Privacy Notice
Last updated: October 16, 2024
This privacy notice describes the conditions applicable to the use of services ("Privacy Notice") offered by GLIN BRASIL SERVIÇOS DIGITAIS LTDA, duly registered under CNPJ/MF No. 36.032.210/0001-09, headquartered at Praça Chuí, 35, ground floor/hall, São José dos Campos – SP, CEP: 12243-380, its subsidiaries and affiliates, hereinafter referred to indistinctly as "GLIN", through its websites https://www.glin.com.br and https://www.glinpay.com and respective subdomains, applications for smartphones and tablets and/or through application programming interfaces (API) made available ("Platform").
1. INTRODUCTION
1.1 GLIN, through the Platform, offers the following services:
| Service | Description |
|---|---|
| eFX Service Provision | Glin provides eFX services for the acquisition of goods and services abroad up to the limit of US$ 10,000.00 (ten thousand American dollars) or its equivalent in other currencies |
| Foreign Exchange Correspondent | Glin acts as a foreign exchange correspondent for financial institutions, with the objective of intermediating account opening, foreign exchange operations and remittances and receipts abroad |
| Travel Agency | Intermediation of educational services abroad |
2. DEFINITIONS
2.1 For better understanding of this document, in this Privacy Policy, the following are considered:
Processing Agents: The controller and the operator.
Anonymization: Use of reasonable and available technical means at the time of processing, through which data loses the possibility of association, direct or indirect, with an individual.
National Data Protection Authority – ANPD: Public administration body responsible for ensuring, implementing and supervising compliance with this Law throughout the national territory.
Database: Structured set of personal data, established in one or more locations, in electronic or physical support.
Consent: Free, informed and unambiguous manifestation by which the data subject agrees to the processing of their personal data for a specific purpose.
Controller: Natural or legal person, of public or private law, who is responsible for decisions regarding the processing of personal data.
Anonymized Data: Data relating to a data subject that cannot be identified, considering the use of reasonable and available technical means at the time of processing.
Personal Data: Information related to an identified or identifiable natural person.
Sensitive Personal Data: Personal data about racial or ethnic origin, religious belief, political opinion, membership in a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.
Data Protection Officer (DPO): Person designated by the controller and operator to act as a communication channel between the controller, data subjects and the ANPD.
Operator: Natural or legal person, of public or private law, that processes personal data on behalf of the controller.
Data Subject: Natural person to whom the personal data being processed refers.
International Data Transfer: Transfer of personal data to a foreign country or international organization of which the country is a member.
Processing: Any operation performed on personal data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
Shared Use of Data: Communication, dissemination, international transfer, interconnection of personal data or shared processing of personal databases by public bodies and entities in compliance with their legal competencies, or between these and private entities, reciprocally, with specific authorization, for one or more forms of processing permitted by these public entities, or between private entities.
3. LEGAL BASIS FOR PERSONAL DATA PROCESSING
3.1 This Privacy Policy was prepared in accordance with Federal Law No. 12,965, of April 23, 2014, the Marco Civil da Internet, and Federal Law No. 13,709, of August 14, 2018, the General Data Protection Law ("LGPD").
3.2 GLIN commits to comply with the rules provided by the LGPD and to respect the principles set forth in Art. 6 of such regulation:
Purpose: processing for legitimate, specific, explicit and informed purposes to the data subject, without the possibility of subsequent processing in a manner incompatible with these purposes.
Adequacy: compatibility of processing with the purposes informed to the data subject, according to the context of processing.
Necessity: limitation of processing to the minimum necessary for the achievement of its purposes, with coverage of relevant, proportional and non-excessive data in relation to the purposes of data processing.
Free Access: guarantee, to data subjects, of easy and free consultation on the form and duration of processing, as well as on the entirety of their personal data.
Data Quality: guarantee, to data subjects, of accuracy, clarity, relevance and updating of data, according to the need and for the fulfillment of the purpose of their processing.
Transparency: guarantee, to data subjects, of clear, precise and easily accessible information about the performance of processing and the respective processing agents, subject to commercial and industrial secrets.
Security: use of technical and administrative measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination.
Prevention: adoption of measures to prevent the occurrence of damages due to the processing of personal data.
Non-discrimination: impossibility of processing for unlawful or abusive discriminatory purposes.
Accountability and Rendering of Accounts: demonstration, by the agent, of the adoption of effective measures capable of proving compliance with personal data protection rules and, including, the effectiveness of such measures.
4. PROCESSING AGENTS
4.1 The LGPD defines as controller, in its Art. 5, item VI, the natural or legal person, of public or private law, who is responsible for decisions regarding the processing of personal data.
