Privacy Statement

ITERIS DATA PRIVACY AND SECURITY POLICY

In the search for real and lasting ties, we value transparency, commitment and responsibility for our customer, partner, supplier, employee, candidate and visitor personal data and information. Our Privacy Policy and Terms of Use detail the way we use and process our stakeholder data.

Our goal is clarifying questions regarding the use and protection of our stakeholders' data. If you still have any questions after reading our Privacy Policy and Terms of Use, please contact us via dpo@iteris.com.br. We will be glad to talk to you!


1. DATA THAT IS PROTECTED BY GENERAL DATA PROTECTION LAW (BRAZILIAN LGPD - No 13.709/2018)

The General Data Protection Law (Brazilian LGPD - No 13.709/2018) aims to protect personal data and sensitive personal data in Brazil. Their owners area called data holders.

According to this law, “personal data” is any data that identifies an specific individual or make this specific individual identifiable. "Sensitive personal data” is information that deserves enhanced processing by its nature, mainly protection against discrimination.

This LGPD considers sensitive personal data as information on racial or ethnic background; religious beliefs; political opinion; membership of union or religious, philosophical or political organization; health or sexual life; genetics or biometry, when linked to a specific individual.

ITERIS is a technology company that provides specialized IT services. The personal data has a specific purpose and is restricted to the scope of the company's activities.

Objectively, we use personal data to fulfill the following purposes:

a.            Enabling the development of customized technological solutions or own products;

b.            Answering calls and/or contact requests, whenever requested;

c              Providing high quality services and general statistics on the use of ITERIS services/products;

d.            Informing about products and services providing by the company and its affiliates, always guaranteeing the right to unsubscribe at any time;

e.            Asking opinion about the contracted service or potential services/products of interest;

f.             Enhancing the experience with our services/products through continuous personalization;

g.            Performing statistical analysis, sending e-mail messages or postal mail, enhancing customer support or making deliveries;

h.            Responding to requests from the National Data Protection Authority (ANPD) or other public and government authorities, when applicable;

i.             Identifying, preventing or investigating potential security incidents or frauds.

We may use personal data in connection with our services and/or obligations to what we have already committed to our customers, including those described in our Terms of Use.

In addition, we may process personal data to comply with legal or regulatory obligations imposed to ITERIS, as well as for the company's legitimate purposes authorized by LGPD or other applicable norms.

3. PERSONAL DATA WE COLLECT

Access to the ITERIS platforms' functionalities, including those for contracting services and acquiring licenses, depends on the collection and sharing of visitor and/or customer data. This data set may contain the following types of personal data:

a.            Identification and contact details, such as full name, national identity card, InLand Revenue Document, e-mail address, address and phone;

b.            Web browsing data, such as IP address and pages visited on our website;

c.            Geolocation and device identification data;

d.            Data for payment, when our services and/or products are acquired.

To register with our candidate base or apply for our job vacancies, registration form is available on our careers page. Depending on the selection process or hiring stage, we may collect:

a.            Data required by labor inspection or tax authorities;

b.            Curriculum Vitae data, including professional experiences, education, courses and other relevant information to verify adherence to the position;

c.            Photo and biometric data for access to the company's facilities;

d.            Identification and contact data;

e.            Bank data;

f.             Health data, such as those medical exams required by life insurance;

e.            Data about dependents.

When filling out our forms, you, or the person authorized by you, are expected to provide true and up-to-date personal data, as we are not responsible for the verification. In any case, civil and/or criminal, the responsibility for veracity, accuracy and authenticity of the personal data is yours.

In addition to the data mentioned above, we automatically collect and store Web browsing data through our website, using cookies (see more details in item 9 below).

4. PROCESSING AND SHARING OF PERSONAL DATA

ITERIS will be the personal data controller, when its services/products are contracted, during the relations with employees and when the personal data is provided through our website (www.iteris.com.br) or captured by one of its systems. In such cases, ITERIS is responsibility for properly choosing the legal bases in a consistent way with the purposes provided for in this policy and requirements and rights provided for in the Brazilian General Data Protection Law.

If personal data is provided to our products and/or services during their use by our customer and these data are under our responsibility, then we are considered only data operators. The Privacy Policy of this specific customer - who is the data controller - will be applied to this set of data.

In order to improve operations, we can share personal data with other companies through our website or systems, such as database management tools, e-mail management, recruitment and selection tools, internal workflows and customer services, among other ways. ITERIS undertakes to hire only suppliers complying with the data protection legislation by signing agreements or partnerships with specific clauses.

Our website may have links to third party pages, so we recommend to note each of these sites contains its own Privacy Policy and ITERIS is not responsible for processing and protecting data included in such sites.

Likewise, when personal data needs to be transferred to other countries, ITERIS undertakes to hire only suppliers adopting security measures and good practices compatible with the same protection level as Brazilian legislation establishes, according to National Data Protection Authority regulations. In the absence of specific regulations, ITERIS undertakes to work only with companies complying with other data protection standards, such as the European GDPR or American CCPA, or companies whose contracts ha specific clauses for data exchange with ITERIS. In addition, ITERIS undertakes to transfer data only when strictly necessary to fulfill the obligations assumed to our customers.

5. PROTECTING OUR SYSTEMS AND PERSONAL DATA

In order to protect personal data and ensure our systems' security, we use appropriate technologies and procedures according to the level of risks and services provided. We have a team responsible for managing them in accordance with legal provisions, regulatory requirements, evolving technology and other relevant factors influencing data protection.

