GENERAL WEBSITE PRIVACY AND DATA PROTECTION POLICY

​ We at IBTW are committed to protecting the personal data used in our activities. This Privacy and Personal Data Protection Policy was carefully developed so that you, a user of our services, can understand our policies of use and practices regarding your personal data and how the processing of this data is carried out. ​ This Policy covers our data collection activities on the website accessible at www.ibtw.com.br, made available and maintained by IBTW, which applies to the data subject interacting with our products and services. This Policy explains the rules regarding the collection, use of collected data, processing, storage, data protection, transfer, enrichment of collected user data, as well as your rights regarding this data, in accordance with the current law in Brazil. ​ The Policy clarifies the conditions for the collection, use, storage, processing, and protection of data on the platform, in compliance with the General Data Protection Law (LGPD) No. 13.709 of August 14, 2018. ​

1. Definitions

  • a. Personal Data: Information regarding an identified or identifiable natural person. Personal data that has been de-identified, encoded, or anonymized, but that can be used to identify a natural person.

  • b. Sensitive Data: Personal data concerning racial or ethnic origin, religious belief, political opinion, trade union or religious, philosophical, or political organization membership, data concerning health or sex life, genetic or biometric data, when linked to a natural person.

  • c. Anonymized Data: Described as “data relating to a data subject who cannot be identified, considering the use of reasonable technical means available at the time of its processing.” In other words, it is information that has been de-identified to some extent so that its owner can no longer be identified by simple means, but which is still important to the controller.

  • d. Data Subject: Natural person to whom the personal data being processed refers.

  • e. Processing: Any operation performed with personal data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion, or extraction.

  • f. User: Persons who access the website www.ibtw.com.br.

  • g. Controller: Natural or legal person, of public or private law, who is responsible for decisions regarding the processing of personal data.

  • h. Processor: Natural or legal person, of public or private law, who processes personal data on behalf of the controller. It is the company or professional directly responsible for data processing, directed or hired by the controller. Both the processor and the controller must keep records of data processing.

  • i. Data Protection Officer (DPO): Person appointed by the controller and processor to act as a communication channel between the controller, the data subjects, and the National Data Protection Authority.

     

  • j. National Data Protection Authority (ANPD): Organ of the federal direct public administration of Brazil that is part of the Presidency of the Republic and has duties related to the protection of personal data and privacy, enforcing Law No. 13.709/2018.

     

  • k. Consent: Free, informed, and unambiguous manifestation whereby the data subject agrees to the processing of their personal data for a specific purpose.

  • l. Cookies: Small files that are stored on a device’s web browser when it accesses a website for the first time. They are responsible for collecting and storing information about navigation within that environment, allowing it to be used later.

     

  • m. Platform: Website made available through the link https://www.ibtw.com.br/.

     

2. Sources of Personal Data

We collect your Personal Data through the following sources: ​

 

  • Customer Service (SAC): A communication channel for the user to receive post-purchase support, ask questions, and share, covering any relationship need the user has with us.

  • WhatsApp: A customer service channel for clients who wish to receive support to fulfill their needs and requests.

  • Contact: A communication channel for the user to receive the support they need, ask questions, and learn about services or share experiences, covering any relationship need the user has with us.

  • Data Protection Officer (DPO) Channel: We provide a channel on our website for the data subject to contact our data protection officer to request information or the deletion of their personal data.

  • Cookies: Data files used to perform platform performance metrics, identify usage problems, capture overall user behavior, and collect content impression data. ​​

3. What personal data we collect and how it is collected

During your interaction with https://www.ibtw.com.br/, using one of the previously mentioned collection sources, we may collect various types of personal data about you, as set forth below: ​

  • Customer Service (SAC): Full name, email, and data provided by you in the communication channel.

  • WhatsApp: Full name, phone number, and data provided by you in the platform’s conversation.

  • Contact: Full name, email, phone number, and data provided by you in the communication channel.

  • Data Protection Officer (DPO) Channel: Full name, CPF (Brazilian Taxpayer Registry), email, phone number, and data provided by you in the request form.

  • Cookies: Data is collected according to the cookies enabled by you.

