1. PRIVACY, SECURITY AND TRANSPARENCY
As part of our daily operations, we need to collect personal data from our clients, and potential clients in order to provide our products and services aligned to the values, interests and profile of each investor.
The privacy of your information is of great importance to us, and our policy is to respect the confidentiality of information and people's privacy. This Policy stipulates how CGC, its subsidiaries and affiliates process personal data in compliance with current laws and regulations.
Personal Data is considered to be any information that allows us to identify you. The processing of Personal Data provided for in this Policy is applicable to the national territory, and is in accordance with the General Law on Data Protection ("LGPD").
Should any doubt persist about how we treat your Personal Data, you may access our customer service channel, described in item 13 of this Policy.
2. COLLECTION OF PERSONAL INFORMATION
CGC may use different ways to collect personal data, such as:
- When they are provided through the completion of forms, questionnaires, email, websites, mail, apps, telephone, contracts, through the delivery of personal documents, in situations that include, for example, you:
- Requesting CGC products or services;
- Request the sending of marketing or institutional materials;
- Contact us to pass on some feedback.
- Through access data to our Site;
- Through publicly available sources.
The user is aware that he provides the information knowingly and voluntarily.
Before disclosing another person's personal information to us, you must obtain that person's consent to the disclosure and processing of that personal information in accordance with this policy.
The data provided by the user will be kept confidential and will only be used for the purposes presented in topic 3 of this document
3. INFORMATION COLLECTED
The following types of personal information may be collected, stored and used:
- Information about your computer, including the user's access browser, Internet Protocol (IP) address; the date and time of access; the geographical location; and the user's actions on the site and operating system;
- Information about your visits to and use of this site, including referral source, duration of visit, page views and navigation paths through the site;
- Information such as your name and email address, which you enter to set up subscriptions to our emails and/or newsletters;
- Information that you enter while using the functions and services on our site;
- Information generated by using our site, including when, how often and in what circumstances you use it;
- Information contained in any communications you send to us by email or through our website, including the content and metadata of the communication;
- Any other personal information you submit to us.
3.1 For account creation
For the registration and creation of the customer portal (PV Plant tenant) in the tab "Restricted Area" in our Site, the following data will be informed:
- Full Name, E-mail, CPF, Date of Birth, Mobile Phone;
- ID Number and Issuing Agency; or
- CNH (National Driving License); or
- RNE (National Registry of Foreigners);
- Date of dispatch, State;
- Gender, Marital Status;
- Mother's name and father's name (optional);
- Postcode, address, number, complement, State, City, District, Nationality;
- State of birth and city of birth;
- Information regarding energy consumption during hiring/leasing with CGC;
The login and password created can be changed at any time by the user.
3.2. information collected from users with an interest in becoming a PV Plant Partner:
- Full name, age, CPF;
- Name of your company, CNPJ;
- Telephone, E-mail;
- Inform if you have already had professional experience in the financial market;
- Inform how much you are willing to invest;
- Inform the Profession;
- City and State;
We may request additional personal information if we deem it necessary for
4. USE OF YOUR PERSONAL INFORMATION
Personal information submitted to us via our website will be used for the purposes specified in this policy or on the relevant website pages. We may use your personal information for the following:
I. Site administration and business:
The data acquired through our website, will enable the customisation the use of the available functions and services, as well as to deal with questions and complaints made in relation to the CGC website.
II. To comply with a legal obligation
There are a variety of legal obligations arising from applicable laws to which we are subject (e.g. financial services legislation, tax laws, etc.). There are also various supervisory authorities to whose laws and regulations we are subject. Such obligations and regulations oblige us to perform personal data processing activities for credit checks, identity verification, compliance with court orders, tax laws and other obligations.
III. For sending notices and satisfaction surveys
Occasionally, we may send you commercial communications, related to CGC's proposed business and satisfaction surveys as part of our customer feedback process. It is in our legitimate interest to obtain such feedback to ensure that our services/products are being delivered at the highest level.
IV. For behavioural analysis on our Website
Our Site may contain data analysis tools that allow us to analyse behaviour to ensure the quality of the platforms and provide the best user experience. The information collected is not considered personal in accordance with the terms of the General Data Protection Act, as it is used in such a way that it is not linked to any user, and this information is anonymised.
