Privacy Policy – alphapath.store

Cartpanda Version 04/2024
1. OBJECTIVES

CARTPANDA TECNOLOGIA DE PAGAMENTOS LTDA (“CARTPANDA” or “COMPANY”) and the other companies in its Economic Group take the privacy and security of your data very seriously. We understand that ensuring privacy is a matter of respect for our customers, partners, and employees. Therefore, in addition to complying with current legislation, we strive to base our activities on the pillars of transparency, partnership, security, and experience. Thus, CARTPANDA’s Privacy Policy (“Policy”) has the following objectives:
a) To reinforce our commitment to privacy and security in the processing of collected information;
b) To demonstrate, transparently and directly, what data we process, why and how we use it to collect, store, process, transfer, and access said data;
c) To present how we protect your data; and
d) To define when and how you can control your privacy preferences. CARTPANDA is committed to following strict security and data protection standards to ensure the confidentiality and integrity of our users’ information. We are constantly updating our processes and technologies to comply with best information security practices and current legislation. Furthermore, we are always open to feedback and suggestions from our Customers to continually improve our services and privacy practices. If you have any questions or concerns about our Privacy Policy, please do not hesitate to contact us by email at dpo@cartpanda.com. We are here to help and ensure your experience with us is safe and satisfactory.

2. SCOPE

This Policy covers all areas of CARTPANDA, its Administrators, Clients, Clients’ Consumers, Employees, Suppliers, and Business Partners, who must agree, adhere to, and be bound by the terms set forth herein. Therefore, CARTPANDA’s Privacy Policy applies to all services offered by CARTPANDA that use Personal Data (as defined below) of clients, employees, and/or third parties (“Data Subjects”). However, we may occasionally make changes to this Policy. When we make material changes to this Policy, Data Subjects will be notified by a notice on our Website, email, or other available means of communication. Therefore, we advise you to always carefully read any such notice. Furthermore, by accessing and using the services offered by CARTPANDA, the Client fully agrees to and accepts the provisions of this Policy.

3. DEFINITIONS

General Data Protection Law (LGPD): Federal Law No. 13,709, published on August 14, 2018, which regulates the processing of personal data, including in digital media, by individuals or legal entities under public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the individual’s personality. Data Processing Agents: are those responsible for the processing of personal data and are divided into two categories: the Controller and the Processor. The Controller is the person or company responsible for decisions regarding the processing of personal data. The Processor, in turn, is the person or company that processes personal data on behalf of the Controller, following their instructions. Anonymization: a technique by which data loses the possibility of association, directly or indirectly, with an individual, making subsequent re-identification impossible, even using technical solutions. National Personal Data Protection Authority (ANPD): is the federal public administration body with responsibilities related to the protection of personal data and privacy, including monitoring compliance with the LGPD.
Cookies: These are small files containing a string of characters, created and sent by websites to your computer each time you visit them. They help remember your preferences and personalize your experience, making your browsing experience safer, faster, and more enjoyable. You can configure your browser to not accept cookies or to notify you when a cookie is being sent, but without them, some website features or services may be compromised and limited. Personal Data: Defined in the LGPD as information related to an identified individual or information that allows their identification, such as name, address, CPF (Brazilian Social Security Number), ID number, identity documents in general, telephone number, among others. Sensitive Data: Defined in the LGPD as Personal Data relating to racial or ethnic origin, religious beliefs, political opinions, membership in a union or organization of a religious, philosophical, or political nature, data relating to health or sexual life, genetic or biometric data when linked to an individual. Device: The device that can be used to access the services offered by CARTPANDA, such as desktop computers, tablets, and smartphones. Personal Data Protection Officer (“DPO”): Responsible for ensuring that CARTPANDA complies with privacy laws and regulations, guaranteeing the protection of Personal Data, and serving as a communication interface with the ANPD and Data Subjects. IP Address: A number assigned to each Device connected to the internet, known as an Internet Protocol (IP) address. These numbers are typically assigned in geographic blocks. An IP address can be used to identify, for example, the location from which a Device is connecting to the internet. Geolocation: A feature that, when activated by the Data Subject, allows determining the precise or approximate position of a Device and provides information such as the country, state, city, and street where the Device is located, as well as the time it was accessed. Economic Group: (i) CARTPANDA TECNOLOGIA DE PAGAMENTOS LTDA, CNPJ: 26,224,823/0001-94; (ii) CARTPANDA INC., a legal entity organized under the laws of the State of Delaware, with registered office at 251 Little Falls Drive, Wilmington, New Castle, Delaware 19808; (iii) CARTPANDA TECNOLOGIA DE SOFTWARE LTDA., a private law legal entity, registered with the CNPJ/MF under number 46,698,364/0001-98; and (iv) CARTPANDA B.V., a Dutch company, with registered office at Grubbehoeve 431, Amsterdam, the Netherlands, Zip Code 1103GZ, with KVK registration number 93401116 and VAT: NL866381193B01. Data Subject: Any identified or identifiable individual to whom the personal data processed refers. These include, for example, our customers, employees, third parties, service providers, job applicants, among others. Processing: Includes any operation performed with Personal Data, whether automated or not, including collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, storage, archiving, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction. Users: Cartpanda’s Commercial Customers and/or their respective end consumers.

