This Privacy Policy aims to demonstrate the commitment of ALVO Certificação Digital S/A (“ALVO“), a private law legal entity, registered with the CNPJ/ME under no. 40.109.705/0001-66, headquartered in this City of Brasília, State of Distrito Federal, at Rodovia Do Sol 2070, Room 609, Block 037, Praia de Itaparica, Vila Velha ES, 29102-020, with the protection of personal data that identifies the USER individually (“Personal Data”) and other data provided, describing ALVO’s practices in relation to personal data processed through ALVO’s websites, blogs and applications, hereinafter jointly and indistinctly referred to as “Website”, in accordance with the laws in force, in particular with Law No. 13.709/2018 and its subsequent amendments (“General Data Protection Law” or “LGPD”).

To make a purchase on the Website, the USER will need to provide some financial information that may be stored on ALVO’s servers.

As a condition for accessing and using the Website’s exclusive features, the USER declares to be over 18 (eighteen) years of age or, if under age, the USER declares that he/she has obtained, in this act, the express consent of his/her legal guardians, as well as having read the rules of this Privacy Policy in full and carefully, thus granting his/her free, informed and unequivocal agreement with the terms stipulated herein.

IF YOU DO NOT AGREE WITH THE RULES OF THIS PRIVACY POLICY, YOU SHOULD DISCONTINUE ACCESSING THE WEBSITE.

1. WHAT IS THE PURPOSE OF THIS POLICY?

This Personal Data Privacy Policy aims to establish standards and guidelines on the processing of personal data collected by ALVO on its websites, blogs and applications.
This document was prepared to clarify how personal data is processed by ALVO in compliance with the General Data Protection Law.
By accepting this Privacy Policy, the USER agrees to the terms described therein and to the processing of personal data for the purposes described below.
The USER’s acceptance is voluntary. However, if the USER does not provide his/her acceptance, ALVO will not be able to offer its services in whole or in part to the USER.

2. TERMS AND DEFINITIONS

To understand this policy, we must consider the descriptions of the definitions as detailed below:

Anonymization – use of reasonable technical means available at the time of processing, through which data loses the possibility of association, directly or indirectly, with an individual; National Authority / National Data Protection Authority (ANPD) – public administration body responsible for overseeing, implementing and monitoring compliance with the LGPD throughout the national territory;
Database – structured set of personal data, established in one or more locations, in electronic or physical support;
Blocking – temporary suspension of any processing operation, by means of storage of personal data or the database;
Employees – People hired to join ALVO’s staff;
Consent – ​​free, informed and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose;
Controller – natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data; Cookies – These are data obtained from Internet files that temporarily store what the USER is visiting on the network, and can be obtained by ALVO websites and applications, which allow ALVO to track the sections visited, the frequency and duration of visits, and also provide automatic logins, personalization features, for example.
Personal Data – information related to an identified or identifiable natural person;
Sensitive Personal Data – personal data about racial or ethnic origin, religious belief, political opinion, membership of a union or organization of a religious, philosophical or political nature, data related to health or sexual life, genetic or biometric data, when linked to a natural person;
Elimination – deletion of data or a set of data stored in a database, regardless of the procedure used;
Purpose – reason why the data subject’s personal data is processed; Privacy Incident – ​​any accidental or unlawful situations that result in the destruction, loss, alteration, improper access, unlawful or inadequate processing of Personal Data;
General Personal Data Protection Law (LGPD) – Law No. 13,709/2018 and its subsequent amendments, which provides for the processing of personal data of natural persons, regardless of the means, by a natural person or by a legal entity under public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the natural person’s personality.
Operator – a natural or legal person, under public or private law, who