There are risks that malicious third parties improperly access data in our systems due to the very nature of the Internet. If this happens, we will be liable according the applicable legislation.

The use of devices, software or other resource that may interfere with ITERIS operations through our website or other systems or databases is prohibited. If any interference, attempt or activity violating or contravening the intellectual property rights laws and/or the provisions in our Privacy Policy, Terms of Use and/or applicable laws, including LGPD, is identified, then the person responsible will be subject to the applicable sanctions, as provided for by law or this document. In addition, the person responsible will pay indemnities for any damages.

6. HOW LONG WILL WE USE PERSONAL DATA?

We use personal data only for the period required to fulfill the purposes listed above and in scenarios provided for and/or authorized by LGPD or applicable legislation. We follow the following rules to determine the retention and storage period for personal data:

a.            During the period required to fulfill the data collection purpose;

b.            Until the moment when the individual stop using our website;

c.            Until the moment of revocation of permission or request for eliminate the personal data;

d.            During the period for proof of compliance with ITERIS duties and obligations;

e.            During the legal or regulatory period defined by judicial or ANPD decisions;

f.             During the period for compliance with data controller's legal or regulatory obligations;

g.            During the contract duration;

h.            During the period for defense or exercise of ITERIS rights

i.             Transfer of data to third parties, provided that the processing requirements will be complied in accordance with the applicable legislation;

j.             Exclusive use by the controller, provided that the third-party access is forbidden and data is anonymized.

7. RIGHTS PROVIDED FOR BY LGPD

We guarantee exercise of the rights provided for by the LGPD, namely:

a.            Right to Confirm: You can confirm whether ITERIS processes personal data about you;

b.            Right to Access: You can request details and copies of your personal data by the following electronic address - dpo@iteris.com.br;

c.            Right to Correct: You can correct or eliminate personal data that is incomplete, inaccurate or out-of-date;

d.            Right to Anonymize, Block or Delete: You can request anonymization, blocking or elimination of unnecessary or excessive data or data treated in disagreement with the purposes set out in this Privacy Policy or applicable laws. In such cases, if the anonymized or blocked data hinders the provision of the contracted services, the contract may be terminated;

e.            Right to Information: You can request information about companies ITERIS share your personal data with and consequences if you choose not to consent to your personal data collection and processing, when required;

f.             Right to Refuse Marketing Content: You can request the unsubscription of e-mail marketing content through the link provided in the e-mail marketing message;

g.            Right to Data Portability: After ANPD regulation and according to technical means available, you can request that your personal data to be transferred to you or third parties, except when (i) the data have already been anonymized and excluded from our database; (ii) the data transfer does not infringe intellectual and/or industrial property rights; and (iii) the data are not confidential under the terms of contracts signed by you and ITERIS;

h.            Right to Revoke Permission: When the legal basis for processing data is a permission, you can cancel this consent previously given to us. It is important that you consider that the cancellation will not affect the use or sharing of data made prior to this request.

In order to exercise the rights provided for by LGPD and those listed in this document, which are not absolute, you need open a call via dpo@iteris.com.br.

In addition, we undertake to communicate other processing agents with whom we have shared your personal data, so that they can also carry out the required procedures to fulfill your request.

8. AGENTS RESPONSIBLE FOR PERSONAL DATA PROCESSING

ITERIS has a skilled team dedicated to data protection and privacy.

If you have a specific question that has not been clarified by our Privacy Policy, Terms of Use or platforms, you can contact the ITERIS DPO team via dpo@iteris.com.br.

9. COOKIES

Our website uses cookies and other similar technologies to store and manage Web browsing preferences, enable content and collect data for analysis and use of our website. The use of these technologies is common on websites and platforms in general, consisting of a small text file with your device or browser data, which allows us to identify the user and his/her device used and collect Web browsing data.

These cookies can perform different functions. Some are required and essential for the navigate the ITERIS platform and use its resources. Others collect data about how users explore our website and serve to improve the performance and browsing experience. Finally, functional cookies remember the user's choices and preferences, personalizing the experience with our website.

You can disable cookies using your browser settings, installing specific plug-ins available on Internet or using other technologies that you may consider adequate.

10. AUTHORITIES' LEGAL REQUIREMENTS

We are committed to cooperating with authorities and third parties to ensure compliance with laws, including those which protect personal data and industrial and/or intellectual property rights and prevent frauds, among others. In this context, we will disclose personal data only upon judicial or governmental authority requests, within the scope of investigations and judicial processes, as long as there is no legal measure establishing confidentiality.

11. GENERAL PROVISIONS

The name ITERIS, the www.iteris.com.br domain (and subdomains) and the screen content on this website are owned by ITERIS and protected by international intellectual property laws and treaties. The misuse and the total or partial reproduction of this content are prohibited, except when expressly authorized by the company.

When registering or and contracting ITERIS services/products, you are expected to read, understand and accept this Privacy Policy, according to the specific option provided in the form. However, this Privacy Policy has the nature of adhesion contracts and undergoes periodic reviews, without prior notification. For this reason, we recommend to consult this document to check whether you continue to agree with these terms before proceeding with navigation.

This Privacy Policy is in compliance with and is expected to be interpreted based on the laws in force in Brazil. In order to clarify any questions, the parties elect the Court of the District of São Paulo/SP, with exclusion of any other court.

Last updated: December 11, 2020.