4. DATA COLLECTED AND PROCESSED BY CARTPANDA

In compliance with current Brazilian legislation, we are committed to meeting the minimum registration requirements, ensuring an efficient and secure system for our Customers and their respective End Consumers. In this context, various pieces of information are collected when you use our services or access our electronic channels, which fall into two distinct categories:

4.1. INFORMATION PROVIDED BY THE CUSTOMER AND ITS END CONSUMER:

This information is provided by Customers and their Customers’ Consumers when interacting with, contracting, or using any services provided by CARTPANDA, such as: name, email, telephone number, CPF (Individual Taxpayer Registry), address, and financial information, such as credit card number and expiration date. We use this information only for financial purposes and to fulfill orders. If there is a problem processing your order, we will use this information to contact you. Additionally, CARTPANDA Customers may be asked to provide images of their official identity documents or any other Personal Data provided to create or change their access account to the CARTPANDA Platform, contract or cancel any service provided by CARTPANDA.Personal Data may be verified and confirmed by third-party partner companies, at CARTPANDA’s discretion, and these companies will adhere to the same security and privacy standards set forth herein. However, it is important to emphasize that the Customer is solely responsible for the accuracy of the Personal Data provided to CARTPANDA when registering or contracting any services. CARTPANDA is not responsible for the accuracy of the data provided, nor for any data resulting from inaccurate and/or outdated information. Therefore, if you contact us by email, we may store your contact information and a copy of the email. In any case, we reserve the right to use your email address and any other personally identifiable information you provide to respond to you and send marketing materials about our products and services. We will not share your information so that third parties can offer their products and services. Therefore, it is important to emphasize that at any time you can change your personally identifiable information, request deletion of your data, or stop receiving marketing materials by simply sending an email to dpo@cartpanda.com.

In this regard, when you receive any marketing material, you can simply reply to the email with “STOP,” directing it to dpo@cartpanda.com, and our Data Protection Officer will delete your data for this purpose. If you receive messages via SMS instead of email, you can also reply with the same message “STOP.”

4.2. DATA COLLECTED DURING ACCESS TO CARTPANDA SERVICES:

This is information collected by CARTPANDA when you browse and/or use its services, as detailed below. Browsing Data: This is information we collect about your interactions with our website, such as:
a) Comments: When users leave comments on our site, we collect the information contained in the comment form, along with the IP address and browser information. We do this to detect and prevent spam.
b) Media: If you choose to upload images to our site (in comments, for example), avoid uploading images with embedded location data (EXIF GPS). Any user of the site can download and extract the location information from the image.
c) Contact forms: If you leave a comment on our site, you may opt-in to saving your name, email address, and website using cookies. These cookies are for your convenience only, so you don’t have to re-enter your details each time you comment. These cookies last for one year.
d) Cookies: If you have an account and you log in to our site, we will set a temporary cookie to determine if your browser accepts cookies. This temporary cookie contains no personal information and is discarded as soon as you close your browser. When you log in, we set several cookies to save your login information and display preferences. Login cookies last for two days, while display preferences cookies last for one year. If you select “Remember me,” the login cookie will last for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie contains no personal information and serves only to indicate the article ID of the article you created/edited. It expires after one day.
e) Embedded content from other websites: Pages and articles on this website may contain embedded content (such as images, videos, external links, etc.). Embedded content from other websites should be considered exactly the same as if the user had visited the other website. These websites may collect certain information about you, use cookies and other tracking software, and track your interaction with the embedded content if you have an account and are logged in to that website.
f) Devices: Like most websites, our website may contain “pixel tags,” cookies, or other similar tracking technologies that allow us to track users’ actions on our website. Pixel tags and cookies are used to collect non-personally identifiable information, such as the name of your internet service provider, the type of browser you are using, the operating system, the type of device you are using, and the date and time of access. We may aggregate your information with other similar information to help us improve our products, services, applications, content, and features offered on our website. We do not use non-personally identifiable information to create or maintain a profile of you or to collect new information.
g) Geolocation: This is the information we collect about your location, which allows us to:
(i) ensure greater security for your transactions based on geographic location points (anti-fraud);
(ii) identify the origin of a call received through our customer service channels. To determine your location, we use the following methods: GPS (call origin tracking) and/or IP Address (system access). The types of location data we collect depend, in part, on the Device and its settings. You can enable or disable GPS location tracking by accessing the Settings/Privacy option on your Device.

