font
EN Logo Amaggi
Logo Amaggi

Privacy Policy 2024

1.OBJETIVE

Ensure your privacy, which is why we understand that any and all processing of personal data must be limited to what is strictly necessary, relevant, and proportionate to enable the intended purpose. For this reason, the personal data we collect about you will only be that compatible with your relationship with us, that is, from employees, social organizations, direct and indirect beneficiaries, suppliers, service providers, partner companies, members of the Board of Trustees, members of the Supervisory Board, members of the Management Committee, among others.

2. DEFINITIONS, TERMINOLOGY AND ACRONYMS

See below some important definitions to better understand the protection we apply to your personal data, the limits of our use, and your rights:

I – You or Data Holder: natural person to whom the Personal Data refers, which will be subject to processing by the Foundation.

II – Personal data: identified or identifiable information about a data subject. Examples of personal data are your name, CPF, ID, computer address and IP, and telephone.

III – Sensitive personal data: personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership of trade unions, in addition to genetic, biometric data with the aim of uniquely identifying a natural person, data relating to health or data relating to the sexual life or sexual orientation of a natural person.

IV – Anonymized data: information that does not identify or lead to the identification of any person, considering the use of reasonable technical means available at the time of processing the data.

V – Controller: a person responsible for making decisions related to processing holders’ personal data. In this case, the controller is the Foundation.

VI – Co-controller: controllers with joint, coexisting responsibilities in the processing of personal data.

VII – Operator: a person responsible for carrying out data processing following lawful instructions from a Controller of data subjects’ personal data.

VIII—DPO: The DPO is the person appointed by the Controller as responsible for data protection within AMAGGI. It ensures the security of information, both for the holders and for the organization itself. The DPO also acts as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).

IX – Processing: any operation carried out with personal data, which may include obtaining, accessing, analyzing, transferring, storing, anonymizing, deleting, etc.

X – Direct Beneficiaries: people who participate in the Foundation‘s programs and projects and receive some type of direct support.

XI – Indirect Beneficiaries: people who are positively impacted by the actions of direct beneficiaries who participate in the Foundation‘s programs and projects.

XII – Interested parties: any people or institutions, public, private, or third sector, that maintain a relationship with the Foundation.

XIII- Foundation: acronym used to abbreviate the corporate name of the André and Lucia Maggi Foundation.

3. FOUNDATION PRIVACY POLICY

This Privacy Policy explains how we protect your privacy when you share data with the Foundation. If you have questions about this Privacy Policy, please contact us via our contact email privacidade@falm.org.br

3.1 What are your rights regarding privacy and protection of personal data?

A) See below your main rights related to your personal data (Article 18 of the LGPD):

I – Confirmation of the existence and processing of your personal data;

II – Access to your personal data;

III – Correction of incomplete, inaccurate, or outdated data;

IV – Anonymization, blocking, or deletion of personal data that is unnecessary, excessive, or that is being processed in violation of the law;

V – Obtaining information about how your personal data is processed;

VI – Deletion of your personal data, which have been processed based on your previously given consent, except in the cases mentioned below;

VII – Information about which public and private entities with which the Foundation shared data;

VIII – Possibility of not providing consent for the processing of your data and being informed of the consequences of such refusal;

IX – Revocation of consent under the terms of the LGPD;

X – Request portability of your data, upon express request, to another service or product provider in a format to be regulated by the National Data Protection Authority (“ANPD”).

B) In some cases, data may not be deleted after processing, in accordance with the provisions of the LGPD, these are:

I – Compliance with legal or regulatory obligations by the controller;

II – Study by a research body, ensuring, whenever possible, the anonymization of personal data;

III – Transfer to a third party, as long as the data processing requirements set out in the LGPD are respected or

IV – Exclusive use by the controller and access by third parties is prohibited, provided that the data is anonymized.

3.2 Collection and processing of your personal data

3.2.1. The Foundation undertakes to comply with all applicable legislation regarding the protection of personal data and ensure that personal data is collected and processed in accordance with the provisions of the General Data Protection Law and other applicable local laws.

3.2.2. Below we indicate which data is collected and processed by Foundation, as well as the purpose/need and legal basis of the processing.

3.3 Data we collect about you

Following the principles of loyalty, justice, and transparency, the Foundation does not collect or process personal data without having a legitimate and/or contractual and/or legal reason to do so. In order for us to carry out our programs, projects, and other institutional actions, it is essential to collect some information about them, as detailed below:

3.3.1 Data collected through our channels (websites or applications)

3.3.1.1. The Foundation will collect personal data entered or forwarded when accessing our channels (websites or applications) by filling out interest, registration, pre-registration, or information request forms. The data collected is necessary to respond to information and requests through Contact Us on the Foundation website and AMAGGI Reporting Channel for other purposes for which we provide specific notice at the time of collection or otherwise as authorized or required by law.

3.3.1.2. These personal data are:

a) Identification data such as name, ID, CPF, nationality, and license plate;

b) Personal and professional contact details such as email, telephone, city and state;

c) Employment data such as company/entity, complaints, and claims.

3.3.1.3. As it is a channel where holders can send complaints or situations that violate our code of ethics, AMAGGI and the Foundation may receive personal data classified as sensitive, such as health data, race, and ethnicity, sexual orientation, union membership, or organization of religious, philosophical and political nature or other information that could be sources of discrimination against such holders. The channel is open to all holders, and AMAGGI and the Foundation can process data from employees, candidates, drivers, customers, producers, suppliers, service providers, among other citizens who do not necessarily have a direct link to AMAGGI and the Foundation.

