) allow the full functioning of the Platform operated by SKEDWAY, under the terms, conditions and parameters established with the Client (such as: organizing the available calendar and making available the scheduling of rooms, workstations, closet and parking spaces);

(vi) protect SKEDWAY and allow compliance with the rights and obligations related to the use of the Platform, in accordance with the provisions of the governing legislation;

(vii) collect and use data, even if anonymously, from Google Analytics for parameterization and creation of metrics;

(viii) use the data to maintain the Platform and the services offered by SKEDWAY.


 

4.2. The processing of personal data by SKEDWAY, taking into account its use for the purposes described above, will be carried out in compliance with the following hypotheses provided for in the LGPD:

(i) Compliance with a legal obligation (art. 7, II, of the LGPD): name, e-mail, business telephone, identification document and bank details, to achieve the purposes set forth in Item 4.1 (i), (iv) and (vi) ;

(ii) Execution of contracts and preliminary procedures (art. 7, V, of the LGPD): department in which the client operates, geolocation of the User, appointments made by the User with his IP address, publications made by the User and log of these publications, settings customized by the User on the Platform, information on reservations made through the Platform and information on participation in meetings scheduled through the Platform, to achieve the purposes set forth in Item 4.1 (v) and (viii);

(iii) Fraud prevention guarantee (art. 11, II, 'g', of the LGPD): identification photo, biometric data and cell phone, to achieve the purposes set forth in Item 4.1 (iii)

(iv) Consent (art. 7, I, of the LGPD): performance, functionality and behavior/analytical cookies, for use under the terms of Item 9; It is
 (v) Legitimate interest of the controller (art. 7, XI, of the LGPD): User's IP address, access containing the User's access times to the Platform, pages and screens accessed by the User on the Platform and dates and times of each User action on the Platform Platform, to achieve the purposes set forth in Item 4.1 (vii).

4.3. SKEDWAY clarifies that the personal data indicated in item 3.1. (v) (identification photo and biometric data) are not collected and treated in a standardized way, by default, so this treatment will only occur upon request of the Customer, so that SKEDWAY will act in accordance with the provisions of item 5.2 below.

4.3.1. In the situations of processing the personal data indicated above, SKEDWAY may use technologies developed by third parties, in order to make the use of this data feasible, only and solely to improve the identification process of the holder when accessing and using the Platform .

4.3.2. The storage of personal data, indicated in item 4.3 above, in SKEDWAY's database, will only serve for the purpose of, when capturing the holder's image, when accessing the Platform, SKEDWAY, comparing with the images previously handled, can identify him and certify that he is the owner, ensuring that there is no fraud in the use of the owner profile on the Platform.

4.3.3. SKEDWAY clarifies that it will have access to the camera of the device used to access the Platform only during the capture of the holder's photo, so that, once the respective image is captured, SKEDWAY will no longer have access to the device's camera.

4.3.4. SKEDWAY reinforces that, like other personal data, those provided for in item 4.3 above, its treatment will always occur in an ethical and respectful manner, never aiming, promoting or inducing any form of discrimination or that is harmful to the holder.

5. PERSONAL DATA PROCESSING AGENTS

5.1. SKEDWAY, as an agent for processing personal data, may act as Operator or Controller depending on the type of treatment that will be carried out by SKEDWAY with personal data, as detailed below.

 

5.2. In situations where SKEDWAY provides software licensing services (SaaS) to its customers, making its platform available for managing third-party corporate spaces under the conditions and locations established by its Customers, SKEDWAY will act as an Operator, with its Customers acting as Controllers of their personal data.

5.3. In SKEDWAY's relationships with its customers, collaborators and employees, which result in the processing of personal data, SKEDWAY will act as Controller of this data, given its own decision-making power regarding the completeness of the processing of this personal data.

6. STORAGE AND CONSERVATION PERIOD OF PERSONAL DATA

6.1. Personal data is stored in a secure and controlled environment and may be stored on SKEDWAY's own servers or on third-party servers contracted for this purpose (sub-operators), whether allocated in Brazil or abroad, in accordance with the criteria of the applicable legislation, and may also be stored using cloud computing technology and/or others that may arise in the future, always aiming at its improvement and improvement.

6.2. Personal data processed by SKEDWAY will be kept for a period no longer than necessary to fulfill and if it reaches the purposes for which they were initially processed, as detailed in this Policy.

6.2.1. The holders' personal data may only be retained after the end of their processing, for (i) compliance with a legal or regulatory obligation by SKEDWAY; and/or (ii) regular exercise of rights in judicial or administrative proceedings, and, in both cases, said period will not exceed a period of 5 (five) years.

