Bold is committed to the transparency, privacy and security of its customers’ data throughout the interaction process, either through our website, application or service channels and undertakes to comply with the standards set forth in the General Data Protection Act (LGPD), and respect the principles set forth in Art. 6:
I – Purpose: carrying out the processing for legitimate, specific, explicit and informed purposes to the holder, without the possibility of further processing in a manner incompatible with these purposes;
II – Adequacy: compatibility of the treatment with the purposes informed to the holder, according to the context of the treatment;
III – Need: limitation of the treatment to the minimum necessary for the accomplishment of its purposes, with the scope of the relevant, proportional and non-excessive data in relation to the purposes of the data processing;
IV – Free access: guarantee, to the holders, of easy and free consultation on the form and duration of the processing, as well as on the completeness of their personal data;
V – Data quality: guarantee, to the holders, of accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its processing;
VI – Transparency: guarantee, to holders, clear, accurate and easily accessible information on the performance of the treatment and its agents of treatment, in the light of trade and industrial secrets;
VII – Security: use of technical and administrative measures able to protect personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination;
VIII – Prevention: adoption of measures to prevent the occurrence of damage due to the processing of personal data;
IX – Non-discrimination: impossibility of processing for unlawful or abusive discriminatory purposes;
X – Accountability and accountability: demonstration by the agent of the adoption of effective measures capable of proving compliance with and compliance with the rules of protection of personal data and even the effectiveness of these measures.
It applies to all data subjects who use the service or support services through contact via the website, application or service and support channels offered by Bold and/or who have the personal data processed by us.
3. Personal data processing agents
The General Data Protection Act defines as the controller, in its article 5:
Art. 5, VI – controller: natural or legal person, under public or private law, to whom decisions concerning the processing of personal data are responsible;
Decisions regarding the processing of personal data are bold’s responsibility.
The General Data Protection Act defines as an operator, in its Article 5:
Art. 5º, VII – operator: natural or legal person, under public or private law, who carries out the processing of personal data on behalf of the controller.
Bold also acts as an operator, that is, in addition to being responsible for decisions regarding the processing of personal data of the data it collects, it may also process personal data collected by its customers.
Data processing officer
The General Data Protection Act defines as responsible, in its article 5:
Art. 5, VIII – person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD). Bold indicates as responsible for the processing of personal data (DPO) Marcelo Agrinfo and makes available his contact so that data subjects and the National Data Protection Authority (ANPD) can contact, through the email firstname.lastname@example.org.
4. What personal data is handled by Bold?
The amount and types of data collected vary depending on the nature of the relationship that the personal data holder maintains with Bold. We will collect different data if the owner is only a visitor to the website, user of the application, is requesting a proposal to provide services or already making use of the services offered by Bold to deliver the products or services purchased, to keep him informed about the status of his order, to coordinate deliveries, to perform exchanges and to send communications about services and to provide a better customer experience.
Bold uses legal bases, which may vary depending on the purpose of the collection, to process customers’ personal data. The storage term may change according to the legal basis applicable to each situation and purpose.
5. Is the personal data used shared?
The personal data of the holder will not be disclosed to third parties, except where necessary for the purposes of performing our services. In these cases the necessary data may be shared with partner companies and service providers observing all appropriate security measures: (i) for the proper provision of the services subject to their activities with partner companies; (ii) protection in the event of conflict; (iii) by judicial decision or request from a competent authority; (iv) with companies that provide technological and operational infrastructure, such as payment intermediary companies and information storage service providers.
6. Security in the processing of the holder’s personal data
Bold undertakes to apply technical and organizational measures to protect personal data from unauthorized access and from situations of destruction, loss, alteration, communication or dissemination of such data.
In response to the guarantee of safety, solutions will be adopted that takes into account: the appropriate techniques; implementation costs; the nature, scope, context and purposes of the processing; and risks to the rights and freedoms of the holder.
Bold uses the best security protocols to preserve the privacy of Customer data, but also recommends individual protection measures. To maintain the security and protection of your personal data provided in registration or purchases through the website or application, in no case should your login and password be shared with third parties. In addition, when accessing your registration through “My Account”, especially on public computers, make sure that you have logged out of your account to prevent unauthorized people from accessing and using the information without your knowledge.
We do not ask for personal data by phone, WhatsApp, SMS or email. Under no circumstances should they be provided, as it may be an attempt at misuse.
Bold is departing from liability for the sole responsibility of the holder in cases where the holder itself transfers its data to a third party. Bold also undertakes to notify the data subject within an appropriate time in the event of any breach of the security of his/her personal data that may cause a high risk to his/her personal rights and freedoms.
The breach of personal data is a security breach that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing.
Finally, Bold undertakes to treat the holder’s personal data confidentially, within the legal limits.
Cookies are small text files sent by the website to the owner’s computer and stored there in it with information related to the navigation of the site.
Through cookies, small amounts of information are stored by the user’s browser so that our server can read them later. Data about the device used by the user, as well as their location and time of access to the website, may be stored, for example.
It is important to note that not every cookie contains personal data of the holder, since certain types of cookies can be used only for the service to function properly.
8. The end of the processing of personal data
According to the LGPD (art 15 and 16), the termination of bold’s processing of personal data will occur in the following cases:
I – Verification that the purpose has been achieved or that the data are no longer necessary or relevant to the desired specific purpose;
II – End of the treatment period;
III – Communication from the holder on the withdrawal of consent, protected by the public interest; or
IV – Determination by the national authority, when there is a violation of the protection of personal data.
Bold processes personal data for as long as necessary to fulfill the purpose for which it was collected, in accordance with its legal basis. When at the end of the processing, the personal data will be deleted, being authorized the retention in the situations provided for in the current legislation.
Bold reserves the right to modify, at any time, these rules, especially to adapt them to the evolution of the services provided to its customers, either by providing new services, or by the deletion or modification of those already existing.
10. Which forum applies if the holder wishes to make any complaints
Without prejudice to any other administrative or judicial appeal, all data subjects are entitled to lodge a complaint with the National Data Protection Authority.
11. How to ask questions or exercise your right as a holder
The General Data Protection Law defines that the holder of personal data has the right to obtain from the controller, in relation to the data of the data subject, processed by him, at any time and upon request:
I – Confirmation of the existence of treatment;
II – Access to data;
III – Correction of incomplete, inaccurate or outdated data;
IV – Anonymization, blocking or deletion of unnecessary, excessive or processed data in non-compliance with the provisions of this Law;
V – Portability of the data to another service provider or product, upon express request, in accordance with the regulations of the national authority, in compliance with trade and industrial secrets;
VI – Deletion of personal data processed with the consent of the holder, except in the cases provided for in art. 16 of this Law;
VII – Information of public and private entities with which the controller made shared use of data;
VIII – Information on the possibility of not providing consent and on the consequences of the negative;
IX – Withdrawal of consent.
X – Opposition to the treatment carried out on the basis of one of the hypotheses of waiver of consent, in case of non-compliance with the provisions of this Law.