Privacy and Data Protection Policy
This policy will be valid until it is modified, amended and replaced by another policy. In this case, the new policy will be published in our Website.
Fênix is a company committed with ethics, honesty and transparency. For this reason, Fênix is deeply committed to the protection of personal data, the security and the privacy of Users/Clients, always in line with the LGPD and other applicable standards.
Fênix has adopted and will continue to adopt all necessary technical and organizational measures to prevent the loss, misappropriation, change, unauthorized access and theft of the personal data provided, taking into account the state of technology, the data nature and the risks to which they are exposed.
Fênix will only obtain personal data when it is adequate, pertinent and not excessive in relation to the specific, explicit and legitimate purpose for which it was obtained. In other words, Fênix will only collect data that are strictly necessary for each of the purposes pursued.
Fênix commitment to privacy is reflected in the following guidelines:
Fênix respects the privacy of the Users and Clients as well as their choices at any time, for this reason, it incorporates respect for privacy in each of its actions.
Fênix will never send commercial communications unless you have expressly consented it. You can change your mind about your preferences at any time, and Fênix will respect and guarantee this option.
Fênix will not at any time offer and sell the data you provide us with.
Your data will be secure and protected. Fênix will always guarantee its confidentiality. Therefore, Fênix only accepts high standards of quality and trust in its relationships.
We will never use your data for purposes other than those for which they were collected.
As the Holder or Personal Data Controller, you are responsible for ensuring that the data you provide are accurate, complete and up to date. Therefore, you will be solely responsible in the event that the Personal Data you provided us is false, inaccurate, incomplete and/or out of date and, furthermore, is provided in accordance with the applicable legislation, that is, you will be responsible for the Personal Data relating to third parties, of which you have not obtained express Consent or have not informed them of your processing.
In the specific event that, during the contractual relationship, the Client provides Fênix with the personal data of employees or third parties, the Client, as the Data Controller, must have previously informed them of the processing of their personal data, the purpose of the same, must have obtained the express consent of the Holders, by means of a written document, with which the Client declares to agree and comply.
You undertake to notify Fênix if the Personal Data you have provided are modified.
Any loss or damage caused to Fênix due to the communication of erroneous, inaccurate, incomplete information or information from third parties that have not provided their express Consent and/or are provided in non-compliance with the applicable legislation, either in the contractual relationship or in the forms available on the Site , will be the sole responsibility of the Client and/or User, who will also be responsible for any sanctions applied by the National Authority for the Protection of Personal Data to Fênix.
In the event that FÊNIX acts as Data Processor for the processing of personal data for which the Client is the Data Controller, both parties undertake to collaborate to guarantee the protection of such data and the effective exercise of the rights of their Holders.
The Client undertakes not to provide FÊNIX at any time with special categories of personal data, nor with any information or personal data that are not necessary or relevant for the execution of the contractual relationship.
If you are a Fênix Client, we may collect the following Personal Data for the execution of services: first and last name, telephone number, e-mail, official identity document and professional data, depending on the type of service provided by Fênix.
If you are only a User of our Site, the following Personal Data may be collected: first and last name, e-mail, professional data and telephone number.
The Personal Data collected by Fênix are only those strictly necessary for the intended purpose or for the provision of the service.
Fênix never collects Sensitive Personal Data.
Companies of the Fênix Group: Companies of the Fênix Group: Depending on the services contracted, data can be processed by other companies of the Fênix Group, with legal basis in Legitimate Interest, for the provision of the service and for administrative and/or legal purposes.
Trusted suppliers: We also sign contracts with trusted suppliers, from whom we demand compliance with current Data Protection regulations, for the provision of certain services and to carry out a variety of commercial operations on behalf of Fênix. We only provide them with information that is strictly necessary to perform the services and require them to comply with all applicable regulations. In the event that the Client does not authorize the provision of a service by a trusted provider, we may choose between contracting with another provider or not to provide the service.
