Welcome to UPX. When using our websites, solutions and services (“UPX services”), therules and standards of our Privacy Policy, pursuant to the relevant legislation, will apply forgreater security and transparency in the handling of data provided by users. As UPX delivers a wide range of solutions and services, based on our firm commitment toconstantly improve and innovate, additional Terms, Licenses and Agreements may provideclauses and use conditions specific to each case. Such documents will be available to eachcustomer and user in their access dashboard upon contracting an UPX solution or service. As Brazilian Law No. 13.709/2018 (LGPD, General Data Protection Law) became effective,express consent of the Privacy Policy will be required from Brazilian citizens, Braziliancitizens are required to provide express consent to this Privacy Policy (through the customerdashboard or UPX communication channels).
I. COLLECTING AND HANDLING PERSONAL DATA
UPX only collects data necessary for the fulfillment of the Contract and the delivery of itssolutions and services. Thus, data will be collected from the legal entity, (e.g. corporatename, Corporate Taxpayer Registry, address, phone number, e-mail) and the individualauthorized representative of the company to sign contracts and participate in themanagement of contracted services (e.g. full name and Individual Taxpayer registry, ID orother official identification document, e-mail, phone number, profession and address). Other data may be collected depending on the use and experience of solutions and services,such as duration of use, monitoring via cookies, date and time of access to the website,among others necessary for the proper execution of UPX solutions and services. If you donot wish to provide data necessary for the use of a solution or service, you may not use it. Data will be used and handled for the duration foreseen in UPX solutions and servicescontracts, available to clients upon contracting, or for as long as users wish to keep theirclient accounts active in UPX systems. Data may also be stored by force of law orrequirement of public bodies and authorities.Personal data will be used for drafting and signing contracts and legal documents betweenthe parties, as well as for identifying users and their use of solutions and services, access tothe customer dashboard, payment and purchase processing, improving, developing andcustomizing solutions and services, and customer communication, including sendingpromotional offers, advertisements and publicity. There may be other specific purposes forthe use of data depending on the product or service solution, due to its technicalcharacteristics, which will be expressly informed in the respective contract. Users who sign contracts and provide express consent on behalf of a legal entity declare,under penalty of the law, to be its legitimate legal representative (e.g. partner, manager,employee, agent or legal representative). To improve the quality of our services, in some cases we remove personal identity from datatransmitted. Such data is combined with other data to produce aggregated, anonymousstatistical information (e.g., no. of visitors, source IP address and country of domain of theinternet access provider, date and time of access). Services in which users wish to protect their data on the internet or monitor whether therehas been a leak (e.g. financial data such as credit card numbers), UPX will use the personaldata informed by the user or Controller third party (e.g. financial institutions or public bodies),authorized under legal terms, for the purpose of performing the digital protection service,seeking to anonymize the data wherever possible.
II. COOKIES
Some of our sites, solutions and services may use cookies. Cookies are text files generatedby your browser that are placed on your computer’s hard drive when you access certainwebsites. Cookies help tell us whether or not you have visited the site before, help identify features inwhich you may have the greatest interest, fill in data on forms, save passwords andpreferences, and enhance your online experience. Where required by law, you may visit ourwebsites and refuse the use of cookies at any time on your computer. Refusal to cookiesmay impact or prevent the use of features, solutions and services, depending on your usageneeds.
III. USER’S DUTY OF SECURITY
UPX uses security systems, rules and other procedures in order to ensure the protection ofpersonal data, as well as to prevent unauthorized access to data, improper use, disclosure,loss or destruction. However, despite UPX’s best efforts, it is the duty of each user to guarantee and ensure thathis/her computer is adequately protected against harmful software, such as viruses,spyware, adware, unauthorized remote access, among other malicious activities andprograms in the digital environment. Additionally, you should be aware that, without the adoption of adequate security measures(e.g., secure configuration of your browser, use of updated antivirus software, firewall, non-use of software of illegal or doubtful origin), the risk of personal data and passwords beingaccessed by third parties without authorization is considerably greater. Please also note that, whenever data is provided over open, public networks such as theInternet, your data can circulate unsecured, with the risk of being seen and used byunauthorized third parties. So follow the basic rules of digital security, keeping yourcomputer and your data safe. IV. RIGHTS OF PERSONAL DATA SUBJECTPersonal data means all information related to an identified or identifiable natural person.Law No. 13.709/2018 protects the use and handling of personal data and is regulated byBrazilian government authorities, such as the National Data Protection Authority. UPXvalues the transparency and digital security of its clients, observing the good standards ofpractice in information security. Data will only be used for the specific purposes of use andaccess users to solutions and services delivered and their contracting. The holder of personal data has the right to request the correction and updating of his/herdata, as well as to ask about its use and handling and cancel his/her consent. Law No.13,709/2018 (LGPD, General Data Protection Law), for all Brazilian personal data subjects,establishes, in its article 18, the following rights: Article 18. The data subject is entitled to obtain from the controller, with regard to the datasubject’s data it processes, at any time upon request: I – data handling confirmation; II – access to data; III – correction of incomplete, inaccurate