At OCRIM S/A PRODUTOS ALIMENTÍCIOS, privacy and security are priorities and we are committed to transparent handling of the personal data of our employees, subcontractors, customers and consumers. Therefore, this Privacy Policy establishes the procedures for the collection, use and transfer of information from employees, subcontractors, customers and consumers, who access or use our website, our customer service and other institutional communication channels, including the registration data provided by our employees for people management, occupational health management, selection and recruitment processes, payroll operation and processing, insurance and benefits, payments and other labor and social security legal obligations, whether performed by us directly or on our behalf through specialized service providers.

By making your personal data and information available, which will be used by our internal service departments such as Human Resources (HR), Occupational Management (SESMT), Legal, Quality Control and Marketing, you understand that we will collect and use your personal information in the manner described in this Policy, under the Data Protection rules (LGPD, Federal Law 13.709/2018), the consumer provisions of Federal Law 8078/1990 and the other applicable norms and rules of the Brazilian legal system.

Thus, Ocrim S/A, hereinafter referred to simply as Ocrim, registered with the CNPJ/MF under No. 61.065.199/0002-01, in the role of Data Controller, is bound by the provisions of this Privacy Policy.

1. WHAT DATA DO WE COLLECT ABOUT YOU AND FOR WHAT PURPOSE?

Our website collects and uses some of your personal data, in order to enable the provision of services and improve the user experience and the response to customer manifestations via SAC.

In the sphere of human resources management, our organization or third parties on our behalf, such as recruitment and employee selection agencies, outsourced occupational safety and occupational medicine services and contracted law firms, banks and insurance companies, collect and use some of your personal data in order to enable the aforementioned management activities of their workers hired directly or through outsourcing activities.

1.1. PERSONAL DATA PROVIDED BY THE HOLDER:

  1. Full name – personal data, whose purpose is to use it to register accesses and define “login” (first name + “.” + last login);
  2. Date of birth;
  3. Biometric Data;
  4. Number and image of the Identity Card (ID);
  5. Number and image of the Individual Taxpayer Registry (TIN) whose purpose is to use it as a unique identifier, eliminating the possibility of homonyms.
  6. Number and image of the Voter’s ID Card;
  7. Number and image of the Reservist Certificate;
  8. Number and image of the National Driver’s License (CNH) (when necessary for the contracted function);
  9. Number and Image of the transport voucher card (when used by the employee);
  10. Number and image of the Social Integration Program (PIS);
  11. physical and/or digital Employment and Social Security Card;
  12. Photograph, 3 × 4;
  13. Image of the Marriage Certificate or Declaration of Stable Union;
  14. Image of the School Diploma;
  15. Complete address;
  16. Phone numbers, WhatsApp and email addresses;
  17. Bank, branch and bank account number;
  18. Username and password specific to the use of the Controller’s services;
  19. Communication, verbal and written, maintained between the Titleholder and the Controller;
  20. Medical examinations and certificates, especially of admission, periodic, including of return for absence of more than 30 days in case of illness, accident or childbirth, change of function, dismissal and even those that certify illness or accident;
  21. Birth certificate for children under 14 years old, Vaccination card for children under 7 years old, and certificate of enrollment and biannual school attendance for children over 4 years old;
  22. Account login information. Any information that is necessary to give you access to your specific account profile, such as username, password in non-recoverable format, and/or security questions and answers.
  23. Geolocation information when the function requires the use of our equipment, such as corporate cell phones. Any information that is made from the use of our equipment, whether tablets, notebooks, cell phones or other technologies.
  24. Sensitive Personal Data. We always seek to process as little Sensitive Personal Data as possible. In some market research or personalized services, we need to collect some health data, such as allergies, dietary intolerances and restrictions. When it is necessary to process your Sensitive Personal Data, we will inform you of the intended purpose and we will rely on your prior and express consent, when this is a legal requirement.

1.2. PERSONAL DATA COLLECTED AUTOMATICALLY

This is data collected automatically, such as: characteristics of the access device, browser, IP (with date and time), IP origin, information about clicks, pages accessed, search terms entered in our portals, among others. For such collection, we use some standard technologies, such as cookies, pixel tags, beacons and local shared objects, which seek to improve the user’s browsing experience with the services, in accordance with their habits and preferences.

