🔒

Privacy Policy

PURPOSE

This Personal Data Privacy Policy ("Policy" or "Privacy Policy") aims to establish rules and guidelines regarding the processing of personal data collected by ECOMILHAS Tecnologia LTDA ("ECOMILES"), in accordance with applicable regulations.

By consenting to this Privacy Policy, the data subject agrees to the terms described herein and to the processing of personal data for the purposes outlined in this document.

SCOPE

This Policy applies to activities involving the processing of personal data and covers all ECOMILES websites, portals, applications, and forms.

TERMS AND DEFINITIONS

For the proper understanding of this Policy, the following definitions apply:

Processing Agents: the controller and the processor.
Anonymization: the use of reasonable and available technical means at the time of processing, through which data loses the possibility of direct or indirect association with an individual.
National Authority / National Data Protection Authority (ANPD): public administration body responsible for ensuring, implementing, and supervising compliance with the General Data Protection Law ("LGPD") throughout the national territory.
Database: structured set of data, established in one or more locations, on electronic or physical support.
Blocking: temporary suspension of any processing operation, through the retention of personal data or databases.
Employees: individuals hired to join ECOMILES's workforce.
Consent: a free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose.
Controller: natural or legal person, under public or private law, who makes decisions regarding the processing of personal data.
Cookies: files containing small pieces of data that are shared between a technological device and a web server to make browsing more user-friendly and improve user experience.
Anonymized Data: data relating to the data subject that cannot be identified, considering the use of anonymization at the time of processing.
Personal Data: information related to an identified or identifiable natural person.
Sensitive Personal Data: personal data about racial or ethnic origin, religious belief, political opinion, union membership or membership in religious, philosophical, or political organizations, data concerning health or sexual life, genetic or biometric data, when linked to a natural person.
Deletion: exclusion of data or a set of data stored in a database, regardless of the procedure used.
Data Protection Officer (DPO): the individual appointed by the Controller and Processor to act as a communication channel between ECOMILHAS, data subjects, and the ANPD.
Purpose: the reason for which personal data is processed.
General Personal Data Protection Law (LGPD): Law No. 13.709/2018 or LGPD, which governs the processing of personal data of natural persons, regardless of the medium, by natural or legal persons under public or private law, with the objective of protecting fundamental rights to freedom and privacy and the free development of the natural person's personality.
Processor: natural or legal person, under public or private law, who processes personal data on behalf of the controller.
Opt-In: an explicit, prior expression of consent by the data subject to receive communications or authorize data processing.
Opt-Out: the opposite of opt-in, that is, the revocation of previously given consent.
Research Body: a public or private non-profit entity legally established in Brazil, whose mission includes scientific, technological, historical, or statistical research.
Data Protection Impact Assessment (DPIA): documentation prepared by the Controller describing data processing activities that may pose risks to civil liberties and fundamental rights, as well as mitigation measures.
Site / Website: virtual address of an individual or legal entity, consisting of a set of electronic pages.
Data Subject / User: natural person to whom the personal data being processed refers.
International Data Transfer: transfer of personal data to a foreign country or international organization of which the country is a member.
Processing: any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.
Shared Data Use: communication, dissemination, international transfer, interconnection of personal data, or shared processing of personal databases by public bodies and entities in fulfilling their legal competencies, or between private entities, reciprocally, with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities.

ABOUT THE PURPOSE OF DATA AND PERSONAL PROCESSING

Personal data processed by ECOMILES is used for various purposes, depending on the data subject's relationship with ECOMILES. Below, we present, in a non-exhaustive manner, the main scenarios in which we will process the data subject's personal information:

For compliance with legal obligations (Art. 7, II and Art. 11, "a" of LGPD): when arising from legal and/or regulatory determinations imposed on ECOMILES.
For contractual necessity (Art. 7, V and Art. 11, "d" of LGPD): fulfillment of specific contracts by ECOMILES with various companies (suppliers and/or service providers).
For the regular exercise of rights in judicial, administrative, or arbitral proceedings (Art. 7, VI and Art. 11, "d" of LGPD).
Through authorization granted by the data subject ("Consent") (Art. 7, I of LGPD).