  • Sensitive Personal Data: IBTW does not normally handle Personal Data considered sensitive under current legislation. Thus, we have no intention of collecting or processing sensitive personal data in the normal course of your interactions with our products or services. When there is a need to process your sensitive personal data for any reason, we will obtain your prior, express, and formal consent for any voluntary processing. If we process your sensitive personal data for other purposes, we rely on the following legal bases: (i) crime detection and prevention; and (ii) compliance with applicable law. ​​

4. About the processing and uses of your personal data

​ The following items describe the purposes for which your personal data is collected. Please note that not all of the uses below will be relevant to all individuals and may apply only to specific situations. ​

  • Customer Service (SAC): Your personal data is used for the purpose of providing customer service, answering your questions, complaints, inquiries, and receiving your suggestions through this channel. Your data is shared with the company Tomticket, which carries out the call management process. The company in question is committed to rules and responsibilities, and data will not be shared with any other processor and/or controller.

  • WhatsApp: Your personal data is used for the purpose of providing service according to the purpose of your contact. Your data is shared with regional representatives cited in this list (https://www.ibtw.com.br/sejaumparceiro) according to your region, who performed the service process on behalf of IBTW, and will not be shared with any other controller or processor.

  • Contact: Your personal data is used for the purpose of providing customer service, answering your questions through this channel, and providing quotes. Your data will be shared with Wix, a website creation platform. The company in question is committed to rules and responsibilities, and data will not be shared with any other processor and/or controller.

  • Data Protection Officer (DPO): This is an exclusive channel for the data subject to make requests and obtain information about the processing of their personal data in compliance with Law No. 13.709/2018 (LGPD).   Our motivations for collecting and processing personal data:

  • To comply with legal obligations;

  • Our legitimate interests, thereby respecting the privacy of all data subjects;

  • In the exercise of our rights as a Controller;

  • To contact and respond to requests from customers and data subjects;

  • To continually improve experiences and relationships. ​

5. Data Sharing

​ To execute platform activities, whenever necessary, we may share your personal data with other companies in our group, service providers, partners, suppliers, or regulatory bodies. Below is a summary of these possibilities: ​

  • With our partners when necessary and/or appropriate for the provision of related services;

  • With companies in our group, affiliates, and subsidiaries;

  • With suppliers, service providers, and partners to perform contracted services (such as information technology, anti-fraud analysis, cloud storage, accounting, among others).

  • When necessary due to a legal obligation, determination by a competent authority, or a court decision. ​

6. About the disclosure, storage, or transfer of your personal data

​ We take appropriate measures to ensure that your personal data is kept confidential and secure. However, these protections do not apply to information you have chosen to share in public areas, such as social networks or to third parties. ​

  • The collected database is our property and responsibility and will not be commercialized or sold to third parties. Its use and access are restricted to the purposes of our activities and may only be provided through a judicial process.

  • Persons who can access your Personal Data: Your personal data is processed by our employees or authorized agents, provided they need access to such information, in accordance with the specific purposes for which your personal data was collected.

  • Measures taken in operational environments: We store your personal data in operational environments that use technical and administrative security measures to prevent any unauthorized access, inappropriate, or unlawful processing. We follow protocols and regulations to protect your personal data.

  • International transfer of your data: Your personal data will not be transferred to other countries, except in cases provided for by current legislation. In such situations, all requirements established by current legislation will be observed, and the best market practices will be adopted to ensure the protection and privacy of your personal data.

  • Measures we expect you to take: It is important that you seek to keep your personal data secure. When creating an online account, please ensure you choose a strong password to prevent unauthorized parties from guessing it. We recommend that you never reveal or share your password with others. You are solely responsible for keeping this password confidential. If you use a shared or public computer, never choose the option to remember your login and password, email address, or information. Make sure you log out of your account whenever you leave the computer. ​ We will never ask the user for their password outside the platform, by phone, email, or any other means of communication. The user’s password should be used exclusively when accessing the platform, and if you suspect your password has been exposed to third parties, we recommend changing it immediately.

7. About the retention and termination of processing of your personal data

We will process your personal data in accordance with current legislation, using your personal data for the period stated at each point of collection on the site or upon request by the data subject, followed by proper disposal. You can obtain more details about the retention of your personal data through the communication channels detailed in this policy.   Upon termination of the processing of your personal data, it will be eliminated within the scope and technical limits of the activities. Conservation is authorized in situations provided for by current legislation to comply with legal and regulatory obligations.

