Privacy Policy

Last updated on August 30, 2021.

Introduction

👋 Welcome to our Privacy Policy!

Our Privacy Policy defines how CROCT (Croct Ltda.) processes your personal data for the purposes listed herein.

Electronic acceptance or signing the Service Agreement means you fully agree with the following terms and conditions, as well as with our Privacy Policies. It is an integral part of this document. If you do not agree with any condition of this Privacy Policy or our Terms of Use, do not click on "I accept" at the end of the text or sign our Agreement.

Our terms may be updated. If that happens, you will receive an email notification. If you do not agree with anything, unfortunately, you will not use our products.

Glossary

Before we start, there are some important points regarding our Privacy Policy:

  • The Personal Data CROCT collects on you is only used for the purposes described in this Privacy Policy;
  • Anonymous Data impedes anyone from knowing who you are, which means there is no access from there to other personal or identifiable information on you;
  • We only use your browsing data, generated on our website or platform, to improve our services and provide better offers to you.

The following defined terms apply the following meanings when they appear in the singular or plural for enhanced understanding of what is written herein:

Anonymized data: The data we collect when visiting our website or platform, such as clicks, mouse movements, location, browser name and version, device name, brand and version, language preferences configured in the browser, screen size, page visibility, date and time, amount of time spent on specific pages, and our website features you visit. None of this information can actually tell us who you are;

Personal data: These data are related to a natural person, identified or identifiable, provided by you, such as name, last name, date of birth, identification document, home or business address, phone, email, and related data to the legal entity, such as corporate name, CNPJ (legal entity tax number), business address, etc.;

Sensitive Data: Personal data about racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical or political nature, data related to health or sexual preferences, genetic or biometric data, when linked to a natural person;

Data Controller: The individual or legal entity legally responsible for decisions regarding Personal Data processing. The Controller is responsible for that data;

Data Operator: The individual or legal entity that carries out the processing of Personal Data on behalf of the Controller. That means the Operator only processes the data the Controller sends them;

Cookie: A file with a small piece of data temporarily stored in the browser.

Our Product: A Software-as-a-Service (SaaS) characterized by a set of tools that allow the collection and processing of customer data;

Application: A set of functionalities that can be accessed through devices (smartphones, computers, laptops, etc) that are connected to the internet;

Software development kit (SDK): Software development tools, made available by CROCT, which allows data collection and application personalization;

Service level agreement: Service parameter definitions that define the average response time for CROCT customer support;

Customer: Companies that hire CROCT to use Our Product;

User: A person who uses the Customer's application;

Data Processing: Any operation or set of operations carried out with data sets, whether by automated means or not, such as but not limited to, collection, use, access, organization, consultation, production, alteration, reception, classification, reproduction, communication, transmission, distribution, processing, archiving, registration, structuring, storage, adaptation, retrieval, combination, restriction, elimination, evaluation, modification or extraction;

Lei geral de proteção de dados pessoais or LGPD: means, while in force, Brazilian "Lei Geral de Proteção de Dados Pessoais (Law 13.709 / 2018)", its subsequent amendments, and any other laws and regulations regarding the processing, protection and data privacy that are applicable and, if applicable, all guidelines, rules, ordinances, regulations, and codes of practice and conduct issued by the Brazilian National Data Protection Authority (ANPD) or other relevant supervisory or data protection authority;

Personal data violation: A breach of information security that leads to accidental or illegal destruction, loss, alteration, disclosure or unauthorized access to the Personal Data transmitted, stored or otherwise handled by CROCT or by an authorized subcontractor;

Consent: free, informed, and unambiguous expression by which an individual agrees with the processing of his Personal Data for a specific purpose.

What are CROCT's responsibilities while processing your Personal Data?

Since you are our Customer, we act as Controllers of the Personal Data you provide us. That means when you insert your contact details and grant us your consent, we will define how and the purpose of processing your Personal Data. It is important to emphasize we are referring to the personal data of the Croct user, not the data from the end-user accessing the Customer's application.

What are your responsibilities?

You must do the following to comply with the legal terms:

  • Read and agree with this Privacy Policy and our Terms of Use;
  • Be compliant with data protection laws and other applicable laws, especially LGPD "Geral de Proteção de Dados Pessoais"  (General Personal Data Protection Law).

When is your data collected, and how does it happen?

CROCT starts collecting data as soon as you start interacting with us. Sometimes you provide the data (1), other times, we collect it automatically (2).

This happens when you:

  1. Inform your name, email, or phone number;
  2. Browse our website or platform.

What data is collected?

1) When you visit CROCT's website, we collect data from your browsing. This data is collected to improve and personalize our product to your profile (style and interest) and offer our services through marketing actions.

We collect, for example:

  • The pages you view on our website;
  • The features you see;
  • How long you browse our website or platform;
  • How often you search and use Our Product.

The purpose of data collection on our website and platform is to:

  • Obtain information about your behavior on our website;
  • Provide, develop, and improve Our Product;
  • Improve, personalize, and modify Our Product and communications to better serve you;
  • Test new features;
  • Optimize traffic and analysis when searching for data;
  • Train machine learning applications, among other techniques.

Your Consent will always provide the legal basis for the above.

2) Additionally, if you answer any of our forms, sign up for our newsletter, or express interest in Our Product, we will collect your name, email, or phone number so we can contact you, as well as:

  • Carry out advertising marketing campaigns by sending emails and messages about new features, products, services, and content;
  • Determine whether our marketing campaigns are being effective.