The database formed through the collection and storage of the data subject's personal data is the property and responsibility of ECOMILES, and its use, access, and sharing, when necessary, will be carried out within the limits and purposes of its business and may, in this regard, be made available for consultation, shared, and transferred to suppliers and authorities, provided that the provisions of this Privacy Policy and applicable regulations are observed.

No document, information, and/or personal data will be disclosed and/or shared under any circumstances, except if expressly authorized by the user, for the purpose of fulfilling contracted services, or by court order or legal determination.

It may be necessary to transmit the user's personal data to another ECOMILES entity, a partner, or an external service provider. ECOMILES requires its service providers to process such data only in accordance with this Privacy Policy and applicable regulations.

Internally, user data is accessed only by duly authorized employees, respecting the principles of purpose, adequacy, necessity, and other principles inherent to the processing of personal data, always for ECOMILES's objectives, in addition to the commitment to confidentiality and preservation of privacy under the terms of this Privacy Policy.

TYPES OF PERSONAL DATA SUBJECTS

The personal data subjects processed by ECOMILES are categorized as follows:

Customer;
Employee;
Collaborator;
User;
Partner;
Legal representative;
Lead;

DATA COLLECTED

Geolocation: The ECOMILES application will collect background location data so it can be acle to track and validate the routes even when the app is not actively open, ensuring evidence of travel by the types of transport previously self-declared by the USER.

For ECOMILES to fulfill its social purpose, it is essential to collect certain information about the data subject. Therefore, personal data provided directly by the data subject, their legal guardians (through specific consent authorizing the processing of children's personal data), companies, third parties, or collected automatically may be gathered. See below the ways personal data is collected:

Personal data provided directly by the data subject: All personal data entered or sent when accessing one of ECOMILES's channels (portals or applications) will be collected.

Personal data provided by companies: exclusively for compliance with legal obligations (Art. 7, II and Art. 11, "a" of LGPD) or when necessary for the execution of contracts and/or preliminary procedures in which the data subject is involved (Art. 7, V and Art. 11, "d" of LGPD).

Personal data provided by third parties: ECOMILES may receive personal data through third parties who have a relationship with the data subject. ECOMILES may also collect data from public databases made available by authorities (such as the Federal Revenue Service, for example) or by third parties, or even data made public by the data subject on websites or social networks, always respecting privacy.

Automatically collected personal data: ECOMILES may also collect a series of information automatically and uses market technologies (such as cookies) for this purpose, to improve the user's browsing experience on ECOMILES portals and applications, according to their habits and preferences.

For all personal data collection, the following essential rules will always be followed:

Only essential information will be collected;
If necessary, we will request authorization or notify the data subject to collect new data, accompanied by proper explanation;
The collected personal data will only be used to fulfill the purposes informed to the data subject.
The processing of personal data of children and adolescents will be carried out only with specific and highlighted consent from one of the parents or legal guardian.

Data processed by ECOMILES will be stored for the time needed to meet the purposes for which they were collected, or to comply with legal and regulatory requirements. After the data retention period ends or when requested by the data subject, ECOMILES will delete them securely.

SHARING DATA WITH THIRD PARTIES

Personal data processed by ECOMILES may be accessed by third parties, as defined below.