or outdated data; IV – anonymization, blocking or deletion of unnecessary, excessive data, or data handled in conflict with the provisions of the Law; V — portability of data to another service or product provider, upon express request and subject to commercial and industrial secrets, in accordance with the regulations of thecontrolling body; V – portability of data to another service or product provider, upon express request, in accordance with the regulation of the national authority, observing commercial and industrialsecrets; (Redrafted by Law No. 13,853, 2019) VI – deletion of personal data processed with the consent of the data subject, except in the cases foreseen in article 16 of the Law; VII – information on the public and private entities with which the controller has shared data VIII – information on the possibility of not providing consent and the consequences of the refusal; IX – revocation of consent, pursuant to Paragraph 5, article 8 of the Law. Paragraph 1 The subject of personal data has the right to petition the controller before thenational authority regarding his/her data. Paragraph 2 The data subject may oppose handling carried out on the basis of one of thecases of waiver of consent, in case of non-compliance with the provisions of this Law. Paragraph 3 The rights provided for in this article will be exercised at the express request ofthe data subject or legally constituted representative, to the processing agent.Paragraph 4 If it is not possible to immediately adopt the measures referred to in Paragraph 3 of this article, the controller will send the data subject a reply in which it may: I –communicate that it is not a data handling agent and indicate, whenever possible, suchagent; or II – indicate the factual or legal reasons that prevent the immediate adoption of themeasure. Paragraph 5 The request referred to in Paragraph 3 of this article will be addressed free of charge to the data subject, within thetimeframes and under the terms foreseen in the regulation. Paragraph 6 The responsible party shall immediately inform the handling agents with whichdata has been shared of the correction, deletion, anonymization or blocking of the data, sothat same procedure is applied. (Redrafted by Law No. 13,853, 2019) Paragraph 7 Portability of personal data referred to in item V of the head of this article doesnot include data that has already been anonymized by the controller. Paragraph 8 The right referred to in Paragraph 1 of this article may also be exercised before consumer protection bodies. If it is necessary to inform data of minors, such data can only be provided with the expressconsent of their parents, and UPX does not promote or market its solutions and services tominors. You may contact UPX through the channels informed below to ask questions andexercise your rights, such as correcting data, requesting its deletion, providing additionalconsent or revoking it, among others provided for in the legislation, as described above.
V. DISCLOSING AND TRANSFERING PERSONAL DATA
When providing our services for the benefit of our customers or between our subsidiaries,we may process personal data on behalf of a Controller (whether a customer or any otherUPX unit or subsidiary) primarily for the effective operation, management, performance anddelivery of our services and solutions in Brazil and internationally. The personal dataprocessed will be handled properly, relevant and limited to what is necessary for thepurposes for which they are processed. Personal data will only be shared with relevant personnel of the companies within UPXGroup, including UPX US LLC, or with duly authorized employees, contractors or subcontractors, and third-party companies that are part of UPX’s supply chain of solutionsand services and data handling, which must also comply with the provisions of Law No.13.709/2018, for the purpose of guaranteeing the execution and quality of the services andsolutions offered, ensuring commercial and technical operability. You may at any time request information about the use and handling of your data, accordingto the service channels provided below. According to the Brazilian, American and European legislation on personal data protection,the international transfer of personal data will only be carried out to countries that guaranteean adequate level of protection. If the international transfer of data to a country that does notyet meet the European and Brazilian standards of personal data protection is necessary toenable the execution of the contracted product or service, UPX will inform the customer andprovide additional protection for the transferred data to remain adequately secured. UPX may eventually be required to disclose personal data to regulatory authorities, theJudiciary, agencies or other government bodies, in administrative or judicial proceedings,and will only do so when there is a clear legal requirement, court order or to defend therights, interests and property of UPX and related third parties, especially its customers,always seeking to protect to the maximum extent possible the privacy and confidentiality ofdata of third parties in its custody. Except in the above cases, we will not share yourpersonal data unless you request or there is prior approval for sharing.
VI. PRIVACY POLICY UPDATE
The PRIVACY POLICY may be amended at any time, at UPX’s discretion and according toany legal changes and/or judicial and administrative requirements. When an amendment isadded, customers will be informed by email or on the access dashboard to solutions andservices. As determined in the LGPD (Law 13.709/18), when the Privacy Policy is amended,the holder of personal data must provide their express consent through the communicationchannels.
VII. IDENTIFYING THE CONTROLLER AND SERVICE CHANNELS
All our solutions and services are provided by UPX TECNOLOGIA LTDA, headquartered atRua Guapuruvu, nº 200, Sala 02, CEP [ZIP CODE] 13.098-322, ALPHAVILLE CAMPINAS,CAMPINAS-SP, Brazil, registered in the Corporate Taxpayer Register (CNPJ) under no.08.184.140/0001-79, phone +55 (19) 3368-0609, contato@upx.com, and by UPX US LLC,headquartered at UPX US LLC 318, Atlantic Isle, Sunny Isle Beach, 33160 – FL – USA, contact@upx.com. The data informed above (UPX TECNOLOGIA LTDA) are also referringto the Controller of Personal Data (“Data Protection Officer”), pursuant to Brazilian Law No.13.709/2018 (LGPD, General Data Protection Law). The holder of personal data may contact UPX at its Customer Service through the followingchannels: emails dpo@upx.com and contato@upx.com, telephone +55 (19) 3368-0609.