Paylivre

External Data Protection Privacy Policy


  1. SCOPE

1.1 INTRODUCTION

PAYLIVRE BRASIL SERVIÇOS DE PAGAMENTOS LTDA., a joint-stock company, registered with the CNPJ/ME under No. 34.559.748/0001-40 (“Paylivre”, “Issuer” or “us”) takes your privacy seriously and ensures the security and data protection of any users of its products and services. Therefore, with the aim of providing clear and accurate information to Data Holders about the processing of their Personal Data, we present our Privacy Policy (“Privacy Policy”).

1.2 PURPOSE

The purpose of this Privacy Policy is to establish the rules on the collection, registration, storage, use, sharing, enrichment and elimination of data collected from users, within the scope of Paylivre’s services and functionalities, in accordance with the laws in force, with transparency and clarity with the user and the market in general, including:

  • Data from its customers, partners, suppliers and those responsible for the Account;

  • Data from users of applications, websites or platforms operated by Paylivre (“Paylivre Platforms”);

  • Data from users of any of the services provided by Paylivre (“Services”), including data from Account holders who have contracted products and services directly with Paylivre or through one of our partners.

This Privacy Policy (“Privacy Policy”) is intended to inform you about how we use and disclose information collected on your visits to any Paylivre Platform or while using the Services.

1.3 SCOPE

This Privacy Policy applies to information collected from Users through any Paylivre Platform or due to the provision of Services directly or through our partners.

It also covers other applications, products, services, websites or third-party social media resources that may be offered or accessed through the Paylivre Platform. Accessing these links will cause you to leave the Paylivre Platform and, consequently, may result in the collection or sharing of information about you by third parties.

We do not control, endorse or make any representations about these third party websites or their privacy practices, which may differ from ours. We recommend that you review the privacy policy of any other website you interact with before allowing the collection and use of your Personal Data.

If you send us Personal Data referring to other natural persons, in any of our support channels, you declare that you have the competence to do so and declare to have obtained the authorization and consent of the data subject for the use of such information, in the terms of this Privacy Policy.

  1. DATA USE AUTHORIZATION

As a condition for the use of the exclusive functionalities of the functionalities and those provided by Paylivre, the user declares that he has read this Privacy Policy completely and carefully, being fully aware, thus granting his free and express agreement with the terms stipulated herein , authorizing the collection of the data and information mentioned here, as well as its use for the specified purposes.

This Privacy Policy provides an overview of our privacy practices and the choices you can make, as well as the rights you can exercise in relation to your Personal Data processed by us, as set out below. If you have any questions about the use of Personal Data, simply contact the data protection officer at dpo@paylivre.com.


  1.  ACCOUNT CANCELLATION

If you do not agree with these Guidelines, we ask that you immediately discontinue access to our platform and request account cancellation. Simply contact our support to request account cancellation.


4. REFERENCE DOCUMENTS

  • Federal Law No. 13.709/2018 – General Law for the Protection of Personal Data, “LGPD”.

  • Resolution No. 85/2021 of the Central Bank of Brazil;

  • ABNT NBR ISO/IEC 27701

  • ABNT NBR ISO/IEC 29100


5. DEFINITIONS

For the purposes of this Privacy Policy, we bring the definitions of some commonly used terms;

Account: means the account managed by Paylivre, through which the Holder will have access to the functionalities of the Paylivre Platforms and/or the Services;

Data subject: means users who use Paylivre services;

Personal Data: means any information that, directly or indirectly, identifies or may identify a natural person, such as, for example, name, CPF, date of birth, IP address, among others;

Sensitive Personal Data: means any information that reveals, in relation to a natural person, racial or ethnic origin, religious conviction, political opinion, affiliation to a union or organization of a religious, philosophical or political nature, data regarding health or sexual life , genetic or biometric data;

Processing of Personal Data: means any operation carried out within the scope of Personal Data, by means of automatic means or not, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or, alternatively, making available, harmonizing or combining, restricting, deleting or destroying. Any other operation foreseen under the terms of the applicable legislation is also considered Personal Data Processing;

Anonymization: means the process through which the data loses the possibility of association, directly or indirectly, with an individual, considering the reasonable technical means available at the time of treatment;

Controller: means the natural or legal person responsible for decisions on the processing of personal data. In this case the PAY FREE;

Operator: means the natural or legal person processing personal data on behalf of the controller. In this case, suppliers and partners of PAY LIVRE;

Person in charge: means Person responsible for the Protection of Personal Data and for communication with the ANPD (National Data Protection Authority) and with the holders;

ANPD: means National Data Protection Authority;

Data Protection Laws: means all legal provisions that regulate the Processing of Personal Data, including, but not limited to, Law No. 13.709/18 (General Law for the Protection of Personal Data or LGPD).


