top of page

PRIVACY
POLICY

DIGA TECNOLOGIA EM ATENDIMENTO LTDA. Private company, registered under the CNPJ number 05.388.357/0001-02, located on Rua Luiz da Costa Freysleben, 215, Itaguaçu District, Florianópolis/SC, Brazil, ZIP Code: 88085-500, denominated “DIGA”, is a technology company focused on queue and service management, offering from orientation to technology that may how companies offer their services.

We, from DIGA, respect the privacy of all personal data of our customers, employees and partners. Our GOAL is to ensure the integrity of the personal data and protect its privacy.

 

This Privacy Policy has as its GOAL to show our commitment to the privacy and protection of all collected personal data, establishing rules about collecting, registering, storing using, sharing and eliminating collected personal data, according to the Brazilian Law 13.709/2018 (LGPD).

 

We hope this Privacy Policy helps you understand our commitments to your privacy. For more information or, if you have any doubts, worries or requests, consult us through the following e-mail address: dpo@diga.com.br. Otherwise, if you disagree with this Privacy Policy’s content, we point out that you are free to decide if you pretend to use the services offered by DIGA, or not, being able to, in some cases, choose not to share certain optional information (what may, in this case, limit the use of some of the solution’s features).

 

GENERAL CONCEPTS

Initially, it’s important that you understand some concepts brought by the LGPD:

  • PROCESSING AGENTS: the controller and operator.

  • CONTROLLER: natural or legal entity, governed by public or private laws, who makes decisions regarding the processing of personal data.

  • OPERATOR: natural or legal entity, governed by public or private laws, that processes personal data in the name of the controller.

  • PERSONAL DATA: any and every information related to the person, that is identified or identifiable. Ex.: Name; Social Name; Date of Birth; Surname; Social Security; Identity Card; Driver’s License; Age; Nationality; E-mail Address; Naturality; Home Address; Business Address; Marital Status; Gender; Personal Phone Number; Business Phone Number.

  • SENSITIVE PERSONAL DATA: personal data about racial origin or ethnicity, religious beliefs/convictions, political opinion, affiliation to syndicates, religious, philosophical, or political organization, data regarding health or sexual life, genetic or biometric data, when linked to a natural person.

  • HOLDER: Natural person to whom is referred the personal data that is being processed.

  • PROCESSING: every treatment of personal data, referring to collecting, producing, receiving, classifying, utilizing, accessing, reproducing, transmitting, distributing, storing, eliminating, evaluating or controlling, modifying, communicating, transferring, diffusing or extracting.

  • DATA PROTECTION OFFICER (DPO): person indicated by the controller and operator to act as a communication channel between the controller, the holders and the National Authority of Data Protection (ANPD in Brazil). Among the main responsibilities of the DPO is to receive complaints and communications from the holders, provide needed information, gather the demands of the holder and communicate with the National Authority of Data Protection.

 

WHO IS THE PERSON RESPONSIBLE FOR TREATING THE PERSONAL DATA?

The COMPANY will be considered a CONTROLLER of personal data of its employees and suppliers, just as in all the situations that fit the legal definition of the LGPD, in other words, when it’s responsible for making decisions regarding data processing.

The COMPANY as a service provider and, in cases when it has no interference regarding the processing of personal data, it will act as an “Operator” of the customers’ personal data of the company referred to as “Controller”.

According to the LGPD, the operator is any natural or legal entity, governed by public or private laws, that processes personal data in the name of the controller. The controller is every natural or legal entity, governed by public or private law, to whom are delegated de decisions regarding the processing of personal data.

Additionally, the data collected by DIGA, as a CONTROLLER, might be processed and stored in internal or external servers.

When DIGA has the role of OPERATOR, the holders’ data will be processed and stored in the controller’s system, who acts according to the security politics and mechanisms, specific contractual clauses related to the privacy and protection of personal data.

When in the role of CONTROLLER, DIGA will be responsible for the activities of processing the personal data of the following cases, according to legal bases of the articles 7th, II, V and IX, and article 11, II, a e d, from the LGPD.

When in the role of OPERATOR, DIGA will answer in the name of the CONTROLLER for the activities of processing the personal information of the following cases, according to legal bases determined by the CONTROLLER.

WHO DOES DIGA COLLECT AND PROCESS DATA FROM?

DIGA, according to the legal bases listed above and among all the limits determined by the law, may collect and process the data of customers’, potential customers, users, business partners, suppliers, employees, service providers, legal representatives, job applicants, managers, administrators and company partners.

FOR WHAT PURPOSE DO WE USE USER’S PERSONAL DATA?

When you interact with DIGA commercially, we use many tools to process the collected personal data. The legal fundaments in which we base ourselves that legally allow us to process personal data may be contract execution, fulfilling legal obligations and legitimate interest.

 

If the Holder decides to provide the personal information on DIGA’s website to benefit from the online Services or any others, the information will be processed according to the specific purposes previously defined or according to what is described in the contract of service supply.

 

We assure the Holder’s right to, ate any moment, including the time when the personal data is being provided, to inform DIGA, through the communicating channels available for the registration of the information, that there is no interest in receiving announcements, including e-mails (opt-out), what will cause the interruption of these services, as soon as possible.

