Welcome to UPX. When using our websites, solutions and services (“UPX services”), the
rules and standards of our Privacy Policy, pursuant to the relevant legislation, will apply for
greater security and transparency in the handling of data provided by users.
As UPX delivers a wide range of solutions and services, based on our firm commitment to
constantly improve and innovate, additional Terms, Licenses and Agreements may provide
clauses and use conditions specific to each case. Such documents will be available to each
customer and user in their access dashboard upon contracting an UPX solution or service.
As Brazilian Law No. 13.709/2018 (LGPD, General Data Protection Law) became effective,
express consent of the Privacy Policy will be required from Brazilian citizens, Brazilian
citizens are required to provide express consent to this Privacy Policy (through the customer
dashboard or UPX communication channels).
I. COLLECTING AND HANDLING PERSONAL DATA
UPX only collects data necessary for the fulfillment of the Contract and the delivery of its
solutions and services. Thus, data will be collected from the legal entity, (e.g. corporate
name, Corporate Taxpayer Registry, address, phone number, e-mail) and the individual
authorized representative of the company to sign contracts and participate in the
management of contracted services (e.g. full name and Individual Taxpayer registry, ID or
other official identification document, e-mail, phone number, profession and address).
Other data may be collected depending on the use and experience of solutions and services,
such as duration of use, monitoring via cookies, date and time of access to the website,
among others necessary for the proper execution of UPX solutions and services. If you do
not wish to provide data necessary for the use of a solution or service, you may not use it.
Data will be used and handled for the duration foreseen in UPX solutions and services
contracts, available to clients upon contracting, or for as long as users wish to keep their
client accounts active in UPX systems. Data may also be stored by force of law or
requirement of public bodies and authorities.
Personal data will be used for drafting and signing contracts and legal documents between
the parties, as well as for identifying users and their use of solutions and services, access to
the customer dashboard, payment and purchase processing, improving, developing and
customizing solutions and services, and customer communication, including sending
promotional offers, advertisements and publicity. There may be other specific purposes for
the use of data depending on the product or service solution, due to its technical
characteristics, which will be expressly informed in the respective contract.
Users who sign contracts and provide express consent on behalf of a legal entity declare,
under penalty of the law, to be its legitimate legal representative (e.g. partner, manager,
employee, agent or legal representative).
To improve the quality of our services, in some cases we remove personal identity from data
transmitted. Such data is combined with other data to produce aggregated, anonymous
statistical information (e.g., no. of visitors, source IP address and country of domain of the
internet access provider, date and time of access).
Services in which users wish to protect their data on the internet or monitor whether there
has been a leak (e.g. financial data such as credit card numbers), UPX will use the personal
data informed by the user or Controller third party (e.g. financial institutions or public bodies),
authorized under legal terms, for the purpose of performing the digital protection service,
seeking to anonymize the data wherever possible.
II. COOKIES
Some of our sites, solutions and services may use cookies. Cookies are text files generated
by your browser that are placed on your computer’s hard drive when you access certain
websites.
Cookies help tell us whether or not you have visited the site before, help identify features in
which you may have the greatest interest, fill in data on forms, save passwords and
preferences, and enhance your online experience. Where required by law, you may visit our
websites and refuse the use of cookies at any time on your computer. Refusal to cookies
may impact or prevent the use of features, solutions and services, depending on your usage
needs.
III. USER’S DUTY OF SECURITY
UPX uses security systems, rules and other procedures in order to ensure the protection of
personal data, as well as to prevent unauthorized access to data, improper use, disclosure,
loss or destruction.
However, despite UPX’s best efforts, it is the duty of each user to guarantee and ensure that
his/her computer is adequately protected against harmful software, such as viruses,
spyware, adware, unauthorized remote access, among other malicious activities and
programs in the digital environment.
Additionally, you should be aware that, without the adoption of adequate security measures
(e.g., secure configuration of your browser, use of updated antivirus software, firewall, non-
use of software of illegal or doubtful origin), the risk of personal data and passwords being
accessed by third parties without authorization is considerably greater.
Please also note that, whenever data is provided over open, public networks such as the
Internet, your data can circulate unsecured, with the risk of being seen and used by
unauthorized third parties. So follow the basic rules of digital security, keeping your
computer and your data safe.
IV. RIGHTS OF PERSONAL DATA SUBJECT
Personal data means all information related to an identified or identifiable natural person.
Law No. 13.709/2018 protects the use and handling of personal data and is regulated by
Brazilian government authorities, such as the National Data Protection Authority. UPX
values the transparency and digital security of its clients, observing the good standards of
practice in information security. Data will only be used for the specific purposes of use and
access users to solutions and services delivered and their contracting.
The holder of personal data has the right to request the correction and updating of his/her
data, as well as to ask about its use and handling and cancel his/her consent. Law No.