In such cases, when you provide your name, email, or phone number, you must inform you authorize us to use this information to contact you.

Your Consent will always provide the legal basis for the above.

3) We also collect data from the company you represent, such as name, address, phone number, email, and necessary information for the payment of Our Product.

We collect this data to:

  • Support you, which includes notifying you of any changes to Our Product, resolving problems through our support channels (chat, phone, or email), or correcting any bugs (problems found in the product);

Your Consent will always provide the legal basis for the above.

  • We do marketing campaigns by sending emails and messages about new features, products, services, and content.

Your Consent will always provide the legal basis for the above.

Does Croct collect Sensitive Data?

No, Croct does not collect any Sensitive Data, nor does it authorize you to send this type of related information to your Users.

Does Croct collect data from underage users?

CROCT does not collect data from underage users. We are a company providing business-to-business (B2B) service, directed, and intended to be used only by people 18 years old or older.

Does Croct share my Personal Data?

CROCT does not share, distribute, sell, or rent your data unless the information is required by law to prevent, investigate, or take action related to illegal activities.

Where does Croct store my collected Personal Data?

CROCT stores your data on the Google Cloud server. Here's the link to their website and privacy policy for further information.

How long does Croct store my Personal Data, and what security level does Croct guarantee?

CROCT only stores your Personal Data for as long as it is necessary to fulfill the purpose of collecting or storing it, meet your needs, or comply with our legal or regulatory obligations.

Accordingly, we will store it and will no longer actively use any personally identifiable information on you more than 24 months after the last time you browsed our site.

We may retain some Personal Data beyond the above indicated period to comply with our legal or regulatory obligations (as shown in the following table), as well as to allow and guarantee the regular exercise of our rights (for example, in a judicial, administrative, or arbitration proceeding).

Type of personal data

  • Personal Data Registration:

    🕑 Minimum storage period: 5 years after the end of the legal relationship;

    ⚖️ Application legislation: Art. 12 and 34, of the Brazilian Consumer Protection Code;

  • Digital identified data:

    🕑 Minimum storage period: 6 months.

    ⚖️ Application legislation: Art. 14, of the Brazilian Civil Internet.

Croct will store the processed Personal Data in a controlled and safe environment, committed to maintaining precaution measures to avoid any loss, abuse, or unauthorized changes to our processed Personal Data. However, there is no electronic storage method that is entirely safe.

Thus, even though we strive to protect all our handled Personal Data, we cannot guarantee the absolute security of all Personal Data.

Who has access to my Personal Data?

Suppose CROCT has Personal Data on you such as name, email, or phone number, for example. In that case, these will only be accessed by our authorized people, abiding by the principles of proportionality, necessity, and relevance established by LGPD and maintaining our commitment to confidentiality and respect for your privacy under those terms.

That being said, your Personal Data may be shared:

  • With competent judicial, administrative, or governmental authorities, whenever there is a legal determination, requirement, requisition, or court order;
  • Automatically in case of corporate transactions, such as CROCT mergers, acquisitions, and incorporations;
  • With external service providers, public and private entities to execute CROCT contracts for providing Our Services.

What are your rights regarding the processed Personal Data, and how can you claim them?

You have the right to ask us by sending an email to privacy@croct.com:

  • The confirmation your Personal Data are being processed by us;
  • Permission to access your Personal Data;
  • The correction of any mistakes in your Personal Data;
  • The anonymization, blocking, or deletion of Personal Data considered unnecessary, excessive, or processed in non-compliance with the LGPD, as well as the elimination of Personal Data obtained based on your Consent;
  • The withdrawal of your consent related to collected Personal Data legally based on your consent, that is, data that we collect through your explicit consent;
  • The portability of your personal data to another service provider or product.

Does Croct use cookies on their website?

Yes, we use them when interacting with us. These can be session cookies, which means they are deleted when you leave our page, or persistent cookies, which are not deleted and help us recognize you (even without identifying you) when you return to provide personalized service.

If you are interested, you can adjust your browser settings to refuse or delete cookies. Your browser's "Help" function should tell you how to do this.

As for Personal Data related to your application users, it is essential to understand that:

  • You control your data and have the power to decide how and why CROCT uses your data;
  • CROCT is the Personal Data Operator. That means we only process the Personal Data you send us, according to your instructions, and our responsibility extends solely for damages caused by processing any Personal Data or when we breach LGPD obligations or when we do not abide by the Controller's instructions;
  • You are responsible for ensuring the User's Personal Data is processed, abiding by data protection laws. That includes informing them how and why Operators, like us, collect and use their respective supplied data;
  • It is forbidden to send Sensitive Data to Our Product;
  • You declare your personal data handling is proper whenever CROCT uses that data in Our Product.
  • According to LGPD article 18, you must immediately inform us of any request made by your User to you regarding the Personal Data you share with Croct for the correction, deletion, anonymization, or blocking of Personal Data, so that we can also perform such procedure.

What Forum is responsible for resolving conflicting cases and using Our Product?

The Forum for resolving any conflict over the software or our services will be in the city of São Paulo/SP.

We are happy you have read our Privacy Policy. If you need to clarify any questions or doubts, please send us an email at hello@croct.com.

If you agree with our Privacy Policy and our Term of Use, let's Croct!