4.2 The LGPD defines as operator, in its Art. 5, item VII, the natural or legal person, of public or private law, that processes personal data on behalf of the controller.
4.3 GLIN is responsible for decisions regarding the processing of personal data in the services offered by the Platform. The operators are listed below in item 8.
5. DATA PROTECTION OFFICER
5.1 The LGPD defines as data protection officer, in its Art. 5, item VIII, the person designated by the controller and operator to act as a communication channel between the controller, data subjects and the ANPD.
5.2 The person responsible for acting as a communication channel between the controller, data subjects and the ANPD is the data protection officer LELLIS OLIVEIRA SOCIEDADE INDIVIDUAL DE ADVOCACIA.
5.3 The user may contact via email dpo@glin.com.br of the Data Protection Officer, to clarify any questions about this Privacy Notice or to obtain more information about data processing carried out based on the LGPD.
6. DATA SUBJECT RIGHTS
6.1 The personal data subject has the following rights, conferred by the LGPD:
Right of confirmation and access (Art. 18, items I and II): the right of the data subject to obtain from the service confirmation that personal data concerning them is or is not being processed and, if so, the right to access their personal data.
Right of rectification (Art. 18, item III): the right to request correction of incomplete, inaccurate or outdated data.
Right to limitation of data processing (Art. 18, item IV): the right of the data subject to limit the processing of their personal data, being able to demand the deletion of unnecessary, excessive data or data processed in non-compliance with the LGPD.
Right of opposition (Art. 18, § 2): the right of the data subject, at any time, to oppose the processing of data for reasons related to their particular situation, based on one of the hypotheses of exemption from consent or in case of non-compliance with the LGPD.
Right to data portability (Art. 18, item V): the right of the data subject to perform data portability to another service or product provider, upon express request, in accordance with the regulation of the national authority, subject to commercial and industrial secrets.
Right not to be subject to automated decisions (Art. 20): the data subject has the right to request a review of decisions made solely based on automated processing of personal data that affect their interests, including decisions intended to define their personal, professional, consumer and credit profile or aspects of their personality.
7. WHAT DATA IS PROCESSED AND HOW IT IS COLLECTED
7.1 The use of certain Platform functionalities by the personal data subject will depend on the processing of the following personal data:
| Data Processed | Collection Method | Purpose | Processing Operation | Legal Basis |
|---|---|---|---|---|
| Full name | Provided by User (mandatory) | User identification | STORAGE, CONTROL, TRANSMISSION, COLLECTION | Legal obligation, Research, Contract execution |
| Date of birth | Provided by User (mandatory) | User identification | STORAGE, CONTROL, TRANSMISSION, COLLECTION | Legal obligation, Research, Contract execution |
| CPF number | Provided by User (mandatory) | User identification | STORAGE, CONTROL, TRANSMISSION, COLLECTION | Legal obligation, Research, Contract execution |
| Email address | Provided by User (mandatory) | Platform access, Personalize and improve User experience, Advertising and Marketing | ACCESS, STORAGE | Free consent |
| Address | Provided by User (mandatory) | Service use | STORAGE, TRANSMISSION | Legal obligation |
| Phone number | Provided by User (mandatory) | Personalize and improve User experience | ACCESS, STORAGE | Free consent |
| Device data | Collected from device | Service use, Personalize and improve User experience | ACCESS, EXTRACTION | Free consent, Legal obligation |
| User location | Collected from device | Service use, Personalize and improve User experience | ACCESS, EXTRACTION | Free consent, Legal obligation |
| Access log | Obtained when using the Platform | User identification | ACCESS, STORAGE | Free consent, Legal obligation |
| User photo (merchants) | Provided by User (mandatory) | User identification | ACCESS, EXTRACTION | Legal obligation |
| Main activities (merchants) | Provided by User (mandatory) | Personalize and improve User experience, Service use | EVALUATION, CONTROL, STORAGE | Legal obligation |
| Website and social media (merchants) | Provided by User (mandatory) | Personalize and improve User experience, Service use | EVALUATION, CONTROL, STORAGE | Legal obligation |
8. DATA SHARING
8.1 User's personal data may be shared with the following persons or companies:
| Purpose | Description |
|---|---|
| Third-Party Service Providers | GLIN has service providers who work in the execution and development of our services and products. |
| Public Authorities | GLIN may share your data with any public authorities to comply with legal obligations, or to protect your rights or those of third parties. |
| Corporate Operations | GLIN may share your data with other companies in its group, subsidiaries and affiliates, within the scope of corporate reorganization operations. |
| Financial Institutions and Payment Processors | GLIN may share your data with financial institutions and payment processors in order to capture payments demanded on the platform. |
| Data Verification Services for Anti-Fraud and Anti-Money Laundering | GLIN may share your data with identity validation platforms in order to comply with regulation related to financial services applicable in Brazil, especially related to KYC/PE&S (Know Your Customer, Partner, Employee and Supplier) processes and monitoring of suspicious operations. |
9. INTERNATIONAL DATA TRANSFER
9.1 GLIN transfers data internationally. Details about this transfer are shown below:
| Organization | Guarantee | Data Transferred |
|---|---|---|
| Google LLC | Contractual clauses: Google Privacy Policy; Seals, certificates and codes of conduct: ISO 27001 Certifications | All data collected by GLIN |
| Amazon Web Services, Inc. | Contractual clauses: AWS GDPR DPA; Seals, certificates and codes of conduct: AWS ISO Certifications | All data collected by GLIN |
10. DATA SECURITY
10.1 GLIN commits to applying technical and organizational measures capable of protecting personal data from unauthorized access and situations of destruction, loss, alteration, communication or dissemination of such data.