2. HOW DO WE COLLECT YOUR DATA?

In this sense, the collection of your personal data takes place as follows:

  1. Consumer-facing websites managed by or for Ocrim, including websites that we operate under our own domains/ URLs and commercial pages that we maintain on third-party social networks such as Facebook, Instagram, Linkedin.
  2. Consumer-facing websites or mobile apps managed by Ocrim, among others.
  3. E-mail, text messages and other electronic messages. Interactions we carry out with you such as electronic communications sent by Ocrim Group companies by email, for example.
  4. Communications with our Customer Service Center.
  5. Offline Registration Forms. Printed or digital forms, and similar ways in which we request your Personal Data, such as conventional mail, in-store demonstrations, contests, promotions or events, among others.
  6. Ad interactions. Interactions with our advertisements (for example, if you interact with one or more of our advertisements on a third-party website, we may receive information about that interaction).
  7. Data “created” by us. During our interactions with you, various other personal data may arise, such as your record of purchases on our websites.
  8. Data from other sources. Third -party social networks (such as Facebook and Google), market research (if feedback is not provided anonymously), third-party data aggregators, Ocrim’s promotional partners, public sources, and data received when we acquire other companies.

2.1. CONSENT

It is by your consent that we process your personal data. Consent is the free, informed and unequivocal expression by which you authorize Ocrim to process your data. Thus, in line with the General Data Protection Law, your data will only be collected, processed and stored with prior and express consent.

It is by your consent that we process your personal data. Consent is the free, informed and unequivocal expression by which you authorize Ocrim to process your data. Thus, in line with the General Data Protection Law, your data will only be collected, processed and stored with prior and express consent.

It is by your consent that we process your personal data. Consent is the free, informed and unequivocal expression by which you authorize Ocrim to process your data. Thus, in line with the General Data Protection Law, your data will only be collected, processed and stored with prior and express consent.

At any time and at no cost, you may withdraw your consent. It is important to underscore that the withdrawal of consent for the processing of data necessary for the management of people (workers) may imply the impossibility of adequate performance of our human resources management activities and in cases of use of our CUSTOMER SERVICE system, some functionality of the site that depends on the data operation may not be possible. Such consequences will be informed in advance.

3. WHAT ARE YOUR RIGHTS?

Ocrim assures its users/customers their rights as titleholder provided for in article 18 of the General Data Protection Law. That way, you may, free of charge and at any time:

  • Confirm the existence of data handling, in a simplified way or in a clear and complete format.
  • Access your data, being able to request them in a legible copy in printed form or by safe and suitable electronic means.
  • Correct your data, when requesting the editing, correction or updating of these.
  • Limit your data when unnecessary, excessive or handled in breach of legislation through anonymization, blocking or elimination.
  • Request the portability of your data, through a report on registration data that Ocrim handles about you.
  • Delete your handled data as per your consent, except in cases provided for by law.
  • Revoke your consent, disallowing the processing of your data.
  • Inform yourself about the possibility of not providing your consent and about the consequences of this denial.

4. HOW CAN YOU EXERCISE YOUR TITLEHOLDER RIGHTS?

To exercise your rights as a titleholder, you must contact Ocrim through the following available means: Talk to Ocrim’s Data Protection Manager, at the e-mail address encarregadolgpd@ocrim.com.br.  By means of this contact, you will be able to exercise your rights or clear up any doubts regarding the processing of personal data.

In order to ensure your correct identification as the titleholder of the personal data object of the request, we may request documents or other evidence that can prove your identity. In this case, you will be informed in advance.

5. HOW AND FOR HOW LONG WILL YOUR DATA BE STORED?

Your personal data collected by Ocrim will be used and stored for the time necessary for the provision of the service or for the purposes listed in this Privacy Policy to be achieved, considering the rights of data titleholders and of controllers.

In general, your data will be kept as long as the contractual relationship between you and Ocrim lasts. At the end of the period of storage of personal data, they will be deleted from our databases or anonymized, except in the cases legally provided for in article 16 of the general data protection law, namely:

I – Compliance with a legal or regulatory obligation by the controller;

II – Study by a research body, guaranteeing, whenever possible, the anonymization of personal data;

III – Transfer to a third party, provided that the data processing requirements set forth in this Law are complied with; or

IV – Exclusive use by the controller, with access by a third party being prohibited, and provided that the data is anonymized.

That is, personal information about you that is essential for the fulfillment of legal, judicial and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be kept, despite the exclusion of other data.

The storage of data collected by Ocrim reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions capable of guaranteeing the confidentiality, integrity and inviolability of your data. In addition, we also have risk-appropriate security measures and control of access to stored information

6. WHAT DO WE DO TO KEEP YOUR DATA SAFE?

To keep your personal information secure, we use physical, electronic and managerial tools aimed at protecting your privacy. We apply these tools taking into account the nature of the personal data collected, the context and purpose of the treatment and the risks that any violations would generate for the rights and freedoms titleholder of the data that was collected and processed.

