Access.Run consists of an iOS and Android applications, our website (www.access.run) and all the Access.Run software and hardware family are products of a company called Access Run S/A (www.access.run). Contact information can be found at the end of this document.
Personal identification information
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using our products.
Unless specified otherwise, all Data requested by our products is mandatory and failure to provide this Data may make it impossible for our products to provide its services. In cases where our products specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact us.
Users are responsible for any third-party Personal Data obtained, published or shared through our products and confirm that they have the third party’s consent to provide the Data to the Access Run S/A.
In compliance with [brazilian] laws, we are obliged to store the IP address, date and time and which resource was accessed in our infrastructure for every network request. The IP address is a number that uniquely identifies you in the internet, which means it can be used to personally identify you when cross-referenced with data from your ISP (which we don’t have access to). This information is stored for a minimum period of six months, which might be extended through a proper judicial order.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web browser cookies
How we use collected information
Access Run may collect and use Users personal information for the following purposes:
- To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- To improve our services
We may use feedback you provide to improve our products and services.
- To provide security
We may use IP and Geolocation to blocking unathorized access to our services when application is use from another non authorized devices, or send mail communication to you about unsual access location.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.
Sharing your personal information
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
As being stationed in Brazil, Access Run S/A is abides by it’s laws and judicial system. If obliged by a judicial order of reasonable legal basis, Access Run S/A will share User information with brazilian authorities.
Your acceptance of these terms
By using this Site or the App, you signify your acceptance of this policy and terms of service. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
Access Run S/A
Av. Rio Verde, Cond. Cidade Empresarial – Cidade Vera Cruz, Aparecida de Goiânia – GO
Specific Conditions for Personal Data Protection (“Specific Conditions”)
- The object of this Term of Commitment and Specific Conditions is to regulate the additional conditions related to compliance with Law 13.709/18 and legislation related to the protection of personal data and privacy (“LGPD”).
- If the User, when rendering the services and/or supplying the products object of the Contract, carries out Personal Data Treatment: (i) on behalf of the Contractor, as Operator, and/or (ii) through own Treatment decisions, linked the guidelines set forth herein, as Controller, the User must follow the guidelines provided for in this Annex and in the LGPD.
- The Contractor will be Controller of the Data provided and/or obtained by the Contractor and/or Data collected by the User on behalf of the Contractor. The User will be considered a Controller with respect to his own Data and his Processing activities, being entirely responsible for such Data and Treatments, including with regard to any indemnification due to the Contractor, the Holder and/or third parties.
- These Specific Conditions are part of the contract signed between the Contractor and the User (“Contract”) for all purposes, and the provisions contained herein prevail over any conflicting provisions on the Data and Treatment provided for in the Contract.
- Capitalized terms that have not been expressly defined in these Specific Conditions will have the meanings assigned to them in the General Conditions or in the Term of Formalization of this Contract.
- For the purposes of these Specific Conditions, the terms below will have the following definition:
- “Affiliate” means, in relation to any person, any other person who, directly or indirectly, Control, whether Controlled by itself or with it under common or shared Control. “Control” means, for the purpose of this definition only, the power to permanently secure the majority of votes in the deliberations of the general meeting and to elect the majority of the managers of a company and the effective use of these powers to direct social activities and guiding the functioning of the organs of society;
- “Controller” has the meaning attributed to it in Law 13.709/18;
- “Data” means Personal Data, Sensitive Personal Data and information forwarded in any format by the Contractor or by third parties to perform the Contract and/or Personal Data, Sensitive Personal Data and/or information that is used to perform the Contract;
- “Personal Data” has the meaning attributed to it in Law 13.709/18;
- “Sensitive Personal Data” has the meaning attributed to it in Law 13.709/18;
- “Law” means any law, regulation, normative act, order, injunction, decree or subpoena of any court (including arbitration), of any instance, or authority applicable to the Parties and the Contract;
- “Operator” has the meaning assigned to it in Law 13.709/18;
- “Holder” has the meaning attributed to him in Law 13.709/18; and
- “Treatment” has the meaning attributed to it in Law 13.709/18.