6.3. In situations where SKEDWAY acts as an Operator, the conservation of personal data will be subject to the lawful guidelines of its Customers (Controllers), which will be observed by SKEDWAY, provided that they are compatible with the rights and guarantees provided for in the LGPD.



7. SKEDWAY AND THIRD PARTIES IN THE TRANSMISSION OF PERSONAL DATA

7.1. In compliance with the principles of the LGPD and the guidelines of the National Data Protection Authority - ANPD, SKEDWAY clarifies that it applies the principle of least privilege (need to know), having its own internal policy that delimits access to personal data processed by SKEDWAY , considering the access pertinence of each area in relation to these same data.

7.2. In certain circumstances, SKEDWAY may share or transfer personal data, to the strictest extent necessary or appropriate, to government agencies, business partners and others with the aim of complying with applicable legislation, court order or subpoena, or to:

(i) investigate, prevent or take action relating to suspected or actual illegal activities, or to cooperate with public bodies, or to protect national security;

(ii) performance of its contracts;

(iii) investigate and defend against any third party claims or allegations;

(iv) protect the rights and personal safety of the holder of personal data, its employees, internal collaborators, customers or the general public;

(v) exercise or protect the rights, property and safety of SKEDWAY, its partners and investors; It is

(vi) in case of sale, purchase, merger, reorganization, investment contribution, liquidation or dissolution of SKEDWAY.


7.3. All situations of sharing and transmission of personal data to third parties, if not provided for in this Policy, will be previously informed to the respective holder of the personal data, who, in the cases provided for in the LGPD, may oppose such sharing and transmission.

8. SECURITY IN THE PROCESSING OF PERSONAL DATA

8.1. Pursuant to art. 46 of the LGPD, SKEDWAY adopts the appropriate security, technical and administrative measures to protect the personal data processed. To this end, periodic training is developed for all those involved in treatment activities, updating and constant review of internal processes that result in the processing of personal data, corporate policy for the protection of personal data, among other activities carried out within the administrative-managerial scope of SKEDWAY , without prejudice to the adoption of technical measures within the scope of Information Technology, with the use of computer resources endowed with functionalities aimed at guaranteeing information security.

8.2. SKEDWAY disclaims responsibility for the sole fault of third parties, such as in the case of a hacker or cracker attack, or the sole fault of the holder of the personal data.

 

8.3. SKEDWAY undertakes to communicate to the holder of personal data, within an appropriate period, in the event of any type of violation of the security of their personal data that may cause a high risk to their individual rights and freedoms, using the means of communication available for contact, which can be phone number or email address.

8.4. If third-party companies process any of the personal data controlled by SKEDWAY, they must observe and respect the conditions stipulated in this Policy.

9. NAVIGATION DATA (cookies) AND THEIR MANAGEMENT

9.1. As detailed and clarified in its Cookies Policy, SKEDWAY clarifies that its website only uses first-party cookies, with no third-party cookies being used on its website.

9.2. In view of the role that cookies play on the SKEDWAY website, any processing of personal data arising from their use, are licensed for use based on the following hypotheses provided for in the LGPD:

(i) execution of contract and preliminary procedures (art. 7, V, of the LGPD): necessary cookies; It is

(ii) owner's consent (art. 7, I, of the LGPD): performance, functionality and behavior/analytical cookies.

9.3. When accessing the SKEDWAY website, it is possible to choose and consent to which cookies may be used during your navigation, with the exception of necessary cookies.

10. COMPLAINT TO A CONTROL AUTHORITY

10.1. Without prejudice to any other administrative or judicial means of appeal, all holders of personal data have the right to file a complaint with a control authority. The complaint may be made to the National Data Protection Authority (ANPD).

 

11. CHANGES

11.1. This Policy may receive periodic revisions. However, SKEDWAY reserves the right to modify, at any time, these provisions, especially to adapt them to the evolution of the systems or its computer program, either by making new functionalities available, or by deleting or modifying those that already exist.

11.2. The holder of the personal data will always be notified by SKEDWAY in case of alteration of this Policy and, if he disagrees with any of the modifications, he must submit his reservation to the communication channel made available by SKEDWAY for this purpose, as indicated in item 1.4 of this Policy.

12. APPLICABLE LAW AND JURISDICTION

 

12.1. This Policy and all relationships resulting from it are subject to the laws of the Federative Republic of Brazil, with the jurisdiction of the District of Campinas, in the State of São Paulo, being elected to resolve any controversy arising from this Policy.

12.2. Without prejudice to the provisions of the previous article, in the event of the occurrence of information security incidents, related to individual leaks or unauthorized access to personal data, these disputes will initially be the subject of direct conciliation between SKEDWAY and the respective holder of the personal data, before considering the possibility of applying any sanction to SKEDWAY, pursuant to art. 52, §7, of the LGPD.