6. BASIC PRINCIPLES RELATED TO THE PROCESSING OF PERSONAL DATA


The data protection principles outline the basic responsibilities for organizations that handle personal data. Paylivre will ensure that all personal data processing activities are in compliance with the principles brought by the legislation on privacy and data protection. Are they:


Principle of good faith: All treatment operations must be guided by good intentions, morals and good customs accepted by society.


Purpose and adequacy principle: The processing of personal data must be limited to legitimate, specific, explicit and informed purposes to the Holder, and must only occur in a manner compatible with those purposes. Personal data cannot be collected/obtained for one purpose and then used for another. All uses of data must be compatible with the original reason for collection/obtaining it.


Necessity principle: the collection and use of personal data must be limited to the minimum necessary for the fulfillment of the intended purposes and exposed to the holder, also ensuring that such information is stored for the shortest possible/necessary time.


Principle of free access and data quality: holders must be guaranteed easy and free consultation regarding the form and duration of treatment and completeness of their personal data, ensuring their accuracy, clarity, relevance and updating.


Principle of transparency: data holders will be guaranteed clear, precise and easily accessible information about the processing and the respective processing agents, observing commercial and industrial secrets.


Principle of security and prevention: the security, confidentiality, integrity and availability of personal data must be guaranteed through technical and organizational measures, exemplified below, in order to prevent the occurrence of security incidents involving personal data.


Principle of non-discrimination: personal data processing activities can never have discriminatory, illegal or abusive purposes.


Accountability principle: Paylivre must store records of all personal data processing activities and the respective measures taken to adapt such activities to the rules relating to privacy and protection of personal data, proving the effectiveness and efficiency of such measures.


7. USE OF PERSONAL DATA


We collect and use Personal Data to manage your relationship with Paylivre and better serve you when you are using a Paylivre Platform and/or the Services, personalizing and improving your experience. Examples of how we use personal data:

  • To enable you to contact us;

  • To register, confirm or correct the information we hold about you;

  • To send you information that we believe may be of interest to you;

  • To make offers for us or our partners;

  • To customize your experience using the Paylivre Platforms and/or Services;

  • To contact you via the telephone number and/or email address provided. We may contact you in person, via auto-dialing equipment, phone calls, text messages (SMS), instant messaging applications, social media, email, or any other means of communication that your device be able to receive, in accordance with the law and for reasonable business purposes;

  • To profile, identify opportunities and offer our and our partners’ products and services;

  • To carry out our activities, provide our services and provide our products;

  • To conduct research to improve our products and services, customer service and other initiatives;


In addition, the Personal Data provided may also be used in the way we deem necessary or appropriate, under the terms below:

  • Pursuant to Data Protection Laws;

  • To meet legal process requirements;

  • To comply with a court decision, regulatory decision or decision of competent authorities, including authorities outside the country of residence;

  • To apply our Terms and Conditions of Use;

  • To protect our operations;

  • To protect our, your or others’ rights, privacy, security;

  • To detect and prevent fraud;

  • To carry out data queries and validations with bureaus and public entities, such as SCR (“Central Bank Credit Information System”), Serpro (“Federal Data Processing Service), among others;

  • Allow us to use available remedies or limit damages that we may suffer;

  • To comply with regulatory requirements and, including regulation of PLD (“Settlement Price of Differences”) and KYC (“Know Your Customer”) periodically;

  • In other ways permitted by law;


8. NOT PROVIDING PERSONAL DATA


You are under no obligation to share the Personal Data we request. However, if you choose not to share them, we will not be able to provide you with full access to the Services or be able to make specific features available.


9. COLLECTED DATA

The general public will be able to browse the Paylivre Platforms without the need for any registration and submission of Personal Data. However, some of the functionalities of the Paylivre Platforms and/or Services may depend on the registration and submission of this Personal Data.

When making a contact or contracting our services and products, Paylivre may collect:


TYPE OF PERSONAL DATA

LEGAL BASE 

OBJECTIVE

Name

Necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject (Art. 7, V, Law nº 13.709/2018). 

Used for User identification and verification. This is essential personal data so that it is possible to contact the User to respond to their requests and provide targeted responses.

E-mail and phone  

Necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject (Art. 7, V, Law nº 13.709/2018).



Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

a) In the case of e-mail, it is used for validation and registration login on the platform. Used as a means of communication with the User, for contacts and interactions throughout the journey of using the platform; sending marketing emails and news, classifieds and newsletter emails.


b) In the case of the telephone, to send the document validation procedure; means of communication with the user

CPF 

Necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject (Art. 7, V, Law nº 13.709/2018).


Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

Used for identification and verification of the regularity of the User’s documentation. This is essential personal data to validate the account and use Paylivre’s services.


Date of Birth

Necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject (Art. 7, V, Law nº 13.709/2018).


Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

Used for User identification and verification. This is essential personal data so that it is possible to contact the User to respond to their requests and provide targeted responses.

Photo  (selfie)

Necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject (Art. 7, V, Law nº 13.709/2018).


Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

Paylivre collects a photograph of your face or a photo document in our identification and authentication processes, in order to guarantee fraud prevention and security in the use of our services and products.

Document Photo

Necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject (Art. 7, V, Law nº 13.709/2018).


Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

Paylivre collects a photograph of your face or a photo document in our identification and authentication processes, in order to guarantee fraud prevention and security in the use of our services and products.


Bank account details

Necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject (Art. 7, V, Law nº 13.709/2018).



Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

Used for User identification and verification. This is essential personal data for making transfers using Paylivre services.


Transactional data. Data of financial transactions, payments made and history of services performed;

Compliance with a legal or regulatory obligation by the controller (Art. 15 of Law No. 12,965/2014; Art. 7, II, of Law No. 13,709/2018; Art. 67, of Bacen Circular No. 3,978).

Compliance with legal regulations, which impose Paylivre’s duty to keep the respective records of access to internet applications, confidentially, in a controlled and secure environment.


IP (Internet Protocol)

Compliance with a legal or regulatory obligation by the controller (Art. 15 of Law No. 12,965/2014; Art. 7, II, of Law No. 13,709/2018; Art. 67, of Bacen Circular No. 3,978).



Compliance with article 15 of Law n. 12,965/2014, which imposes Paylivre’s duty to keep the respective records of access to internet applications, confidentially, in a controlled and secure environment; and article 67 of Bacen Circular No. 3,978



Navigation data on Paylivre Platforms


Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

Information is collected about your visits and activities on the Paylivre Platforms, including the content (and any advertisements) with which you view and interact, information about the browser and device you are using, your IP address, your location, the address of the website from which you arrived, connection, device and demographic data, in order to optimize your experience with the Paylivre platform.

Anonymous or aggregated data.


Necessary to meet the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).

Paylivre uses anonymous responses to surveys or anonymous and aggregated information about how Paylivre Platforms are used. During our operations, in certain cases, we apply a de-identification or pseudonymization process to your data so that it is reasonably unlikely that you identify yourself through the use of this data with available technology; in order to optimize your experience with the Paylivre platform.




9.1. CHANGE OF REGISTRATION DATA

Paylivre is not responsible for the accuracy, veracity or lack of it in the information provided by the user or for its outdated status, and it is the user’s responsibility to provide it accurately or update it. Please contact our Customer Support channels to request information change, if necessary.

10. LEGAL BASIS FOR PROCESSING PERSONAL DATA

Respecting the hypotheses in which consent is required, the processing of personal data carried out by Paylivre is supported by the following hypotheses provided for by law:

  • For compliance with a legal or regulatory obligation by the Controller;

  • By the public administration, for the treatment and shared use of data necessary for the execution of public policies provided for in laws and regulations or supported by contracts, agreements or similar instruments;

  • For carrying out studies by research body, ensuring, whenever possible, the anonymization of personal data;

  • For the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;

  • For the regular exercise of rights in judicial, administrative or arbitration proceedings;

  •  For the protection of life or physical safety of the holder or third parties;

  • For the protection of health, exclusively, in a procedure carried out by health professionals, health services or health authority;

  • When necessary to meet the legitimate interests of the Controller or third parties, except in the case of prevalence of fundamental rights and freedoms of the holder that require the protection of personal data;

  • For credit protection, including the provisions of the relevant legislation.


  • 11. SHARING PERSONAL DATA WITH THIRD PARTIES


      On Paylivre platforms, the user may be led, via link, to other portals, platforms or social networks, which may collect their information and have their own Privacy Policy. It is up to the user to read the Privacy Policy of such portals, platforms and social networks outside Paylivre’s environment, and it is the user’s responsibility to accept or reject it.

      Paylivre is not responsible for the Privacy Policy or for the content of any portals, platforms and social networks, contents or services of third-party companies that are directed through Paylivre’s portals.