V. For advertising
We may use your personal data to send you marketing communications by email, telephone, or other pre-agreed ways (including social media campaigns) to ensure you are always up to date with our products and services. When we send marketing communications, these will be based on your consent.
VI. To provide fraud prevention assurance and security for data subjects
We need to process personal data for the purpose of fraud analysis and prevention, in various scenarios. In addition, we may process personal information for the purpose of security of data subjects, preventing against potential crimes, measures against intrusion, and security of assets.
VII. To safeguard legitimate interests
We process personal data to safeguard our legitimate interests. Examples of such activities include:
Initiating legal claims and preparing our defence in cases of litigation;
Establish monitoring systems for our facilities, for security reasons;
Business management measures, platform performance optimisation, and product and service development;
Share your personal data with CGC Group companies for the purpose of updating/verifying your personal information in accordance with the money laundering framework.
5. SHARING OF PERSONAL INFORMATION
Whenever effected, the sharing of data will be carried out within the limits imposed by this Policy and the legislation in force.
We may disclose your personal information to:
- Business Partners and service providers, for the purpose of:
CGC's Marketing, prospecting and market research for our products;
o Resolution of technical problems;
o Contact to evaluate our products and check interest in new hires.
- Authorities, for the purpose of:
o Compliance with legal or regulatory obligations;
o Regular exercise of rights in judicial, administrative or arbitration proceedings.
- CGC group companies, for the purpose of:
o Mapping and creation of new products;
o Resolution of technical problems;
o Marketing, prospecting and market research for our products.
Except as set out in this policy, we will not provide your personal information to third parties.
5. RETENTION OF PERSONAL INFORMATION
Among our policies and procedures, data retention is necessary to help ensure compliance with our legal obligations.
Personal information processed will not be kept longer than necessary for the purpose or purposes intended.
We will retain documents (including electronic documents) containing personal data:
- As long as the hypothesis and purpose of the processing of personal data remains present;
- To the extent that we are required to do so by law;
- If we believe that the documents may be relevant to any ongoing or potential legal proceedings;
- To establish, exercise or defend our legal rights, including providing information to contracted service providers for fraud prevention purposes;
- For future communications in cases where the user has consented to this, e.g. receipt of a newsletter.
Therefore, as long as the relationship between CGC and the user continues, your data will be stored. It is also possible that we keep your data in a database for future communications, product offers and mapping of CGC's market evolution.
The user may, at any time, request the deletion of personal data, the processing of which has been subject to their consent, through the communication channels of the In Charge ("DPO"), according to item 13.
6. SECURITY OF YOUR PERSONAL INFORMATION
The security of user data provided on our servers will be a priority at CGC, and all personal information will be duly protected in accordance with the best quality standards adopted in the market.
These are some of the measures taken by CGC to protect your Personal Data:
- Protection of environments through firewalls and passwords;
- CGC only authorises access to previously established persons, whose access is indispensable to its Personal Data, within the hypotheses brought about by item 4 above;
- CGC employees, as well as service providers, who come into contact with information via our website undertake to comply with this Policy and the LGPD.
- SSL Certificate - Secure Socket Layer, which is a cryptographic mechanism that strengthens the security of data shared over the web.
Although CGC uses all security and monitoring measures to prevent vulnerability and possible attacks on personal data, as the transmission of information over the internet is inherently insecure, we cannot guarantee the complete security of data while it is being stored and transmitted through our website.
To prevent incidents, you play a key role in protecting your Personal Data. When creating the online account, please ensure that you choose a difficult password so that malicious people cannot guess it. You are further responsible for keeping the password you use to access the Restricted Area confidential. We will not ask you for your password except when you log on to our site. Also, whenever you are accessing the CGC website from public or shared computers, never choose the option to remember your login, email address or password, and be sure to log out of your account whenever you leave the computer.
This policy will be updated from time to time by posting a new version on our website. You should check this page occasionally to ensure that you understand any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website.