13,709/2018 (LGPD, General Data Protection Law), for all Brazilian personal data subjects,
establishes, in its article 18, the following rights:
Article 18. The data subject is entitled to obtain from the controller, with regard to the data
subject’s data it processes, at any time upon request:
I – data handling confirmation;
II – access to data;
III – correction of incomplete, inaccurate or outdated data;
IV – anonymization, blocking or deletion of unnecessary, excessive data, or data handled in
conflict with the provisions of the Law;
V — portability of data to another service or product provider, upon express request and
subject to commercial and industrial secrets, in accordance with the regulations of the
controlling body;
V – portability of data to another service or product provider, upon express request, in
accordance with the regulation of the national authority, observing commercial and industrial
secrets; (Redrafted by Law No. 13,853, 2019)
VI – deletion of personal data processed with the consent of the data subject, except in the
cases foreseen in article 16 of the Law;
VII – information on the public and private entities with which the controller has shared data
VIII – information on the possibility of not providing consent and the consequences of the
refusal;
IX – revocation of consent, pursuant to Paragraph 5, article 8 of the Law.
Paragraph 1 The subject of personal data has the right to petition the controller before the
national authority regarding his/her data.
Paragraph 2 The data subject may oppose handling carried out on the basis of one of the
cases of waiver of consent, in case of non-compliance with the provisions of this Law.
Paragraph 3 The rights provided for in this article will be exercised at the express request of
the data subject or legally constituted representative, to the processing agent.
Paragraph 4 If it is not possible to immediately adopt the measures referred to in
Paragraph 3 of this article, the controller will send the data subject a reply in which it may: I –
communicate that it is not a data handling agent and indicate, whenever possible, such
agent; or II – indicate the factual or legal reasons that prevent the immediate adoption of the
measure.
Paragraph 5 The request referred to in
Paragraph 3 of this article will be addressed free of charge to the data subject, within the
timeframes and under the terms foreseen in the regulation.
Paragraph 6 The responsible party shall immediately inform the handling agents with which
data has been shared of the correction, deletion, anonymization or blocking of the data, so
that same procedure is applied. (Redrafted by Law No. 13,853, 2019)
Paragraph 7 Portability of personal data referred to in item V of the head of this article does
not include data that has already been anonymized by the controller.
Paragraph 8 The right referred to in
Paragraph 1 of this article may also be exercised before consumer protection bodies.
If it is necessary to inform data of minors, such data can only be provided with the express
consent of their parents, and UPX does not promote or market its solutions and services to
minors. You may contact UPX through the channels informed below to ask questions and
exercise your rights, such as correcting data, requesting its deletion, providing additional
consent or revoking it, among others provided for in the legislation, as described above.
V. DISCLOSING AND TRANSFERING PERSONAL DATA
When providing our services for the benefit of our customers or between our subsidiaries,
we may process personal data on behalf of a Controller (whether a customer or any other
UPX unit or subsidiary) primarily for the effective operation, management, performance and
delivery of our services and solutions in Brazil and internationally. The personal data
processed will be handled properly, relevant and limited to what is necessary for the
purposes for which they are processed.
Personal data will only be shared with relevant personnel of the companies within UPX
Group, including UPX US LLC, or with duly authorized employees, contractors or
subcontractors, and third-party companies that are part of UPX’s supply chain of solutions
and services and data handling, which must also comply with the provisions of Law No.
13.709/2018, for the purpose of guaranteeing the execution and quality of the services and
solutions offered, ensuring commercial and technical operability.
You may at any time request information about the use and handling of your data, according
to the service channels provided below.
According to the Brazilian, American and European legislation on personal data protection,
the international transfer of personal data will only be carried out to countries that guarantee
an adequate level of protection. If the international transfer of data to a country that does not
yet meet the European and Brazilian standards of personal data protection is necessary to
enable the execution of the contracted product or service, UPX will inform the customer and
provide additional protection for the transferred data to remain adequately secured.
UPX may eventually be required to disclose personal data to regulatory authorities, the
Judiciary, agencies or other government bodies, in administrative or judicial proceedings,
and will only do so when there is a clear legal requirement, court order or to defend the
rights, interests and property of UPX and related third parties, especially its customers,
always seeking to protect to the maximum extent possible the privacy and confidentiality of
data of third parties in its custody. Except in the above cases, we will not share your
personal data unless you request or there is prior approval for sharing.
VI. PRIVACY POLICY UPDATE
The PRIVACY POLICY may be amended at any time, at UPX’s discretion and according to
any legal changes and/or judicial and administrative requirements. When an amendment is
added, customers will be informed by email or on the access dashboard to solutions and
services. As determined in the LGPD (Law 13.709/18), when the Privacy Policy is amended,
the holder of personal data must provide their express consent through the communication
channels.
VII. IDENTIFYING THE CONTROLLER AND SERVICE CHANNELS
All our solutions and services are provided by UPX TECNOLOGIA LTDA, headquartered at
Rua Guapuruvu, nº 200, Sala 02, CEP [ZIP CODE] 13.098-322, ALPHAVILLE CAMPINAS,
CAMPINAS-SP, Brazil, registered in the Corporate Taxpayer Register (CNPJ) under no.
08.184.140/0001-79, phone +55 (19) 3368-0609, contato@upx.com, and by UPX US LLC,
headquartered at UPX US LLC 318, Atlantic Isle, Sunny Isle Beach, 33160 – FL – USA,
contact@upx.com. The data informed above (UPX TECNOLOGIA LTDA) are also referring
to the Controller of Personal Data (“Data Protection Officer”), pursuant to Brazilian Law No.
13.709/2018 (LGPD, General Data Protection Law).
The holder of personal data may contact UPX at its Customer Service through the following
channels: emails dpo@upx.com and contato@upx.com, telephone +55 (19) 3368-0609.