The CYF has a strong commitment to the privacy of the information of the users of our systems. The objective of this text is to inform you about our practices regarding the collection of information when you use our systems, it is how CYF treats and uses your personal information and that of its own clients.
Why do we collect some personal information to make the user registration?
The information we collect is minimal and we do it for security, only with the aim of identifying who accesses the system and from where they do it, in addition to offering the possibility of using personalized services (or customizations) and sending you alert information. of the system when required. For this reason, a user registration system was developed, where a few personal information that will identify you in our systems are requested.
Understand that we must be very sure of who you are before allowing access, as there are different user profiles and according to your profile, you will have access to view the information that corresponds to you and that you have permission to do so or access different areas or exclusive functions for certain user profiles.
The information collected is related to your name, a unique identification number, as well as a login and password that will serve to identify you and allow you access to our systems. Such registration will still serve as a communication channel, allowing us to send you communications about system news and corresponding alerts.
You may, whenever you wish and at any time, change your registration in our database as well as your access password.
The CYF does not collect information from its clients nor does it request information from its clients, only a name for its own identification during the use of the system. It is still possible to mask the name of the users using pseudonyms instead of their real names, if I consider it convenient or necessary, with the exception of their contact data, which is necessary for sending alerts if they choose to receive them by email or another specific channel.
Data processing agents
Natural or legal person, of public or private law, who are responsible for decisions regarding the processing of personal data (article 5, VI, of the LGPD).
Natural or legal person, governed by public or private law, who processes personal data on behalf of the controller (art. 5, item VII of the LGPD).
When you use the Quality system, we act as the operator of your personal data.
When you use our website, we act as the controller of your personal data.
Data subject rights
The holder is the natural person to whom the personal data that are processed refer. You as the holder of personal data may at any time request:
- Confirmation that your personal data is being processed;
- Access your data;
- Correction of incomplete, incorrect or outdated data;
- Anonymization, blocking or deletion of unnecessary data;
- Data portability to another service or product provider;
- Deletion of personal data;
- Information about data sharing;
- Information on the consequences of non-consent;
- Revocation of Consent.
The exercise of rights may be requested by the data subject through the form: https://cyf.com/privacy-center/
Personal data and sensitive personal data
It is any data that identifies or can identify you, including location data, electronic identifiers or any other data that, when combined with other information, can identify someone.
Examples: name, RG, CPF, CNH, gender, phone number, cell phone number, home address, email, location data etc.
Sensitive Personal Data:
It is data about racial or ethnic origin, religious conviction, political opinion, union membership, health or sex life data, genetic or
biometric data when linked to you, is sensitive.
When using our systems, we only process the personal data of registered users (name, e-mail, professional position and CPF).
When using the website, browsing data is collected through cookies, for example: to identify how many times you return to our address.
Commitment to the confidentiality of the data provided
Personal information is of restricted use of our systems and necessary for your own use as a user, collected through secure database software. Only officials authorized by the CYF, directly related to the administration and updating of our systems have access to your personal data and, even so, such access is limited by necessity. For example, if you contact us to report a problem, the official responsible for the administration and/or support of the system is authorized to access only the personal information necessary to attend to the object of your concern.
No personal information that you come to provide us will be disclosed, transmitted, sold, rented or distributed to third parties, except in the case of legal, judicial or audit determinations.
We reserve the right, however, to disclose general statistical data, but not personalized, of indices and benchmarks. We emphasize that under no circumstances will data be disclosed that allows the identification of registered users or the companies to which they belong.
We also point out that we do not collect any type of information from the user’s personal computer that he himself has not typed or sent to the system. Attached files, such as voice recordings, are stored on the server made available by the client and not on our servers unless expressly requested by the client.
International and storage
There is international data transfer when using Cyf systems, from the user’s country of origin to the country where the servers are located, where the data is stored securely in Canada.
We use the most varied and complete security procedures to guarantee not only the privacy of our clients’ data, but also their integrity and security. Password access, IP blocking (whitelist), protection against brute force attacks, SSL certificate with cryptography, constant monitoring, backups and other security methods are just some of the methods we use to guarantee your security and that of your customers.
The CYF reserves the right to make changes to the policy, as it also undertakes to share and make it available for easy consultation with its users, clients and stakeholders.
This policy was initially adopted on January 1, 2019.
Updated June 24, 2022.