WHAT PROCESSING WILL BE MADE WITH THE PERSONAL DATA?

DIGA, according to the legislation, may COLLECT, RECEIVE, CLASSIFY, USE, ACCESS, TRANSFER, STORE, ELIMINATE, SHARE WITH THIRD PARTIES, ultimately, accomplish all activities disposed on the Article 5th, X, of the LGPD, always with strict accordance with the referred legislation, you personal data and registering information, when needed for the achievement of the covenants made between the parties  and, also, in other hypotheses based on legitime goals, as in support and promotion of activities, or for providing services that benefit the others involved in the process.

ABOUT SHARING YOUR PERSONAL DATA

DIGA might share personal information with partner companies with the goal of improving its products, services and processes, according to what’s permitted by the applicable law and according to this policy.

We emphasize that our online services, offered by DIGA, will automatically be subject to the current Privacy Policy, at the time of its utilization.

We will share the Holder’s personal data when we believe, in good faith, that it will be necessary for fulfilling legal obligations, in the terms of the applicable law, or to respond to a valid legal process, as, for example, a search warrant, court order or a summon.

We will also share the Holder’s personal information if we believe, in good faith, that it will be necessary, in our interests or others’, in terms of national security, fulfillment of the law, litigation, criminal investigation, to assure the security of any person, or to prevent the death or imminent physical damage, considering that this interest does not prevail over the interests or fundamental freedom rights of the Holder that requires protection of the Holder’s personal data.

ABOUT DATA’S INTERNATIONAL STORING AND TRANSFERING

Personal data processed as a result of utilizing the service will be processed by DIGA according to the current applicable laws. The company is based in Brazil, but may process personal data in other countries, by hiring partner companies that, in turn, will be submitted by this Privacy Policy.

 

Whenever DIGA makes any kind of international transfer of the personal data, as well as DIGA’s partners or customers, all the activities that involve processing personal data are in accordance with personal data protection laws, fulfilling all the rights of the Holder, legally stated by the law. Such protection takes into account security policies and mechanisms of confidentiality, as well as specific contractual clauses for international data transferring.

 

YOUR RIGHTS AS PERSONAL DATA HOLDER

According to applicable laws, when current, regarding processing personal data, specially the LGPD (Law 13.709/2018), DIGA respects and assures you the possibility to present a solicitation, based on the rights stated in article 18 of the LGPD, to access, eliminate, transfer etc.

 

TIME OF STORING AND ELIMINATING PERSONAL DATA

Your personal data will be processed according to the Retention and Elimination Policy adopted by DIGA, for as long as it takes for the means listed above and will be eliminated after the determined time or through solicitation of the Holder, exercising the given rights, when applicable, except when fulfilling legal or regulatory obligations related to DIGA.

 

HOW DO WE SAFELY TREAT YOUR INFORMATION?

The access to personal data collected, stored or processed by DIGA is restricted to authorized staff for executing necessary tasks and is limited for any other purposes. It is also required from the entire company or individual hired for providing support services, to follow the Privacy Policy.

DIGA is committed to providing quality services, with security so, in all the processes, we adopt all plausible technical measures, according to current technology, to ensure the security of personal data and to avoid its alteration, loss and unauthorized treatment or access, either by human interaction, or due to natural, physical or electronic matters.

DATA UPDATES

DIGA reserves the rights to update the functionalities of its internal processes. Therefore, this Privacy Policy might be updated, at any time, except in cases of legal seal, to include effective changes. As you continue using our services, after the present policy’s update, you agree with the changes made and current, at the time of access.

SOLICITATIONS AND COMPLAINTS

In case of solicitations and complaints, we as you to contact our Data Protection Officer at: dpo@diga.com.br. For contacting him, you will be required to provide your personal data to confirm your identity. Eventually, other information may be solicited to confirm your identity, with the goal to attend you solicitation or complaint the best possible way, whenever there is a doubt about the truthfulness or legitimacy of the provided information.

GENERAL PROVISIONS

Eventual omissions or mere tolerance of the parties requiring the strict and full compliance of this Privacy Policy and/or prerogatives in accordance with it or the law, will not constitute novation or resignation, nor will affect any rights foreseen fere, that might be fully executed, at any time. In case a disposition is considered null, the remaining dispositions of this Privacy Policy will remain in full effectiveness and a valid term will substitute the null one, reflecting our intention, as much as possible.

APPLICABLE LAW AND CONFLICT RESOLUTION

Any and all controversy deriving from the terms exposed on this Privacy Policy will be resolved according to the Brazilian law, being elected the forum of the city of Florianópolis, ins the state of Santa Catarina, excluding any other, even if more preferred. It is also clear that utilizing the services and orders commanded outside the Brazilian territory, or due to operations starting abroad may also be subject to the jurisdiction and legislation of the country’s authority, where they were commanded or started.

Created by: DPO-DIGA

Date of approval: 10/11/2022

Reviewed by: Privacy committee/DPO

Approved by: Privacy committee/DPO

Version 02

bottom of page