3. User Specific Obligations
- Obligations related to all Data used under the Contract. Regarding the Treatment and Data used in the scope of the Contract, whether provided and/or obtained by the User or by the Contractor, the User undertakes to:
- if the provision of services or products supply involves the use of User Data, ensure that the Data was and will be obtained and in any way treated lawfully, with an appropriate legal basis under the terms of the LGPD, including for the purposes of sharing or processing in the scope and for the purposes of this Contract;
- have sufficient mechanisms to ensure that the use of the Data will be carried out in accordance with the LGPD, including observing, in cases of consent, the manifestation of revocability made by the Holder;
- maintain the safety and confidentiality of the Data, adopting security, technical and administrative measures capable of protecting the Data from unauthorized access and accidental or illicit situations of destruction, loss, alteration, communication or any form of improper or illicit treatment;
- endow your environment with modern and efficient data protection and security technology, validated with the Contractor;
- keep a record of the Data Processing activities, the logs and the audit trail and proof of the Treatment to be performed, according to the Contractor’s guidelines, if applicable;
- maintain periodic evaluation of the Treatment to ensure the safety and quality of the object of the Contract;
- provide, within the period requested by the Contractor, information, documents, certifications and reports related to the Treatment, in accordance with the Contractor’s guidelines; and
- assist the Contractor in the preparation of assessments and reports on the impact of Data protection and other records, documents and requests required by Law or necessary for the Contractor.
- Obligations related to the Contractor’s Data. With respect to the Treatment and Data provided and/or obtained by the Contractor and/or Data collected by the User on behalf of the Contractor, the User undertakes to:
- observe criteria, guidelines, deadlines, schedules, service levels, security measures, quality standards and procedures provided for in this Contract, in the Contractor’s policies or otherwise requested by him;
- not using the Data, in any way or form, including in an individualized, aggregated and/or anonymized manner, for purposes other than those established in the Contract and within the limit necessary for the Treatment;
- not to share, transfer, market or otherwise allow access to the Data to Affiliates or third parties not authorized by the Contractor under the scope of the Contract;
- restrict access to the Data only to those who effectively need to access it in order to comply with this Contract and to the extent necessary for Treatment, while ensuring that those who, within the limits and terms of this Agreement, have, or may have, access to the Data respect and maintain the confidentiality and security of the Data, as well as observe the provisions of the Specific Conditions and the Contract;
- guarantee unrestricted and at any time access by the Contractor and/or its Affiliates to the Data;
- upon request and in accordance with the Contractor’s specific instructions, take any action related to the Data Processing, including its correction, deletion, anonymization and/or blocking and send, within a maximum period of 3 days from the request or within a period to be defined by the Contractor, a confirmation of said action;
- notify the Contractor if there is a need for international transfer of Data for the performance of the Contract and/or the Treatment provided for in the Contract, which may occur only with the prior written authorization of the Contractor and by ensuring that all measures for the protection of data of the Holders, including those provided for in these Specific Conditions, will be taken to carry out the referred transfer; and
- when acting as Operator, carry out the Treatment in accordance with the instructions provided by the Contractor.
- After the end of the Treatment and/or the Contract, or before if so requested by the Contractor, in accordance with the terms and guidelines defined by the Contractor, the User must permanently delete all Data and/or return the Data to the Contractor, including those sent to Subcontracted, keeping their logs and other proof of exclusion and/or return, which can be requested at any time by the Contractor.
- Compliance with Holder requests and requests arising from the Law. It is stated that the Contractor will be responsible for fulfilling the Holders’ requests and requests resulting from the Law with respect to the Data provided and/or obtained by the Contractor and/or Data collected by the User in name of the Contractor. In such cases, the User is obliged to provide information and documents in a timely manner and assist the Contractor, including through the adoption of appropriate technical and organizational measures, so that the Contractor can comply with the rights of the Holders provided for in the LGPD and other applicable Laws.