For our purposes: ECOMILES may share data with third parties for its own purposes.
ECOMILES will share strictly necessary personal data to provide or otherwise fulfill its social purpose.
For strategic reasons: ECOMILES may share all categories of data listed in item 6 with partners and other entities that provide ECOMILES with certain services or assist with internal functions, such as data analysis, maintenance of internal system security, or ensuring compliance with legal provisions. For example, ECOMILES may share information with auditing firms, law firms to obtain legal assistance, accounting firms, or other professionals. Other entities that may receive personal data for such purposes include information security service providers, data analysis companies, quality assurance evaluators, among others.
For legal and regulatory reasons: ECOMILES may share all categories of personal data informed in item 6 with partners, service providers, and other entities when necessary to comply with legal or regulatory obligations, including compliance with any applicable law, judicial or administrative process. ECOMILES may also share information to protect and defend the rights of the company, personal data subjects, or any other person, to protect against fraudulent or malicious activities, to enforce ECOMILES's Terms and Conditions, or to cooperate with law enforcement agencies.
When the data subject consents to disclosure: ECOMILES may share certain information with partners or other entities when the data subject instructs to share or otherwise consents to sharing such information, and all consent expressed by the data subject must be prior and express.

ABOUT DATA SUBJECTS' RIGHTS AND REQUESTS

In accordance with applicable regulations, ECOMILES ensures the following rights to the data subject:

Confirmation of the existence of processing;
Access to their data;
Correction of incomplete, inaccurate, or outdated data;
Anonymization, blocking, or deletion of unnecessary, excessive data, or data processed in non-compliance with applicable regulations;
Data portability to another service or product provider, upon express request, in accordance with ANPD regulations;
Deletion of personal data processed with the data subject's consent, with exceptions provided in applicable regulations;
Information about public and private entities with which ECOMILHAS has shared data;
Information about the possibility of not providing consent and the consequences of refusal;
Revocation of consent, under the terms of applicable regulations;
Review of automated decisions.

The data subjects' rights provided in applicable regulations and this Policy may be exercised through an express request by the data subject or legal representative and may be made through the relationship channel available on the privacy portal or privacy notice.

The user is aware, through this document, that any request to delete information essential to managing their registration with ECOMILES, when applicable, will result in the termination of their contractual/business relationship.

ECOMILES will make all reasonable efforts to meet requests made by the data subject in the shortest possible time. However, justifiable factors may delay or prevent prompt service, and in case of delay, the reasons will be presented to the data subject.

It is the data subject's duty to provide correct and updated information. ECOMILES is not responsible for the accuracy, truthfulness, or lack thereof in the information provided and may, at its discretion, suspend and/or cancel the user's registration at any time if any inaccuracy is identified.

Finally, the data subject should be aware that their request may be legally rejected, either for formal reasons (such as inability to prove their identity) or legal reasons (such as a request to delete data whose maintenance is a free exercise of rights by ECOMILES), and in the event that these requests cannot be met, reasonable justifications will be presented to the data subject.

SECURITY

Any personal data held by ECOMILES is stored in accordance with the highest security standards adopted by the market. These standards include, but are not limited to, the following measures:

Protection against unauthorized access;
Restricted access to locations where personal information is stored;
The adoption of procedures with employees, collaborators, service providers, and suppliers involved in the processing of personal data, requiring them to commit to strict confidentiality and to follow best practices for handling such data, in accordance with corporate policies and procedures.

In addition to technical safeguards, ECOMILES also adopts institutional measures to protect personal data, maintaining a governance and privacy program applied across its operations and governance structure, which is continuously updated.

In any event, in the unlikely occurrence of incidents of this nature, ECOMILES undertakes to make every reasonable effort to mitigate the consequences of the event, always ensuring full transparency toward the data subject.

ABOUT LINKS TO OTHER WEBSITES

ECOMILES may provide links to other websites deemed relevant, corporate partnerships, or due to regulatory, judicial, or administrative requirements.

It should be noted that ECOMILES is not responsible for the privacy policies practiced by these websites. Third parties have their own policies for collecting, using, sharing, and any type of data processing related to their services, and these third parties are responsible for proper data maintenance. ECOMILES recommends reading the policies of these third parties.

ABOUT COOKIES

Cookies are files that can be stored on the user's device, containing small pieces of data that are shared when a device visits or uses ECOMILES's online services.

The information collected, usually the name of the website that originated it, its lifespan, and a randomly generated value, is interpreted and executed by ECOMILES's portals or applications, which enables user recognition and future identification of their interests and needs.