Among the measures we have adopted, we highlight the following:

  • Only authorized persons have access to your personal data.
  • Access to your personal data is made only after a commitment to confidentiality.
  • Your personal data is stored in a safe and reliable environment.

Ocrim is committed to adopting the best postures to avoid security incidents. However, it is necessary to point out that no page or virtual environment is entirely safe and risk-free. It is possible that, despite all our security protocols, problems that are solely the fault of third parties may occur, such as cyber attacks by hackers, or also as a result of the negligence or recklessness of the user/customer himself.

In the event of security incidents that may generate relevant risk or damage for you or any of our users/customers, we will communicate to those affected and the National Data Protection Authority about what happened, in line with the provisions of the General Data Protection Law.

7. WHO MAY YOUR DATA BE SHARED WITH?

In order to preserve your privacy, Ocrim will not share your personal data with any unauthorized third parties.

Your data may be shared with our business partners, as per the attached link “lgpd “Relação OCRIM lgpdparceiros_privacidade”, with information of links to its privacy policies. They will receive your data only to the extent necessary for the provision of the contracted services and our contracts are guided by the data protection rules under the Brazilian legal system. However, our partners have their own Privacy Policies, which may differ from this one.

In addition, there are also other hypotheses in which your data may be shared, which are:

I – Legal determination, request, requisition or court order, with competent judicial, administrative or governmental authorities.

II – In the case of corporate transactions, such as merger, acquisition and incorporation, automatically

III – Protection of the rights of Ocrim in any type of conflict, including those of a judicial nature.

8. COOKIES OR BROWSING DATA

Ocrim makes use of Cookies, which are text files sent by the platform to your computer and stored there, which contain information related to website navigation. In short, Cookies are used to improve user experience.

By accessing our website and consenting to the use of Cookies, you express your awareness and acceptance of the use of a navigation data collection system with the use of Cookies on your device.

You can, at any time and at no cost, change the permissions, block or refuse Cookies. However, revocation of consent for certain Cookies may make it impossible for some features of the platform to function correctly.

To manage your browser’s cookies, simply do it directly in the browser settings, in the Cookies management area. You can access tutorials on the topic directly from the links below:

If you use Internet Explorer.

If you use Firefox.

If you use Safari.

If you use Google Chrome.

If you use Microsoft Edge.

If you use Opera.

9. AMENDMENT TO THIS PRIVACY POLICY

The current version of the Privacy Policy was formulated and last updated in: May 2021.

We reserve the right to modify this Privacy Policy at any time, mainly depending on the adequacy of any changes made to our website or in the legislative sphere. We recommend that you review it frequently.

Any changes will come into force as of their publication on our website, or availability to our internal audience composed of our employees and we will always notify you of the changes that have occurred.

By using our services or joining our staff and providing your personal data after such changes, you consent to them

10. RESPONSIBILITY

Ocrim provides for the liability of agents who work in data handling processes, in accordance with articles 42 to 45 of the General Data Protection Law. We undertake to keep this Privacy Policy updated, observing its provisions and ensuring compliance.

In addition, we are also committed to seeking technical and organizational conditions that are able to protect the entire data handling process securely.

Should the National Data Protection Authority require the adoption of measures in relation to the handling of data carried out by Ocrim, we undertake to follow them.

10.1 DISCLAIMER

As mentioned in Topic 6, although we adopt high security standards in order to avoid incidents, there is no virtual page that is entirely risk-free. In this manner, Ocrim is not responsible for:

I – Any consequences arising from the negligence, recklessness or malpractice of users in relation to their individual data. We guarantee and are only responsible for the security of the data handling processes and the fulfillment of the purposes described in this instrument.

We underscore that responsibility regarding the confidentiality of the access data lies with the user.

II – Malicious actions by third parties, such as hacker attacks, unless culpable or deliberate conduct by Ocrim is proven.

We emphasize that in the event of security incidents that may generate relevant risk or damage to you or any of our users/customers, we shall communicate to those affected and to the National Data Protection Authority on what has occurred and we shall comply with the necessary measures.

III – False information entered by the user/customer into the records necessary for the use of Ocrim’s services. Any consequences arising from false information or that entered in bad faith are entirely the responsibility of the user/customer.

11. DATA PROTECTION OFFICER

Ocrim provides the following means for you to contact us to exercise your rights as a titleholder: Talk to the Data Protection manager of Ocrim, by the following e-mail: encarregadolgpd@ocrim.com.br.

If you have any questions about this Privacy Policy or the personal data we process, you can contact our Personal Data Protection Officer: Nilson Carlos Amancio at e-mail encarregadolgpd@ocrim.com.br.

Update: May 25, 2021.