- If the User, acting as Operator, is required by Law or requested by the Holder, to reveal, change, delete or perform any other Data Treatment or to provide information or documents related to the Data, the Treatment or about this Contract, the User must notify the Contractor immediately, sending the necessary documents and information so that the Contractor can defend itself or manifest itself in relation to said disclosure, alteration, exclusion or other Treatment, as well as the provision of information or documents. The Contractor may request from the User additional information and measures that he deems necessary, as well as carry out such disclosure, alteration, exclusion or other Treatment on his own. For clarification purposes, the obligations of this clause will apply if there is no prohibition contained in the Law.
- With respect to the Data provided and/or obtained by the User in his own name, the User himself must be responsible for meeting the requests of the Holders and arising from the Law.
- The User undertakes not to subcontract individuals or legal entities to carry out any Service and/or the other activities provided for in the Contract, except with the prior and written authorization of the Contractor (“Prior Authorization”). To obtain the Prior Authorization, the User will provide the Contractor with all information and provide all documents requested by the Contractor about the subcontracting and about the third party to be subcontracted (“Subcontracted“). The Prior Authorization does not exclude the User’s responsibility regarding the fulfillment of the Contract and the User will be jointly liable for the obligations of its Subcontracted, including labor and social security, and for any damages and losses caused by them to the Contractor or to third parties due to the Services and/or other activities provided for in the Contract.
- The contractual relationship established with the Subcontracted shall: (i) be formalized in writing between the User and the Subcontracted, in the same manner as the Contract; (ii) meet all the conditions required by the Contractor for the provision of Services and execution of the other activities provided for in the Contract; (iii) impose on Subcontracted responsibility for all obligations related to its employees and agents; (iv) impose on the Subcontracted the obligation to comply with all the Laws applicable to the activities performed within the scope of the provision of the Services and execution of the other activities provided for in the Contract, including the rules on protection of personal data, privacy and confidentiality; and (v) establish that the User will be fully responsible for the payment of any and all amounts due to the Subcontracted, and that the invoices will be issued in the User’s name.
4. Information Security
- In order to guarantee the confidentiality, integrity and availability of the Data, upon becoming aware of any and all information security incidents that occur in its own environment or that of a third party, under its responsibility, and that could compromise the Treatment, the Data or its activities , especially unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or any form of improper or unlawful treatment, whether internal or to other customers of the User (“Security Incident”), the User must:
- within a reasonable time, send a written notification to the Contractor, respecting the minimum 48 hours’ notice in relation to the term provided for by Law, if any, indicating in said notification, at least (a) the description and nature of the affected personal data; (b) information about the Holders involved in or affected by the Security Incident; (c) an indication of the technical and security measures used to protect personal data; (d) the risks related to the Security Incident; and (e) the measures that have been or will be taken to reverse or mitigate the effects of the Security Incident (“Security Incident Notification”);
- immediately take all necessary measures to identify and remedy the causes of the Security Incident;
- comply with the guidelines that may be requested by the Contractor in relation to Security Incidents, including (a) obtaining evidence about the Security Incident and the Data and/or Treatment that may have been compromised, and no evidence should be submitted with data or information from other User’s customers; and (b) the execution of all risk mitigation strategies to reduce the impact of the Security Incident that occurred and/or the probability or impact of any similar incident; and
- preserve and protect the security of the Contractor, Data and Treatment services.
- If the User has not sent the Security Incident Notification within the period provided for in this clause, he must indicate the reasons why it was not possible to comply with this period.
- The User acknowledges that the Contractor may share information related to Security Incidents with the Central Bank of Brazil, with other regulatory entities and with the Holders, as well as with other financial institutions, as provided for by Law. Such actions will not characterize a violation of any Contractor’s duty of confidentiality.
- If the Subcontracted need to adapt to the Contractor’s information security requirements is identified, the User must facilitate, together with the Subcontracted, the Contractor to assess information security risks and the adequacy of the Subcontracted environment.
5. Specific Penalties
- Without prejudice to losses and damages, if the User or any of its professionals or Subcontracted breaches any obligation of these Specific Conditions or the legislation on the protection of personal data, privacy and confidentiality, the Contractor will notify him so that he can correct the default within the period informed by the Contractor. If the User does not remedy said default within the period granted, he may be subject to the payment of a fine, as provided for in this section Specific Penalties.