Cookie Types	What do they do?
NECESSARY	Essential cookies for the portal or application visited to function properly. This type of cookie does not store personally identifiable information and is generally set in response to a user's service request, such as setting privacy preferences, logging in, or filling out forms. This type of cookie cannot be disabled on ECOMILES portals and applications, though users can configure their browser to block them. However, please note that this action will impact some portal and application functionalities.
PERFORMANCE	Cookies that allow us to count visits and traffic sources to measure and improve the performance of our portals and applications. All information collected by this type of cookie is anonymous. Users can prohibit the execution of these cookies, but ECOMILES will be unable to understand how users interact with portals and applications, without providing information about visited areas, visit duration, and any problems encountered, such as error messages, for example.
FUNCTIONALITY	Cookies that allow the portal or application to remember user choices, providing a personalized experience. They may be set by ECOMILES or by vendors whose services we add to our portals and applications. Users may prohibit the execution of these cookies, but some or all of these functionalities may not work as intended.
ADVERTISING	Cookies that may be set on ECOMILES portals and applications through our marketing partners. They will be used by these partners to build a profile and display content more relevant to the user's interests, as well as measure the effectiveness of advertising campaigns. They do not directly store personal information but are based on the unique identification of your browser and device used for access. Users may prohibit the execution of these cookies but will receive less targeted advertising.
SOCIAL NETWORKS	Cookies set by third parties and added to ECOMILES portals and applications to track social network users who visit our pages, allowing sharing of our content with their list of friends and acquaintances. They are also capable of tracking your browsing on other websites and creating a profile of your interests. This may affect the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.

At any time, users may revoke their authorization regarding the use of cookies by accessing the settings of their preferred browser. However, we caution that, depending on the settings applied, certain functionalities of our services may not work optimally, as well as information security aspects.

ABOUT EMAIL MARKETING

By signing up to receive email marketing from ECOMILES, users declare their agreement that ECOMILES may create a personalized compilation of news and offers, as well as evaluate platform usage patterns, to send personalized communication that meets users' needs and interests.

If users wish to stop receiving this type of communication, they may cancel their subscription at any time. To do so, users may click on the opt-out link present in received emails to be directed to the cancellation process or may use one of the communication channels mentioned in this Privacy Policy.

APPLICABLE LAW AND GENERAL CONDITIONS

This document was prepared based on applicable regulations on information security, privacy, and data protection, including (whenever applicable) the Constitution of the Federative Republic of Brazil, the Consumer Protection Code, the Civil Code, the Brazilian Internet Bill of Rights (Federal Law No. 12,965/2014), its regulatory decree (Decree 8,771/2016), the General Data Protection Law (Federal Law No. 13,709/2018), and other sectoral or general regulations on the subject.

This policy is linked to the Terms of Use, available on the privacy portal or privacy notice, and shall be interpreted according to Brazilian legislation, in the Portuguese language, with the Central Forum of the District of São Paulo/SP being elected to resolve any litigation, question, or supervening doubt, with express waiver of any other, however privileged it may be.

If any provision of this Privacy Policy is deemed illegal or illegitimate by a public authority, the other conditions shall remain in full force and effect.

Users acknowledge that all communication conducted by email (to the addresses they provided), SMS, instant messaging applications, or any other digital and virtual form is also valid as documentary evidence, being effective and sufficient for the disclosure of any matter related to services provided by ECOMILES, as well as the conditions of their provision, except for expressly different provisions provided in this Privacy Policy.

UPDATES TO THIS POLICY

ECOMILES's Privacy Policy, available on the channels mentioned in the privacy portal or privacy notice, is the most current version of the document. ECOMILES may, however, at any time and at its sole discretion, update the Policy to improve security, enhance our services, or to comply with legal, regulatory, or administrative obligations.

ECOMILES encourages data subjects to periodically review this Privacy Policy to stay updated on how their data is being processed.

If users do not accept and do not agree, or accept but do not agree with this Privacy Policy, including any changes, they should not access or use ECOMILES's platforms, services, and products.