      The Database formed through the collection of data at Paylivre is the property and responsibility of Paylivre, and its use, access and sharing, when necessary, will be done within the limits and purposes of Paylivre’s business and described in this Privacy Policy .

      Sharing passwords and access data violates this Privacy Policy, and accounts may be suspended and permanently blocked.

      Paylivre shares your Personal Data, always within the limits and purposes of the business and in accordance with current legislation:

      I. With service providers or partners to manage or support certain aspects of our business operations on our behalf. These service providers or partners may be located in the United States, Brazil or other global locations, including servers for approval and production, and providers of hosting and cloud storage services, providers of credit protection services, companies responsible for management software, fraud analysis tools and anti-money laundering analysis tools, fraud management, customer support, sales on our behalf, order fulfillment, content personalization, advertising and marketing activities ( including digital and personalized advertising) and Information Technology services, for example;

      II. With third parties to support the investigation of crimes or financial fraud or compliance with a court order;

      III. With third parties, in order to help us manage the Paylivre Platforms and/or provide the Services;

      IV. With third parties, in the event of any reorganization, merger, sale, joint venture, assignment, transmission or transfer of all or part of our company, asset or capital (including those relating to judicial reorganization, bankruptcy or similar proceedings);

      V. With regulatory bodies in order to comply with legal and regulatory obligations;

      SAW. In your payment solution, we share data relating to the financial transaction with the partner responsible for selling the product or service.

      12. INTERNATIONAL DATA TRANSFER

      Personal Data and other types of information collected by Paylivre may be transferred, accessed or hosted on servers located outside Brazil (cloud storage service also known as cloud computing) in accordance with this Privacy Policy.


      13. PERSONAL DATA COLLECTION METHOD


      You provide us with your data when you use or contract any of our services and products, and contact one of our service channels such as email, chat, telephone and website forms;

      We automatically collect your data when you visit the Paylivre Platforms and/or use the Services, we can store or retrieve information in your browser, mainly in the form of cookies, which are text files containing small amounts of information. This information may be about you, your preferences or your device and is mainly used for the Paylivre Platforms and/or the Services to work as you expect. The information usually does not directly identify you, but it may provide you with a more personalized internet experience.

      In accordance with this Privacy Policy, we and our third-party service providers, with your consent, may collect your Personal Data in a variety of ways, including, but not limited to, via your browser or device. 

      Some information is collected by most browsers or automatically through Internet access devices, such as computer type, screen resolution, operating system name and version, device model and manufacturer, language, browser type and version internet you are using. We may use this information to ensure that the Paylivre Platforms and Services function properly.


      14. STORAGE OF DATA AND RECORDS


      Users’ stored data are only accessed by professionals duly authorized by Paylivre, respecting the principles of proportionality, minimization, necessity and relevance of objectives, in addition to the commitment to confidentiality and preservation of privacy, under the terms of this Privacy Policy.


      15. USE OF COOKIES


      Information about your use of the Paylivre Platforms or Services may be collected by third parties through cookies. Cookies are information stored directly on the computer you are using.

      Cookies allow the collection of information such as browser type, time spent on Paylivre Platforms and/or use of Services, pages visited, language preferences, and other anonymous traffic data. We and our service providers use information for security protection, to facilitate navigation, display information more efficiently, and personalize your experience when using Paylivre Platforms, as well as for online tracking.

      We also collect statistical information about the use of the Paylivre Platforms for the continuous improvement of our design and functionality, to understand how the Paylivre Platforms are used and to help you resolve issues related to the Paylivre Platforms and Services.


      16. USE OF PIXEL TAGS AND OTHER SIMILAR TECHNOLOGIES:


      Pixel tags (also known as Web beacons and invisible GIFs) may be used to track actions by users of the Paylivre Platforms and/or Services (including email recipients), measure the success of our marketing campaigns and collect statistical data about the use of Paylivre Platforms and/or Services, response rates, device data, connection and demographic data, and for other unspecified purposes.

      We may hire behavioral advertising companies to obtain reports on Paylivre ads across the internet. For this, these companies use cookies, pixel tags and other technologies to collect information about your use, or about the use of other users, of our Paylivre Platforms and third-party websites. We are not responsible for pixel tags, cookies and other similar technologies used by third parties.

