Privacy policy – Orea Empreendimentos

This Privacy Policy aims to clarify how OREA EMPREENDIMENTOS LTDA, hereinafter referred to as just OREA, treats third parties’ personal data collected on its website (www.orea.com.br), in view of the company’s commitment to comply with the Brazilian legislation on data protection (Federal Law No. 13,709/2018), ensuring user’s information security and privacy.

1 – GLOSSARY

a. User: a person to whom this policy is addressed, that is, those who make use and/or interact on the OREA website;

b. Personal data: information of identified or identifiable individuals;

c. Holder: an individual who is the holder of the personal data subject to processing;

d. Controller: an individual or legal entity, of public or private law, who is in charge of decisions concerning the processing of personal data;

e. Operator: an individual or legal entity, of public or private law, who carries out the processing of personal data on behalf of the controller;

f. Data Protection Officer (DPO): a person appointed by the controller and operator to act as a communication channel between the controller, the data holders and the National Data Protection Authority (ANPD);

g. Processing Agents: the controller and the operator;

h. Processing: any operation carried out with personal data, such as those related to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of the information, modification, communication, transfer, dissemination or extraction;

i. Consent: free, informed and unequivocal manifestation by which the holder agrees with the treatment of his/her personal data for a determined purpose;

j. Blocking: temporary suspension of any processing operation by retaining the personal data or the database;

k. Deletion: exclusion of data or of a set of data stored in a database, regardless of the procedure employed;

l. International Data Transfer: transfer of personal data to a foreign country or international organization of which the country is a member

m. Shared use of data: communication, diffusion, international transfer, interconnection of personal data or shared processing of personal databases by public bodies and entities in the fulfillment of their legal competencies, or between these and private entities, reciprocally, with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities;

n. National Data Protection Authority (NDPA): the public administration body responsible for watching over, implementing and supervising nationwide compliance with this Law;

o. Cookies: files created and stored in users’ computers through the browser, when they visit sites. These files are generally used to identify visitors, adapt pages based on the navigation profile, track usage patterns for improvement and control, and facilitate the transport of data between pages on the same site.

2 – RIGHTS OF DATA SUBJECTS

In order to provide the holder with safe and reliable access, OREA grants access to third parties’ personal data, a right provided for in the General Data Protection Law, Law 13.709/08, which may be requested from the Data Protection Officer (DPO), through the communication channel shown below.

Safeguarding only the confidentiality protected by law, the data holder may contact the Officer by requesting

a.Confirmation of data processing;

b.Access to the data;

c.Correction of incomplete, inaccurate or outdated data;

d.Anonymization, blocking or deletion of unnecessary or excessive data or data processed in violation of the law;

e.Data portability;

f. Deletion of personal data processed with the data holder’s consent;

g. Information about public and private entities with which personal data has been shared;

h. Information about the possibility of denying consent and the consequences of such denial;

i.Cancellation of consent;

j. Oppose data processing based on situations of waiver of consent, in case of non-compliance with the law.

3 – DATA COLLECTION

OREA may collect the information provided directly by the Data Controller, keeping track of all user movement on the Portal, in order to improve navigability and the development of technological solutions in its daily activities, focusing on simplifying processes and improving service.

In addition, the OREA site may access geolocation data to provide the User with the functionality to locate its offices.

Users may deactivate these technologies at any time, either by changing the settings of their browser or device, or even by managing Cookies, available on the OREA website. However, it is worth noting that some functionalities may not function properly as a result of these settings.

4 – PURPOSE OF DATA COLLECTION

The data collected by OREA may be used for the following purposes:

a.To activate essential functionalities, such as software and antivirus;

b.To arrange the site’s content in a manner appropriate to your screen size, connection speed and browser type;

c.Communicate with users in order to provide them with information about the company;

d.Grant access to the restricted area of the site and/or its exclusive functionalities;

e.To comply with legal or judicial orders;

f.To constitute, defend or regularly exercise rights in the judicial or administrative sphere;

g.To prepare general statistics;

h.To ensure Users’ security.

In this sense, by accepting OREA Privacy Policy, the User expresses its free, certain and appraised consent for OREA to use the information collected to provide services properly, according to the purposes listed above.

5 – DATA SHARING

All information collected about the Data Holder will be considered by OREA as confidential and can only be shared within the scope defined in the item above (item 04) or by means of a court order or a request by pertinent administrative authorities legally authorized to request it.

6 – DATA STORAGE

All data effectively collected by OREA will be stored in its own servers or in those of third parties contracted for this purpose, in Brazil or abroad. Thus, with the objective of guaranteeing data security, OREA makes every reasonable effort to guarantee the security of its systems in the storage of said data.

The data obtained will be stored only for the time necessary to comply with the purposes for which they were collected, unless there is any other reason for their maintenance as, for example, compliance with any legal, regulatory, contractual obligations, among others, provided that they are founded on Legal Basis.

7 – CONTROLLER CONTACT

OREA EMPREENDIMENTOS LTDA, a private legal entity, headquartered at Avenida Antônio de Góes, 275, Sala 1403, Pina, Recife/PE, CEP nº 51110-000.

(81) 3049.6555 E-mail: andrea@orea.com.br

8 – CONTACT THE DATA PROTECTION OFFICER (DPO)

ADDRESS: Avenida Antônio de Góes, 275, Sala 1403, Pina, Recife/PE, CEP nº 51110-000
TELEPHONE: 81 3049-6555
EMAIL: andrea@orea.com.br

9 – GOVERNING LEGISLATION AND JURISDICTION

This Privacy Policy shall be governed, interpreted and executed in accordance with the laws of the Federative Republic of Brazil, the Forum of Recife, State of Pernambuco, Brazil, being competent to settle any doubt arising from this instrument.

OREA EMPREENDIMENTOS LTDA – Prepared in 08/2022