8. About personal data of children and adolescents

​ Green House does not knowingly request, collect, process, store, or share personal data of children and adolescents. If we discover the occurrence of any unintentional handling of such data, we will promptly remove the personal data of the child or adolescent from our records. However, the collection of personal data of children and adolescents directly from their parents or legal guardians may occur through explicit consent, and in accordance with the Law governing this policy in its Art. 14 (§ 1 The processing of personal data of children shall be carried out with specific and highlighted consent given by at least one of the parents or the legal guardian.) ​

 

9. How we use Cookies

​ Cookies are files or information that can be stored on your device when you visit platform pages. Generally, a cookie contains the name of the website that originated it, its lifetime, and a randomly generated value. We use cookies to facilitate use and better adapt the pages to your interests and needs, as well as to compile information about the use of our sites and services, helping to improve their structures and content. Cookies can also be used to speed up your future activities and experiences on the pages. To learn more about which cookies we use, access our Cookie Policy. Finally, we remind you that if the user does not accept some platform cookies, certain platform services may not function correctly.

10. About your rights regarding personal data

​ Transparency regarding the processing of your personal data is a priority for us. In addition to the information provided in this Privacy Policy, you can also exercise your rights under the General Data Protection Law (LGPD), including: ​

  • Confirmation of the existence of processing;

  • Access to data;

  • Correction of incomplete, inaccurate, or outdated data;

  • Anonymization, blocking, or elimination of unnecessary or excessive data or data processed in noncompliance with current legislation;

  • Portability of data to another service or product provider, upon express request, in accordance with current legislation;

  • Elimination of personal data processed with the consent of the data subject, except in cases provided for by current legislation;

  • Information regarding public and private entities with which data is shared;

  • Information about the possibility of denying consent and the consequences of such denial;

  • Revocation of consent for the processing of your Personal Data, except in cases provided for by current legislation. ​ These rights can be exercised through the communication channels detailed in this policy, free of charge. It is necessary to validate your identity by providing a copy of your ID (RG) or equivalent means of identification and authenticity, in accordance with current legislation. ​ Whenever a request is submitted without providing the necessary evidence to prove the legitimacy of the data subject, the request will be automatically rejected. We emphasize that any identification information provided to us will only be processed in accordance with and to the extent permitted by applicable laws. ​ We point out that in certain cases, we cannot delete your personal data without also deleting your user account. Additionally, some situations require the retention of your personal data after you request its deletion to fulfill legal or contractual obligations. ​ We do our utmost to answer all questions you may have about how we process your personal data. However, if you have unresolved concerns, you have the right to complain to the competent data protection authorities. ​

11. Changes to our Privacy Policy

​ Whenever we change the way we process your personal data, this Policy will be updated. We reserve the right to make changes to our practices and this Policy at any time, provided compliance with current legislation is maintained. Any and all changes are aimed at adapting to possible modifications to our Sites, whether due to changes for new technologies or whenever necessary, as well as new legal, regulatory, or contractual requirements. When this happens, we will inform you on the site platform itself; whenever the user accesses it, we will ensure wide disclosure and communication to all our data subjects.

 

12. How to contact us

Whenever you have any questions about this Privacy Policy, even after reading it, or need to interact with us about matters involving your personal data, you can do so through our available customer service channels: Personal Data Processing Officer:

 

  • DPO Email: dpo.ghgroup@ghgroup.com.br

     

  • Data Protection Officer: Tiago Borges Green House will receive, investigate, and respond within a reasonable time to any request or complaint about how We process your personal data, including complaints about disregard for your rights under current privacy and Personal Data protection laws. ​ We recommend that you check the updated version of this Privacy Policy whenever you browse our online stores. We are always available to clarify your doubts and put you in control of your personal data. Count on us to keep you informed. ​

     

13. Applicable Law and Jurisdiction

 

​ The legal basis presented in this privacy policy will be interpreted according to Brazilian legislation under Law 13.709/2018, as updated by Law 13.853/2019.

This document is governed by and must be interpreted in accordance with the laws of the Federative Republic of Brazil. The Judicial District of Indaiatuba/SP is elected as competent to resolve any issues that may arise from this document, with express waiver of any other, however privileged it may be.

Indaiatuba, June 29, 2022. ​ IBTW.

IBTW.