      17. USER RIGHTS


      You may, at any time, request Paylivre, as stipulated in article 18 of the LGPD:

      I. confirmation that your Personal Data is being processed;

      II. access to personal data;

      III. the correction of incomplete, inaccurate or outdated data;

      IV. the anonymization, blocking or deletion of data that is unnecessary, excessive or treated in breach of the provisions of law;

      V. the portability of Personal Data to another service provider, as long as this does not affect our industrial and commercial secrets;

      VII.. the deletion of Personal Data processed with your consent, to the extent permitted by law;

      VII. information about the entities to which your Personal Data has been shared;

      VIII. information about the possibility of not providing consent and the consequences of the refusal; and

      IX. the revocation of consent.

      Your requests will be treated with special care so that we can ensure the effectiveness of your rights. You may be asked to provide proof of your identity in order to ensure that Personal Data is only shared with the owner.

      You should bear in mind that, in certain cases, your order may not be satisfied due, for example, to compliance with legal requirements which, in the last resort, may prevent Paylivre from serving you.


      18. RETENTION AND DISPOSAL PERIODS


      Personal data collected and processed by Paylivre will be deleted when they are no longer useful for the purposes for which they were collected, or when the user requests their deletion, except if data retention is expressly authorized by applicable law or regulation.

      Personal data that depend on consent will be kept until the end of the treatment, unless the holder requests its deletion before the end of the period.

      Personal data may be retained, even after processing by the Controller has ended, in the following cases:

      I. Compliance with a legal or regulatory obligation by the Controller;

      II. Study by research body, ensuring, whenever possible, the anonymization of personal data;

      III. Transfer to a third party, provided that the data processing requirements set forth in Law No. 13,709/18 are respected; or

      IV. Exclusive use of the Controller, access by a third party is prohibited, and provided that the data is anonymised.

      Data disposal will be carried out in accordance with legal provisions;

      The period for which Paylivre keeps the personal data collected depends on the purpose and nature of the data processing, which will be processed for the period necessary to:

      I. Comply with legal, regulatory and contractual obligations;

      II. Continue to provide and improve our products and services;

      III. Risk management;

      IV. Regular exercise of rights in administrative, judicial and arbitration proceedings;

      V. Other purposes provided for in this Policy.


      19. SECURITY OF PERSONAL DATA


      Paylivre does not sell, exchange or rent personal information of its users.

      Paylivre adopts appropriate security, technical and administrative measures to protect the privacy and personal data of its users at all stages of the life cycle of processing personal data.

      Paylivre limits access to personal information to employees, contractors and agents of the organization who need to know this information in order to process it. These people are committed to obligations of confidentiality, integrity and availability, and may be subject to punishment, including termination of contract and criminal prosecution, if they fail to comply with these obligations.

      We seek to adopt the appropriate technical and organizational measures provided for by Data Protection Laws to protect Personal Data in our organization. Unfortunately, no data transmission or storage system is guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately via the Data Protection Officer’s email: dpo@paylivre.com.


      20. DATA PROTECTION OFFICER


      If you intend to exercise any of the rights provided for in this Privacy Policy and/or in the Data Protection Laws, or resolve any doubts related to the Processing of your Personal Data, you can contact our Data Protection Officer, Catherine Santos, through e -mail: dpo@paylivre.com or by correspondence sent to the address Av. Cauaxi, nº 350, Room 903/904, Alphaville Industrial and Business Center/Alphav, Barueri – SP, CEP: 06.454-020.


      21. UPDATES TO THIS PRIVACY POLICY AND GENERAL PROVISIONS


      Paylivre does not use any type of automated decision that impacts the user.

      Paylivre’s partner financial institutions can use an automated decision in the process of contracting products or services by the user, and it is up to the user to check the partner’s Privacy Policy, Paylivre being exempt from any responsibility for the automatic decisions taken by the partner.

      Paylivre reserves the right to change the content of this Privacy Policy at any time, according to the purpose or need, such as for adequacy and legal compliance with a provision of law or rule that has equivalent legal force. Whenever any relevant condition of this Privacy Policy is changed, these changes will be valid, effective and binding after the new version is posted on our website or sent by email to you.

      The use of the Paylivre Platforms and/or Services after the changes means that you have accepted the revised Privacy Policy. If, after reading the revised version, you do not agree with its terms, please immediately terminate access to the Paylivre Platforms and the use of all Services.

      If any provision of this Privacy Policy is considered illegal or illegitimate by the authority of the location where our user resides or where his Internet connection departs from, the other conditions will remain in full force and effect.

      The user acknowledges that all communication made by e-mail (to the addresses entered in your registration), SMS, instant communication applications or any other digital, virtual form are also valid as documentary evidence, being effective and sufficient for the disclosure of any matter. that refers to the services provided by Paylivre, as well as the conditions for their provision or any other subject addressed therein, except for the expressly different provisions set forth in this Privacy Policy.