ITERIS DATA PRIVACY AND SECURITY POLICY
1. DATA THAT IS PROTECTED BY GENERAL DATA PROTECTION LAW (BRAZILIAN LGPD - No 13.709/2018)
The General Data Protection Law (Brazilian LGPD - No 13.709/2018) aims to protect personal data and sensitive personal data in Brazil. Their owners area called data holders.
According to this law, “personal data” is any data that identifies an specific individual or make this specific individual identifiable. "Sensitive personal data” is information that deserves enhanced processing by its nature, mainly protection against discrimination.
This LGPD considers sensitive personal data as information on racial or ethnic background; religious beliefs; political opinion; membership of union or religious, philosophical or political organization; health or sexual life; genetics or biometry, when linked to a specific individual.
ITERIS is a technology company that provides specialized IT services. The personal data has a specific purpose and is restricted to the scope of the company's activities.
Objectively, we use personal data to fulfill the following purposes:
a. Enabling the development of customized technological solutions or own products;
b. Answering calls and/or contact requests, whenever requested;
c Providing high quality services and general statistics on the use of ITERIS services/products;
d. Informing about products and services providing by the company and its affiliates, always guaranteeing the right to unsubscribe at any time;
e. Asking opinion about the contracted service or potential services/products of interest;
f. Enhancing the experience with our services/products through continuous personalization;
g. Performing statistical analysis, sending e-mail messages or postal mail, enhancing customer support or making deliveries;
h. Responding to requests from the National Data Protection Authority (ANPD) or other public and government authorities, when applicable;
i. Identifying, preventing or investigating potential security incidents or frauds.
In addition, we may process personal data to comply with legal or regulatory obligations imposed to ITERIS, as well as for the company's legitimate purposes authorized by LGPD or other applicable norms.
3. PERSONAL DATA WE COLLECT
Access to the ITERIS platforms' functionalities, including those for contracting services and acquiring licenses, depends on the collection and sharing of visitor and/or customer data. This data set may contain the following types of personal data:
a. Identification and contact details, such as full name, national identity card, InLand Revenue Document, e-mail address, address and phone;
b. Web browsing data, such as IP address and pages visited on our website;
c. Geolocation and device identification data;
d. Data for payment, when our services and/or products are acquired.
To register with our candidate base or apply for our job vacancies, registration form is available on our careers page. Depending on the selection process or hiring stage, we may collect:
a. Data required by labor inspection or tax authorities;
b. Curriculum Vitae data, including professional experiences, education, courses and other relevant information to verify adherence to the position;
c. Photo and biometric data for access to the company's facilities;
d. Identification and contact data;
e. Bank data;
f. Health data, such as those medical exams required by life insurance;
e. Data about dependents.
When filling out our forms, you, or the person authorized by you, are expected to provide true and up-to-date personal data, as we are not responsible for the verification. In any case, civil and/or criminal, the responsibility for veracity, accuracy and authenticity of the personal data is yours.
In addition to the data mentioned above, we automatically collect and store Web browsing data through our website, using cookies (see more details in item 9 below).
4. PROCESSING AND SHARING OF PERSONAL DATA
ITERIS will be the personal data controller, when its services/products are contracted, during the relations with employees and when the personal data is provided through our website (www.iteris.com.br) or captured by one of its systems. In such cases, ITERIS is responsibility for properly choosing the legal bases in a consistent way with the purposes provided for in this policy and requirements and rights provided for in the Brazilian General Data Protection Law.
In order to improve operations, we can share personal data with other companies through our website or systems, such as database management tools, e-mail management, recruitment and selection tools, internal workflows and customer services, among other ways. ITERIS undertakes to hire only suppliers complying with the data protection legislation by signing agreements or partnerships with specific clauses.
Likewise, when personal data needs to be transferred to other countries, ITERIS undertakes to hire only suppliers adopting security measures and good practices compatible with the same protection level as Brazilian legislation establishes, according to National Data Protection Authority regulations. In the absence of specific regulations, ITERIS undertakes to work only with companies complying with other data protection standards, such as the European GDPR or American CCPA, or companies whose contracts ha specific clauses for data exchange with ITERIS. In addition, ITERIS undertakes to transfer data only when strictly necessary to fulfill the obligations assumed to our customers.
