Privacy Notice

1. Who We Are

Datamint Sistemas e Serviços Ltda. ("Datamint", "we") is responsible for the development, operation, and provision of the website, a technology solution designed to support information analysis and decision-making by its business clients.

This Privacy Notice aims to provide clear, objective, and accessible information about how personal data is processed in the context of the website, in compliance with Law No. 13,709/2018 (General Personal Data Protection Law – LGPD).

2. Roles in Data Processing

In the context of the use of the website, the processing of personal data occurs in a business environment (B2B), in which roles and responsibilities are clearly defined, pursuant to Law No. 13,709/2018 (LGPD):

The client company, a legal entity that contracts Datamint, acts as the Data Controller, being solely responsible for defining the purposes, legal bases, and means of processing the personal data inserted, processed, or analyzed within the scope of its operations. It is the exclusive responsibility of the Client to ensure that the processing of personal data carried out through the website complies with applicable legislation, as well as its internal policies, contracts, and legal duties to data subjects.

Datamint Sistemas e Serviços Ltda. generally acts as a Data Processor, limited to processing personal data on behalf of the Client, in accordance with its documented instructions and the contractual terms agreed between the parties. Datamint does not independently decide on the purposes or content of the data processed, nor does it use personal data for purposes other than those defined by the Client, except in cases expressly provided for by law or contract.

Personal Data Subjects are the natural persons to whom the data processed in the context of activities carried out by the Client through the website refers, who may or may not coincide with the users themselves. When the data subject is neither the client company nor its direct representative, the processing of their data always occurs within the scope and for the purposes defined by the Data Controller Client.

Therefore, the exercise of rights provided for in the LGPD by data subjects should preferably be carried out with the Client, who is the primary responsible party for the processing. Datamint will provide technical and operational support to the Client, within the limits of its role as Processor and as provided in the contract, whenever necessary to fulfill these rights.

3. What Personal Data May Be Processed

The website may process personal data provided or entered by clients or users authorized by them, in accordance with the contracted functionalities and the intended use of the solution, which may include, as applicable:

• identification and contact data;
• professional data;
• data related to activities, records, analyses, or operations carried out on the website;
• other personal data necessary for the execution of the purposes defined by the client.

Datamint does not independently define the content of the data entered, acting in accordance with the instructions of the data controller client.

4. Data Sharing

Personal data may be shared:

• with suppliers, partners, and third parties that provide services to Datamint and act under its instructions, such as technology infrastructure, hosting, information security, and support providers;
• when necessary to comply with legal or regulatory obligations.

All third parties are subject to due diligence criteria proportional to the risk level, as well as contractual obligations of confidentiality and data protection compatible with the LGPD.

5. Information Security

Datamint adopts adequate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or improper disclosure, including access controls, monitoring, internal security policies, and risk management.

The company maintains formal security incident management procedures, with detection, response, and mitigation mechanisms.

6. Security Incidents

In the event of a security incident involving personal data processed in the context of the website, Datamint will adopt the technical and organizational measures necessary for containment and impact mitigation, and will jointly assess with the data controller client the need to notify data subjects and the National Data Protection Authority (ANPD), pursuant to the LGPD.

7. Data Subject Rights

Personal data subjects have the rights provided for in Article 18 of the LGPD, including, among others, the right to access, correction, deletion, and information.

Given that Datamint generally acts as a Processor, the exercise of these rights should preferably be carried out with the client company, which is the Data Controller responsible for defining the purposes and means of processing.

8. Related Documents

This Privacy Notice is an informative and summary document. Detailed information on personal data processing, governance, risk management, information security, suppliers, and incidents is available in the Privacy and Personal Data Protection Policy, Risk Management Policy, and other documents of Datamint's Governance Program.