8. YOUR RIGHTS
The user may request at any time, that their personal data will not be used for marketing or advertising purposes.
Upon express manifestation, as forwarded to the email address or phone number specified in item 13 below, consent may be revoked at any time free of charge through customer request.
Below we list your rights under article 18 of the LGPD, which may be exercised by you at any time:
- confirmation of the existence of data processing by CGC;
- access to the data being processed by CGC;
- correction of incomplete, inaccurate or outdated data;
- anonymisation, blocking or elimination of unnecessary, excessive data or data processed in breach of the provisions of the LGPD and this instrument;
- portability of data to another service provider on express request, in accordance with the regulations of the national authority, respecting commercial and industrial secrets;
- deletion of personal data processed with the consent of the data subject, except in the cases provided for in Article 16 of the LGPD;
- information from public and private entities with which CGC has shared data;
- information about the possibility of not giving consent and the consequences of refusal; and
- revocation of consent.
9. THIRD PARTY SITES
Our website may include links and details to third party websites. We have no control over and are not responsible for the privacy policies and practices of third parties.
10. INFORMATION UPDATE
Whenever changed, please inform us if the Personal Data we keep about you need to be corrected or updated.
Such updates and rectifications shall be made by means of communication with the CGC Call Center, through the telephone number: (17) 3216-3600 or through the DPO, as defined in item 13 of this Policy.
Cookies can be either "persistent" or "session": a persistent cookie will be stored by a browser and will remain valid until the set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session when the browser is closed.
Cookies allow us to personally identify you by cross-referencing data. This occurs, for example, when a cookie identifies access from the same computer you used previously. This enables us to remember your preferences and information relating to your previous visit to our site and allows us to offer You content in a personalised manner.
On our website we use both persistent and session cookies.
The names of the cookies we use on our website and the purposes for which they are used are described below:
We use Google Analytics and Google Ads on our website to recognise a computer when a user accesses the site / track users as they browse the site / improve the usability of the site / analyse site usage / administer the site / prevent fraud and improve site security / personalise the site for each user / target ads that may be of particular interest to specific users;
Most browsers allow you to refuse to accept cookies - for example:
- In Internet Explorer (version 10), you can block cookies using the available settings to override cookie handling by clicking "Tools", "Internet Options" "Privacy" and "Advanced";
- In Firefox (version 24), you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu and unchecking "Accept cookies from sites"; and
- In Chrome (version 80), you can block all cookies by accessing the menu under "Settings", "Advanced" and "Site settings" and then selecting "Block third-party cookies" in the "Cookies and site data" section.
- In Microsoft Edge (version 96.0.1054.43), you can block all cookies by accessing the menu under "Settings", "Cookies and site permissions" and "Manage and delete cookies and site data" in the "Cookies and stored data" section, and then selecting "Block third-party cookies" in the "Cookies and site data" section.
Blocking all cookies will negatively impact the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
You can delete cookies that are already stored on your computer - for example:
- In Internet Explorer (version 10), you must delete the cookie files manually (see instructions on http://support.microsoft.com/kb/278835 ):
- In Firefox (version 24), you can delete cookies by clicking "Tools", "Options", "Privacy", selecting "Use customised settings for history", clicking "Show cookies" and then "Remove all cookies"; and
- In Chrome (version 80), you can delete all cookies by accessing the menu under "Settings", "Advanced", "Clear browsing data" and then selecting "Cookies and other site data" before clicking "Clear data".
- In Microsoft Edge (version 96.0.1054.43), you can block all cookies by accessing the menu under "Settings", "Cookies and site permissions" and "Manage and delete cookies and site data" in the "Cookies and stored data" section, and then selecting "Clear browsing data on close" in the "Clear on exit" section.
12. Legal Notice
CGC is not responsible for the misuse or loss of personal data to which it has no access or control. We are also exempt from liability in the event of illegal and unauthorised use of that information as a consequence of misuse or misuse of your access credentials, negligent or malicious conduct as a consequence of acts or omissions by you or someone authorised on your behalf.
13. CONTACT US
Should any doubt persist or should there be any request to be made about the treatment of your Personal Data, we ask you to contact us through the service channel listed below: