PRIVACY NOTICE (POLICY) OF NEXTAR TECNOLOGIA DE SOFTWARE LTDA WEBSITE ("NEXTAR")
Last Updated Date: 01.10.2021
I. OF THE GENERAL PROVISIONS
This Site and all its contents are operated by NEXTAR TECNOLOGIA DE SOFTWARE LTDA ("NEXTAR"), registered with CNPJ/MF under no. 04.580.911/0001-96, with headquarters at Rodovia José Carlos Daux, 4150, block "C", room 04, in Florianópolis/SC, ZIP Code: 88.050-000, in this act represented by João Lúcio Borges, with a professional address common to that of the company that now represents.
In compliance with the provisions of Law No. 13,709/2018 - General Law for the Protection of Personal Data - LGPD, we describe in this notice:
a) how we process your Personal Data,
b) with whom we share your data, and
c) what rights are you (user) the PRO, PREMIUM and TAX plans of Nex or Nextar POS haveThis version of the Privacy
Notice dates from: October 1, 2021, but as we evolve every day - to fulfill our mission to facilitate commerce forall as efficiently as possible, this Notice may undergo adjustments at any time, to adapt it to the evolutions of our services, and it is up to users to verify them through this e-mail address.
III. FROM THE SETTINGS
1. Treatment agents: the controller and the operator;
2. National Data Protection Authority (ANPD),a federal public administration body, a member of the Presidency of the Republic, and has attributions related to the protection of personal data and privacy and, above all, must monitor compliance with the LGPD;
3. PrivacyNotice: communication directed to individuals external to the organization in the condition of personal data subjects informing and describing the data processing operations carried out by the organization.
4. Database:structured set of personal data, established in one or more locations, in electronic or physical support;
5. Legal bases: legal hypotheses justifying the processing of data
6. Blocking: temporary suspension of any processing operation, by custody of the personal data or the database;
7. Consent: free, informed and unambiguous manifestation by which the holder agrees to the processing of his/her personal data for a specific purpose;
8. Controller: agent responsible for making the main decisions regarding the processing of personal data and for defining the purpose of this processing;
9. Anonymiseddata : data relating to a holder who cannot be identified, considering the use of reasonable technical means available at the time of its treatment;
10. Personal data: information related to identified natural person(name, RG and CPF), or identifiable (Contact details such as address, private phone number, corporate phone, private email, corporate email);
11. Sensitive personal data: personal data on racial or ethnicorigin, religious conviction, political opinion, trade union membership or religious, philosophical or political organisation, given in terms of health or sexual life, genetic or biometric data, when linked to a natural person;
12. Data Protection Officer-DPO: Andcharged;
13. Deletion: deletion of data or data set stored in a database, regardless of the procedure employed;
14. Responsible: responsible for ensuring the conformity of an organisation, public or private, to the LGPD; 15. LGPD: General Law on the Protection of Personal Data, Law No. 13,709 of August 14, 2018;
16. Operator:agent responsible for processing data on behalf of the controller and in accordance with the purpose delimited by the controller.
17. Holder: natural person to whom the personal data that are subject to processing refer, i.e., users of the PRO, PREMIUM and TAX plans of Nex or Nextar POS (our commercial management software);
18. International data transfer :transfer of personal data to a foreign country or international body of which the country is amember;
19. Processing: any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
20. Shared use of data:communication, dissemination, international transfer, interconnection of personal data or shared processing of personal data databases by public bodies and entities in compliance with their legal powers, or between them and private entities, reciprocally, with specific authorization, for one or more treatment modalities permitted by these public entities, or between private entities;
21. User: all that, which like you, uses the PRO, PREMIUM and TAX plans of Nex or Nextar POS (our commercial management software).
IV. CLAUSES AND CONDITIONS OF NOTICE / POLICY
WHERE DO WE COLLECT YOUR PERSONAL DATA?
We may collect and process personal data in physical and digital, due to the use of: customer service, development, marketing, design, human resources, financial management and communication.
Table 1 - Data we collect/description of purpose:
LGPD legal basis
Full nameContact details (Address, Private Phone, Private Email)
Identify the user who accesses our virtual environments or to respond to requests made on our service channels, including our Nex Help Center;
To inform the user about news, functionalities, content, news and other events that we consider relevant to improve the management of your trade;
Art. 7, V
Art. 7, IX
Comply with legal or regulatory obligation;
for the performance of a contract or preliminary procedures relating to a contract to which the holder is a party, at the request of the data subject;
Art. 7, III
Art. 7, V
Digital identification data, such as:
a) Date/time records of each action that the user performs in our environments (physical/digital).
b) Record of which screens the user accessed in our online environment
Identify and authenticate the user in our environments (physical / digital);
To comply with legal obligations to maintain records, especially those established by the Civil Framework of the Internet - Law 12.965/2014 in the context of online environments
Art. 7, IX
Art. 7, III
Personal data entered by users in comments of posts made by Nextar on their social networks (Facebook, Instagram, and Linkedin, for example).
Respond to comments of Nextar posts, made by users;
For analysis of engagement metrics, performed by our social media marketing/management team.
Art. 7, IX
Art. 7, IX
As stated in the table above, the purpose for which users' personal data will be used depends on the type of relationship that the user wants to maintain and/or maintain with NEXTAR.
NEXTAR is not obliged to process Personal Data of users who
a) use themselves in bad faith;
b) if there is the possibility of liability of Nextar for legal or regulatory infringement; or
c) if we detect that the user is using our environments (physical/digital) for illegal, unlawful or immoral purposes.
WHAT IS THE LIFE CYCLE OF THE COLLECTED DATA?
We store your personal data:
(a) for the period necessary for the performance of a contract or preliminary procedures relating to the contract;
b) for the period required to comply with legal or regulatory obligations, such as Articles 12 and 34 of the Consumer
Protection Code and Article 15 of the Internet Civil Framework. The correct implementation of Data Lifecycle Management requires that at the end of the processing we delete your data from our databases; but in case of need for maintenance, the data will be anonymized.
At any time you (user) can justifiably request the deletion of your data from NEXTAR databases. In order for your request to be fulfilled, we will consider whether your case fits one of the following hypotheses:a) you have decided to revoke your consent to the treatment;b) you understand that our processing collects unnecessary or excessive personal data;c) you understand that our treatment does not comply with the LGPD.
If there is no reason for maintenance, your data will be deleted; otherwise, you will receive the justification for keeping your data in nextar databases.
WHO IS RESPONSIBLE FOR THE QUALITY OF THE COLLECTED DATA?
The LGPD requires the accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its processing, which is why users are responsible for the veracity/(de)update of the data they provide to Nextar.
Stay tunedIt is your responsibility to ensure the accuracy of the personal data provided or to keep it up to date!
WITH WHOM DO WE SHARE THE COLLECTED DATA?
The database (formed by the data described in Table 1) is under our responsibility throughout its life cycle, and its use, access and sharing with other treatment agents (when necessary) are attached to the limits of the business described in this Notice.
Table 2 - Who do we share with?
Outsourced workforce, Freelancer, and Partners
Competent judicial, administrative or governmental authorities (complying with legal determination, application or court order)
In case of sharing, we require from these processing agents (controllers and operators with whom we share your data) the implementation of information security parameters capable of maintaining the confidentiality and security of your data!
In case of merger, division, acquisition and corporate incorporation, Nextar may share the data automatically.
WHERE DO WE STORE YOUR DATA?
HOW DO WE PROTECT YOUR DATA?
NEXTARis concerned about the security of its users' personal data; for this reason, we use technical and organizational information security measures to ensure your privacy and protect all data collected/information generated about you in environments (physical/digital).
To protect our users, the Personal Data collected by NEXTAR:
a) are accessed only by employees/employees duly authorized, respecting the legal principles of proportionality, necessity and relevance to the purposes of our business model, in addition to the commitment to confidentiality and preservation of their privacy under this Notice.
b) employees receive only the privileges necessary to complete their task, and access is granted only for the minimum period of time required to complete the task.
c) documents containing users' personal data are stored in accordance with good information security practices recommended by ISO/IEC 27001;
d) our employees/employees and business partners sign a term, committing to acquire knowledge and maintain an adequate level of data protection, acting in accordance with the LGPD;
e) You, who use the PRO, PREMIUM and TAX plans of Nex or Nextar POS, know that access is only possible, through the use of login and password.
f) We have implemented a Data Protection Management System - DPMS /Data Protection Management System - SGPD;
g) We train our employees/employees and implement training parameters for our business partners, thus we will be reviewing our standards in information security and personal data protection on an ongoing basis;
h) HTTPS certificate (HTTPS is a secure extension of HTTP) on the NEXTAR website (https://www.nextar.com.br/)
i) In the case of E-mail Communication:
i.1) NEXTAR sends an email to users, we ask for notification of when they are opened;
i.2) emails are sent only by domains with end @nextar.com.br;
j) In the case of communication by Whats App: Each of your conversations has a unique security code (found on the contact's data screen, in QR code format or a 60-digit sequence), used to confirm that the calls and messages you send in the conversation are protected with end-to-end encryption.
WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
The LGPD with the aim of protecting your fundamental rights (of freedom, privacy and the free development of your personality) provides that you (as a user of NEXTAR services)have the following rights:
a) confirmation of the existence of the processing of personal data by NEXTAR - art. 18, I;
b) facilitated access to information on the processing of your data - art. 9 and art. 18, II;
c) correction of incomplete, inaccurate or outdated data - art. 18, III;
d) anonymization, blocking or deletion of unnecessary, excessive or processed data in non-compliance with the provisions of this Law – art. 18, IV;
e) portability of the data to another service provider or product, by express request, in accordance with the regulations of the national authority, in compliance with trade and industrial secrets - art. 18, V;
f) deletion of personal data processed with the consent of the holder, except in the cases provided for in Art. 16 of this Law;
g) information of the public and private entities with which the controller made shared use of data - Art. 18, VII;
h) information on the possibility of not providing consent and on the consequences of the negative – Art. 18, VIII;
i) revocation of consent - Art. 8, § 5 and 18, IX.
j) petition in relation to your data against the controller before the national authority - art. 18, § 1ºk) to owe the treatment carried out on the basis of one of the hypotheses of waiver of consent, in case of non-compliance with the provisions of the LGPD - art. 18, § 2.
QUESTIONS ABOUT THIS NOTICE, OR REQUESTS FOR THE FULFILLMENT OF YOUR RIGHTS?
You who use the Pro, PREMIUM and TAX plans of Nex or Nextar POS (or your legal guardian) may contact our Data Protection Officer-DPO Controller via email firstname.lastname@example.org or our help center in the lower right corner of our page.
IF THE USER WANTS TO COMPLAIN, HOW CAN HE DO IT?
NEXTAR is a Brazilian company focused on changing the way that small and medium-sized stores manage their businesses. We’ve been into the POS Software Business for 17 years now, and we have already helped several companies to grow. Our products are currently being used in