5. PROCESSING OF PERSONAL DATA

The Personal Data collected in accordance with this Policy is used by CARTPANDA for the following purposes:
a) Fulfill our contractual obligations, in particular the execution of the terms of your contract;
b) Conduct checks required by current Brazilian legislation through service providers; c) Improve fraud and money laundering prevention procedures;
d) Provide our services to you;
e) Respond to complaints, queries or requests;
f) Strengthen our security and protection procedures to offer a safer and more effective service;
g) Manage our service provision;
h) Comply with legal and/or regulatory obligations imposed on CARTPANDA, including internal Know Your Customer, Anti-Money Laundering and Counter-Terrorism Financing standards, and others;
i) Perform internal operations, including customer support, troubleshooting, data analysis, testing, research, and statistics;
j) Improve and enhance our services, ensuring they are presented in the most effective manner for you;
k) Evaluate or understand the effectiveness of the advertising we serve, aiming to provide relevant advertising to you;
l) Allow you to participate in interactive features of our services, when you choose to do so;
m) Provide information about other services and/or products we offer, similar to those already purchased by you;
n) Produce evidence and assist in the conduct of judicial, administrative, or arbitration proceedings, as well as assist in complying with other legal requirements; o) Investigations and measures to prevent and combat illegal activities, fraud, financial crimes and ensure the security of Customers and their End Consumers and the financial system;
p) Marketing, prospecting, market and opinion research;
q) Contact you to update your registration, comply with legal obligations, or resolve queries regarding the receipt of any judicial or administrative process; and r) Make automated decisions regarding the use of our services. If you would like more details about how your personal data will be processed by CARTPANDA for the purposes described in this section, please send an email to dpo@cartpanda.com. All data actively provided by you or that we collect is considered confidential. Therefore, we undertake to adopt all technical and administrative measures capable of protecting your Personal Data, observing the guidelines on security standards established in current legislation.

6. DURATION OF PERSONAL DATA PROCESSING

The period for which CARTPANDA processes your Personal Data will vary according to: a) The types of products and services contracted/provided/supplied; b) The purposes of the Processing; and c) The applicable contractual and legal provisions. Therefore, Personal Data will be deleted by CARTPANDA, except if its storage is mandatory due to legal or regulatory compliance, in the following situations:
a) When the purpose for which the information was collected is achieved or when the Personal Data is no longer necessary or relevant for achieving that purpose;
b) When consent is revoked; and c) Upon determination by a competent authority to do so.

7. RIGHTS OF THE PERSONAL DATA SUBJECT

The LGPD guarantees rights to Data Subjects. As the Subject of your Personal Data, you may make the following requests:
a) Confirmation of the existence of processing;
b) Access to data;
c) Rectification of incomplete, inaccurate, or outdated data;
d) Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data;
e) Portability of your data to another service or product provider, upon express request from the User;
f) Deletion of data processed with the User’s consent;
g) Information about the public or private entities with which “CARTPANDA in compliance with the LGPD” shared your data;
h) Information on the possibility of not providing consent, as well as being informed of the consequences in case of refusal; and
i) Revocation of consent.