5. PROTECTING OUR SYSTEMS AND PERSONAL DATA
In order to protect personal data and ensure our systems' security, we use appropriate technologies and procedures according to the level of risks and services provided. We have a team responsible for managing them in accordance with legal provisions, regulatory requirements, evolving technology and other relevant factors influencing data protection.
There are risks that malicious third parties improperly access data in our systems due to the very nature of the Internet. If this happens, we will be liable according the applicable legislation.
6. HOW LONG WILL WE USE PERSONAL DATA?
We use personal data only for the period required to fulfill the purposes listed above and in scenarios provided for and/or authorized by LGPD or applicable legislation. We follow the following rules to determine the retention and storage period for personal data:
a. During the period required to fulfill the data collection purpose;
b. Until the moment when the individual stop using our website;
c. Until the moment of revocation of permission or request for eliminate the personal data;
d. During the period for proof of compliance with ITERIS duties and obligations;
e. During the legal or regulatory period defined by judicial or ANPD decisions;
f. During the period for compliance with data controller's legal or regulatory obligations;
g. During the contract duration;
h. During the period for defense or exercise of ITERIS rights
i. Transfer of data to third parties, provided that the processing requirements will be complied in accordance with the applicable legislation;
j. Exclusive use by the controller, provided that the third-party access is forbidden and data is anonymized.
7. RIGHTS PROVIDED FOR BY LGPD
We guarantee exercise of the rights provided for by the LGPD, namely:
a. Right to Confirm: You can confirm whether ITERIS processes personal data about you;
b. Right to Access: You can request details and copies of your personal data by the following electronic address - email@example.com;
c. Right to Correct: You can correct or eliminate personal data that is incomplete, inaccurate or out-of-date;
e. Right to Information: You can request information about companies ITERIS share your personal data with and consequences if you choose not to consent to your personal data collection and processing, when required;
f. Right to Refuse Marketing Content: You can request the unsubscription of e-mail marketing content through the link provided in the e-mail marketing message;
g. Right to Data Portability: After ANPD regulation and according to technical means available, you can request that your personal data to be transferred to you or third parties, except when (i) the data have already been anonymized and excluded from our database; (ii) the data transfer does not infringe intellectual and/or industrial property rights; and (iii) the data are not confidential under the terms of contracts signed by you and ITERIS;
h. Right to Revoke Permission: When the legal basis for processing data is a permission, you can cancel this consent previously given to us. It is important that you consider that the cancellation will not affect the use or sharing of data made prior to this request.
In order to exercise the rights provided for by LGPD and those listed in this document, which are not absolute, you need open a call via firstname.lastname@example.org.
In addition, we undertake to communicate other processing agents with whom we have shared your personal data, so that they can also carry out the required procedures to fulfill your request.
8. AGENTS RESPONSIBLE FOR PERSONAL DATA PROCESSING
ITERIS has a skilled team dedicated to data protection and privacy.
These cookies can perform different functions. Some are required and essential for the navigate the ITERIS platform and use its resources. Others collect data about how users explore our website and serve to improve the performance and browsing experience. Finally, functional cookies remember the user's choices and preferences, personalizing the experience with our website.
You can disable cookies using your browser settings, installing specific plug-ins available on Internet or using other technologies that you may consider adequate.
10. AUTHORITIES' LEGAL REQUIREMENTS
We are committed to cooperating with authorities and third parties to ensure compliance with laws, including those which protect personal data and industrial and/or intellectual property rights and prevent frauds, among others. In this context, we will disclose personal data only upon judicial or governmental authority requests, within the scope of investigations and judicial processes, as long as there is no legal measure establishing confidentiality.
11. GENERAL PROVISIONS
The name ITERIS, the www.iteris.com.br domain (and subdomains) and the screen content on this website are owned by ITERIS and protected by international intellectual property laws and treaties. The misuse and the total or partial reproduction of this content are prohibited, except when expressly authorized by the company.
Last updated: December 11, 2020.