10.2 To ensure security, solutions will be adopted that take into account: appropriate techniques; application costs; the nature, scope, context and purposes of processing; and risks to the rights and freedoms of the user.
10.3 The service uses encryption so that data is transmitted securely and confidentially, so that data transmission between the server and the User, and in feedback, occurs in a fully encrypted manner.
10.4 However, the service is exempt from liability for exclusive fault of third parties, such as in cases of hacker or cracker attacks, or exclusive fault of the user, such as when they transfer their data to third parties. GLIN also commits to communicating to the user within an appropriate period if any type of security breach of their personal data occurs that may cause a high risk to their personal rights and freedoms.
10.5 A personal data breach is a security breach that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of processing.
10.6 Finally, GLIN commits to treating the user's personal data with confidentiality, within legal limits.
11. COOKIES
11.1 Cookies are small text files sent by the website to the user's computer and stored there, with information related to website navigation.
11.2 Through cookies, small amounts of information are stored by the user's browser so that the service server can read them later. For example, data about the device used by the User, as well as their location and time of access to the site, may be stored.
11.3 It is important to note that not all cookies contain the User's personal data, as certain types of cookies may be used only for the service to function correctly.
11.4 Information eventually stored in cookies is also considered personal data. All rules provided in this Privacy Notice also apply to such cookies.
11.5 GLIN uses the following cookies:
| Cookie Name | Purpose | Duration |
|---|---|---|
| elementor | Used in the context of the website's WordPress theme. The cookie allows the website owner to implement or change the website content in real time. | Persistent |
| wpEmojiSettingsSupports | This cookie is used to enable emoji support on pages that use WordPress. | Session |
| _ga_* | Contains a unique identifier used by Google Analytics 4 to determine if two distinct hits belong to the same user across browsing sessions. | 1 year |
| _ga | Contains a unique identifier used by Google Analytics to determine if two distinct hits belong to the same user across browsing sessions. | 1 year |
| ph_phc_* | Used by PostHog Analytics to gain insights into user behavior. | 1 year |
| _gcl_au | Used by Google AdSense to understand user interaction with the site, generating analytical data. | 3 months |
| _fbp | Facebook Pixel primary advertising cookie. Used by Facebook to track website visits to provide a range of advertising products, such as real-time bidding from third-party advertisers. | 3 months |
| prism_* | Used by ActiveCampaign to track visitors on marketing channels. | 1 month |
| lastExternalReferrerTime | Detects how the user arrived at the website by recording their last URL address. | Persistent |
| lastExternalReferrer | Detects how the user arrived at the website by recording their last URL address. | Persistent |
12. SUBSEQUENT DATA PROCESSING FOR OTHER PURPOSES
12.1 Information about personal data used for subsequent purposes, among others, may be used for continuous improvement of services and enhancement of user experience within GLIN.
12.2 If the GLIN personal data subject chooses to delete their data, it will be anonymized. Anonymized data may be used in the future for generating statistics, in order to improve Platform procedures. They may also be used for research purposes by specialized entities. They may equally be used in an aggregated manner for dissemination of information through media, and in scientific and educational publications.
13. CHANGES TO THE PRIVACY POLICY
13.1 GLIN reserves the right to modify, at any time, the site and these rules, especially to adapt them to the evolutions of the Platform, whether by making new functionalities available, or by suppressing or modifying existing ones.
13.2 This Privacy Policy may be updated due to any regulatory updates, which is why the user is invited to periodically consult this section.