Authorities: Depending on the services that the Client may contract, we can communicate their data to certain authorities to comply with the service of tax compliance or management of registrations at the National Insurance, among others. Fênix will always inform the Client in advance who may have access to the Personal Data provided, according to the services contracted.
The Holder has the following rights in relation to their Personal Data processed by Fênix:
The rights expressed above may be exercised upon express request to Fênix, by sending an (i) e-mail to email@example.com, indicating in the subject “Exercise of rights”; or (ii) by post to 1 Embaixador Abelardo Bueno Ave., Block 01, suites 521/522, CEP (zip code) 22775-022, Jacarepaguá, Rio de Janeiro, RJ, Brazil, in both cases accompanied by a copy of your official identity document proving your identity.
Fênix does not carry out international personal data transfers at any time. In the event that, in order to provide a contracted service, Fênix will previously request the Customer’s Consent.
We emphasize that all of our subsidiaries and suppliers are obliged to comply with Brazilian Data Protection regulations, wherever they are located.
Fênix will only keep your personal data for the necessary time to comply with the purposes for which they were collected or to comply with legal obligations.
Fênix, at the Client’s choice, will delete or return the personal data to the Client at the end of the service, except in cases where it is obliged to keep them due to legal, contractual and/or regulatory obligations.
The personal data obtained by giving your consent, will be maintained until you inform us that you wish us to delete your data, according to the procedure indicated in item 7 above.
The personal data obtained in recruiting processes will be kept until the candidate unilaterally decides that we should delete them, according to the procedure indicated in item 7 above, or after 1 (one) year from the recruiting process.
Fênix will securely and permanently delete personal data after the end of the purpose for which it was granted or the period during which it must comply with a legal obligation.
In order to guarantee the security and confidentiality of your personal data, Fênix adopts the highest levels of security, using all the technical and personal measures at its availability to prevent the loss, misuse, change, unauthorized access and theft of the personal data provided.
The personal data that FÊNIX may collect, derived from the contractual relationship with the Client or through the different communications that maintain with the Client/User will be treated with absolute confidentiality.
The technical and organizational measures implemented by FÊNIX to guarantee the security of your data are detailed below. All measures are implemented in the Group’s subsidiaries.
All Fênix employees and suppliers sign confidentiality agreements, and compliance with the rules on personal data protection.
Physical data access controls: With regard to measures to control physical access to Personal Data, Fênix keeps the data in a place of restricted access and with the proper security measures. In this way, access by unauthorized persons is avoided.
In addition, Fênix has measures to ensure the safe disposal of documents or files containing personal data.
System access controls: Regarding control of access to the systems, Fênix has a system of user authentication and password for access to them. At the same time, for better control, we have a list of people/users who have access to data processing systems for authentication purposes, identifying each one of the accesses.
All data processing systems are password protected to prevent unauthorized access to personal data.
All employees receive training on how to protect their IT equipment, ensuring that the information contained in it is always protected. The IT equipment is programmed so that, after detecting inactivity on the IT equipment in a short period of time, it is blocked to prevent unauthorized access to the system. The account is also blocked after several unsuccessful sequential login attempts.
Security systems: As for the security systems used to ensure data security, Fênix has established a control system to ensure that only authorized equipment is used in the provision of the service. Remote access is via VPN, with connection auditing available.
Fênix also has technical security measures such as antimalware, automatic backups, antivírus.
Business Continuity: At Fênix, backup copies are created. These copies are stored in protected environments. Fênix also has the ability to restore data from these backups.
Fênix has established a procedure for the management of incidents, so that if a violation or breach of security occur, it can be communicated to the National Data Protection Authority (ANPD) and/or the Data Subject within 72 hours.
If you have any questions regarding the protection of personal data, please write to us at firstname.lastname@example.org or by post to our Legal Department located at our Branch: 1 Embaixador Abelardo Bueno Ave., Block 01, suites 521/522, CEP(zip code) 22775-022, Jacarepaguá, Rio de Janeiro, RJ, Brazil.