- Without prejudice to losses and damages, the User may be charged a daily fine (“Daily Fine”) of the highest amount between (i) R$ 3,000.00 (amount to be updated annually by the IGP-M as of this date); or (ii) the amount corresponding to (a) 1% of the monthly average of the amounts paid in the Contract to the User between the date of signing the Contract and the occurrence of the event, in the event that the Contractor makes monthly payments to the User; or (b) 0.1% of the amount corresponding to the total amount paid in the Contract to the User divided by the number of months in force of the contract, in the event that the Contractor makes payments in any other format that is not exclusively monthly. The Daily Fine is limited to the total value of the Contract and will apply from the date of non-compliance with the obligation or, in the absence of this, from the date of the User being late in payment, until the 30th day of delay or from the date of the constitution of default (as applicable).
- Without prejudice to losses and damages, if the default is not remedial, a fine of the highest amount between (i) R $ 15,000.00 (amount to be updated annually by the IGP-M as of this date) may be applied to the User; or (ii) the amount corresponding to (a) 15% of the monthly average of the amounts paid in the Contract to the User between the date of signing the Contract and the occurrence of the event, in the event that the Contractor makes monthly payments to the User; or (b) 1.5% of the amount corresponding to the total amount paid in the Contract to the User divided by the number of months in force of the Contract, in the event that the Contractor makes payments in any other format that is not exclusively monthly.
6. General Provisions and Additional Assumptions for Terminating the Contract
- Supervenience of Law. In the event of supervening Law to which the Contractor is subject, the Parties agree to adapt these Specific Conditions so that it remains in compliance with the Laws. If it is not possible to adapt the Contract within 30 days, the Contractor may terminate the Contract immediately, free of charge.
- Compliance with Obligations. The Contractor may request, at any time, proof of compliance with the obligations provided for in these Specific Conditions, as well as perform audits for this purpose, including accessing the User’s premises with prior notice. The Contractor may also terminate the Contract at any time, if the User or any of its professionals or Subcontracted breaches any obligation of these Specific Conditions.
- LGPD compliance. Without prejudice to the provisions of these Specific Conditions, the User undertakes to observe and comply with the LGPD, as well as to observe and comply with rules and procedures that may be published and/or required by regulatory authorities, including the National Data Protection Authority, within the scope of Treatment.
- Limitation of Liability. The User agrees that no limitation of liability will apply to losses and damages arising from a breach of privacy, protection of Personal Data, failure to comply with the LGPD or other applicable laws on data protection and confidentiality and/or these Specific Conditions.
- Compliance with Laws by the Contractor. The Contractor observes the Law in force, mainly with regard to the security and protection of Personal Data.
- Confidential Information. Any Treatment will be considered Confidential Information under the terms of the Contract. In the event of any incident concerning the Data, Treatment and/or User that the Contractor understands, at its sole discretion, that it is necessary to manifest, including publicly, such manifestation, including any mention of the User and/or the object and existence of this Contract, is now permitted.
- The provisions of these Specific Conditions will oblige the Parties as from the entry into force of Law 13.709/18.
7. Omitted Cases and General Provisions
- The User must resolve any doubts that may exist regarding this Term by consulting the Contracting Party expressly.
- This Term does not establish any permanent bonds between the User and the Contractor, such as any form of partnership, association, society, representation, employment relationship or joint or several liability, nor does it grant any powers or authority for the User to act in name of the Contractor, unless expressly authorized by the Contractor.
8. Conflict and Resolution Forum
- Questions arising from the execution of this Term, which cannot be resolved administratively, will be processed and judged in the same forum and district of the Contract.
The User assumes all commitments provided for in this Term, and signs it, with the Contractor and in the presence of 02 (two) witnesses, in 02 (two) copies of equal content and form.
__________, ______ of ____________ of ________
ACCESS.RUN S/A USER
CNPJ nº 28.761.657/0001-90 EIN/FTIN/Corporate Tax ID
1) _______________________________ 2)_______________________________
This document was last updated on wednesday, september 16, 2020.