To exercise your rights regarding how we process your Personal Data, you can send your request to our data protection officer: Name of officer: MATHEUS DE LIMA CARLOS. Email address: dpo@cartpanda.com.br This channel is exclusively for handling data subject rights. CARTPANDA will make every effort to respond to such requests as quickly as possible. Please note that we may retain some data and/or continue to process it, even if you request deletion, objection, blocking, or anonymization, in certain circumstances, such as to comply with legal, contractual, and regulatory obligations, to protect and exercise the rights of CARTPANDA, its Customers, and its End Consumers, to prevent unlawful acts, and in judicial, administrative, and arbitration proceedings, including when third parties question its activities, and in other cases provided for by law.

8. SHARING OF PERSONAL DATA

CARTPANDA is committed to the privacy of its customers and, in accordance with data protection standards and best market practices, shares your information only for the purposes set out in this Policy.

Therefore, we may share your information with the third parties listed below:
a) Between companies related to CARTPANDA;
b) With service providers, suppliers, and subcontractors for the perfect and correct execution of contracts entered into with them or with you;
c) With advertising and marketing companies, to select and serve relevant advertisements to you, as authorized; and
d) With search engine and analytics providers, to assist in the improvement and optimization of our electronic channels, such as our website. We may also disclose your personal information to third parties:
a) In the event of transactions and corporate changes involving CARTPANDA, in which case the transfer of data will be necessary for the continuity of the services currently offered;
b) In compliance with applicable legislation;
c) In fulfillment of contracts or other agreements with our customers;
d) To ensure greater security in transactions, preventing fraud attempts and other crimes, as well as to protect the rights and property of CARTPANDA, our customers, or third parties. This includes the exchange of information for the purposes of fraud protection, money laundering, and credit risk reduction;
e) To protect CARTPANDA’s interests in cases of legal actions and disputes, including in judicial, administrative, and arbitration proceedings;
f) By court order or at the request of competent administrative authorities with legal authority to do so;
g) To assess financial risks; and h) To collect from defaulting customers and/or recover debts. Don’t worry, any information sharing is done strictly to the extent necessary and in accordance with strict security and confidentiality standards, as well as privacy protection rules, always respecting and ensuring that third parties respect the confidentiality of your information.

9. INTERNATIONAL TRANSFER

CARTPANDA may share your Personal Data with business partners, service providers, suppliers, and subcontractors located in other countries for the purposes described in this Policy, such as:
a) Performing internal operations, including customer support;
b) Troubleshooting;
c) Data storage and analysis;
d) Testing;
e) Research and statistics; and
f) Comply with our contractual obligations, in particular the execution of the terms of your contract with CARTPANDA and the provision of our products and services.
CARTPANDA will ensure that the transmission of your Personal Data is carried out in compliance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organizational measures are observed, ensuring greater security for your Personal Data.

10. FINAL CONSIDERATIONS

The terms of this Policy may be modified at any time due to legislative changes or changes in the services we provide, resulting from updates to technological tools, or at our discretion, such as when offering new services. Therefore, we recommend that our customers always consult the current Privacy Policy. If the changes are significant, you will be notified and given the opportunity to review the new version of the Policy before deciding to continue using our services. This includes notification by email and pop-ups when accessing our electronic communication channels. Your information will always be processed in accordance with this Policy. We will never reduce your rights provided for in this Policy without your explicit consent and in compliance with the Data Protection Law.
Any clause or condition of this Policy that, for any reason, is deemed null and void by any court or tribunal will not affect the validity of the remaining provisions of this Policy, which will remain fully valid and binding, producing effects to their maximum extent. CARTPANDA’s failure to assert any rights or provisions of this Policy will not constitute a waiver, and CARTPANDA may regularly exercise its rights within the legal deadlines. This Policy is governed exclusively by the laws of the Federative Republic of Brazil, as are any actions arising from a violation of these Terms. Any questions about this Policy can be sent to our Personal Data Protection Officer by email at dpo@cartpanda.com. The officer is available on business days, from 9:00 AM to 5:00 PM, and you will receive a response within 5 (five) days. Using our services implies express acceptance of the terms and conditions of the Privacy Policy in effect on the date of use.

For customers and their respective consumers who do not agree with this Privacy Policy, we recommend not using the services. Failure to accept or refuse to provide the requested information may prevent the provision of the services. 11. TERM This Policy is effective on the date of its publication and remains in effect indefinitely. 12. VERSION HISTORY 1) Privacy Policy | PT-BR-001 | July 28, 2022. 2) Privacy Policy | PT-BR-001 | February 21, 2024.