PRIVACY AND DATA PROTECTION POLICY

Aiming at a relationship of transparency and trust, we at YES consider communication extremely important, and it would be no different in relation to the topic of data processing and privacy.

Therefore, we ask you to carefully read this policy, in order to understand our practices for processing your Personal Data.

  • objective

This policy is intended to make it clear to you, the owner, about how we treat the personal data that you eventually provide to us when accessing our Platforms, registering on our newsletter, send information request via form, etc.

It is recommended that you access this page periodically in order to keep up to date with any changes in the way we treat your personal data, which will be reflected in this Policy, always seeking to offer you a better experience.

  • How we collect your personal data;

Your personal data is collected from the way you interact with YES. Therefore, we can collect data in the following ways:

– Directly: when you directly provide us with your data, whether by purchasing our products, submitting forms, participating in events, subscribing to the newsletter, etc.;

– Through interaction on the website: through your interaction on our website and social media;

– Through third parties: through partners, in which case we take measures to ensure that the rules of privacy and protection of personal data, set out in the LGPD, have been complied with.

  • What types of Personal Data may be collected

Among the data that may be collected are the following:

– Identification data – information you provide to us that allows us to contact you or verify your registration, such as your full name, social security number, date of birth, gender, postal address, email, social media details, telephone number and etc.

– Demographic information and interests – information that describes Your demographics or behavioral characteristics, such as age or age group, geographic location (eg zip code) and favorite products.

– Navigation data – through posts on our social media, IP address, type of browser, browsing language, access times, request details, mode of interaction and use, collection of cookies when accessing the website or social media.

  • Cookies;

Cookies are small text files that can be used by websites to make the user experience more efficient.

The law says that we may store cookies on your device if they are strictly necessary for the functioning of this website. For all other types of cookies we need your permission.

  • How we use your personal data;

We collect and process your data so that it is possible, above all, to make our business relationship viable, either through the fulfillment of contractual and legal obligations, or to engage our brand and better develop our business.

– General mode: general purposes of our business, conducting internal or market research, managing communications;

– Identification data: compliance with legal/contractual or regulatory obligations, access control, access to newsletter subscription, participation in promotional campaigns;

– Contact data: response to inquiries via forms, return to various requests;

– Navigational data: promote our products and benefits, manage advertising campaigns, identify preferences, promote improvement of our products and services.

  • Legal grounds for processing your personal data;

In view of the importance of the subject and the preservation of your data, the General Data Protection Law took care to highlight the legal bases for data processing, that is, the cases in which we will be authorized to process your data. Are they:

  • Providing consent by the holder – especially in the use of our platforms;
  • Legitimate interest of YES or a third party – to guarantee you the best delivery of our products and your interaction with our institution, provided that your fundamental rights and freedoms are not violated;
  • Compliance with legal or regulatory obligations – related to YES' business activity;
  • To fulfill a contractual obligation to which the data subject is a party;
  • To exercise our contractual rights, administrative, judicial or arbitration proceedings;
  • Protection of your life and physical well-being;
  • Guardianship of your health, carried out by health professionals, health services or health authority;
  • To protect our credit;
  • Data retention period

The period considered for data retention will depend on the purpose for which we collected it, and in this individualized assessment criteria such as: (i) the validity of the consent obtained, when applicable; (ii) the existence of a commercial/contractual relationship; (iii) legal or regulatory obligation on data retention; and (iv) legitimate justified interest.

  • Sharing your personal data

Data sharing will only be done in justified situations and always in accordance with the LGPD. Below, we list some hypotheses:

  • Competent authorities – when and if there is a judicial and/or regulatory request;
  • Third parties – those who provide services based on the operation of personal data and/or management of software and integrated information systems;
  • Internally – among YES areas that need access to data, for example, we can mention the legal area, information technology and people management;
  • Security of your personal data

As a company that values, encourages and practices innovation, data security is in our DNA, and it would be no different in relation to the management of personal data and privacy.

In this sense, YES adopts technical and administrative security measures that aim to ensure that there is no incident in relation to the data processed, such as unauthorized access, and illegal acts by third parties (destruction, loss, alteration of data), ensuring always for the improvement of processes and observing how we can be an increasingly better company.

  • Your rights – as the Owner, you will always be the owner of your data, which gives you certain rights, which we set out below:
  • confirmation that we process your data or not;
  • access to the data owned by you and which we are processing;
  • data correction, whether for updating, correction or complementation;
  • anonymization, blocking or deletion of data, if justified based on the General Law for the Protection of Personal Data – “LGPD”;
  • data portability, upon express, written or recorded request, in accordance with ANPD regulations, respecting, in any event, any commercial and industrial secrets;
  • elimination of your personal data processed, upon express request, written or recorded, in accordance with the regulations of the ANPD;
  • revocation of consent;
  • request for information in general on the subject, and especially on consent to the processing of personal data;

To exercise your rights listed above, contact our Privacy and Data Protection channel by email: lgpd@yes.ind.br.

  • Changes to the Privacy and Data Protection Policy

In view of the dynamics of the topic and the constant market and technology updates, this policy may be changed at any time, which is why we recommend that you revisit it periodically to find out how we are treating your data.

  • Complaints, doubts and suggestions

We also know that, despite all the explanation above, many times some doubts may remain, in addition, there may be complaints and requests that you want to communicate to us, on topics related to the way of treatment and data protection. In this case, we strongly encourage you to contact YES in the figure of our DPO/Data Protection Officer, Patricia Nunes Arantes, through the electronic address lgpd@yes.ind.br.