3.3.1.4. The data is collected upon consent provided by the holder who described the situation and is processed in accordance with the LGPD, in compliance with the controller’s legal obligations, including those provided for in the Anti-Corruption Law.

3.3.2 Candidate data                         

Data from job candidates at the Foundation are collected to support the recruitment and selection process, as well as checking for conflicts of interest. These personal data are:

a) Identification data such as name, CPF ID (Individual Registration ID), CNH (Driver License), date of birth, nationality, place of birth, parents’ name, marital status, voter ID, reservist certificate, social media account;

b) Personal contact data such as email, telephone, and home address;

c) Educational, professional, and employment data such as school/academic record, CV, education level, school/university, diploma, educational and training history, information on courses and training, qualifications/certifications, languages, benefits and rights data, license work history, previous work history, enrollment, end date and reason for termination, position/role, salary/salary, and salary/salary expectation.

3.3.2.2. We may also collect sensitive personal biometric data such as photo, image; health data such as PWD (person with disability), information and reports related to health and safety, occupational health certificate, medical records; racial or ethnic origin.

3.3.3 Employee data

3.3.3.1. Employee data is collected aiming to complete human resources processes; carry out access control to AMAGGI; comply with regulations; and other purposes necessary for the full execution of its activities, as well as the signed employment contract.

3.3.3.2. The personal data collected are:

a) Identification data such as name, ID, CPF (Individual Registration), CNH (Driver License), PIS, PPE, INSS, date of birth, birth certificate, number of the Declaration of Live Birth (DNV), mother’s name, father’s name, nationality, place of birth, marital status, voter registration card, marriage certificate, death certificate, children’s names, traffic fines or warnings, license plate, signature, social media account;

b) Identification data of the employee’s spouse such as name, ID, CPF (Individual Registration), marriage certificate, birth certificate, and death certificate;

c) Personal and professional contact details such as email, telephone, and home address;

3.4 Cookies

Like many companies, our site uses “cookies”. Cookies are pieces of text that are placed on your computer’s hard drive when you visit certain websites. We may use cookies to tell us, for example, whether you have visited us before or whether you are a new visitor and to help us identify features in which you may be most interested. Cookies can enhance your online experience by saving your preferences while you visit a website.

When you visit our website, we will inform you what types of cookies we use and how to disable these cookies. You can visit our website and refuse the use of cookies or manage your preferences at any time on your computer.

Personal data is collected for specific and legitimate purposes and is not processed in a manner incompatible with these purposes in accordance with DE-0160 – Foundation Cookies Policy.

3.5 Information security

3.5.1. We implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful alteration or loss, or unauthorized use, disclosure, or access, in accordance with our AMAGGI Information Security Policy.

3.5.2. Handling and responding to security incidents consist of receiving, filtering, classifying and responding to requests and alerts and carrying out analyzes of security incidents, seeking to extract information that allows the continuation of malicious action to be prevented and also the identification of vulnerabilities through the PO – 0624 AMAGGI Incident Response Procedure.

3.5.3. We take, where appropriate, all reasonable measures based on privacy by design and privacy by standard principles to implement the necessary safeguards and protect the processing of personal data. We also carry out, depending on the level of risk raised by the processing, a privacy impact assessment (“DPIA”) to take appropriate measures and ensure the protection of personal data.

3.6 Sharing of personal data

We may, in the normal course of our business, internally share personal data among our employees, contractors/subcontractors to meet legitimate interests in compliance with the provisions of the LGPD and also to:

a) Business partners: We will always guide these business partners on how to process your data, keep it secure, and comply with the law.

b) External/internal audits: personal data may be shared with external audit services of our operations, especially for analyzes regarding compliance with privacy parameters, data protection and information security.

c) Public authorities or official bodies: to comply with legal obligations to which we are subject, we may have to share data with public authorities or official bodies upon request or express legal provision.

3.7 Data retention time

3.7.1. Personal data will not be used for any purpose other than that described in this Privacy Policy. If we need to use your data for other purposes, we will ask for your consent before proceeding unless it is to comply with a legal obligation or to serve our legitimate interests, such as carrying out internal investigations and preventing fraud and other illegalities.

3.7.2. Furthermore, the personal data indicated will be kept in our system only as long as necessary to fulfill the purposes described here, including protecting the rights and interests of the company in the event of a legal claim.

3.8 International transfers of personal data

Considering AMAGGI’s international presence, personal data may be transferred to other group companies, or third parties located outside Brazil. The Foundation will ensure that when personal data is transferred to countries that have different data protection standards, appropriate safeguards will be implemented to protect the personal data and ensure that such data transfers comply with applicable data protection laws.

3.9 Data storage

3.9.1. The Foundation will keep the personal data processed accurately and, when necessary, updated. Furthermore, it will only keep personal data for as long as necessary for those purposes.

3.9.2. Personal data processed by the Organization will be eliminated when they are no longer necessary for the purposes for which they were collected or when requested by you, except in the event of the need to comply with a legal or regulatory obligation, transfer to a third party – as long as the data processing requirements – and exclusive use by the Company, including for the exercise of its rights in legal or administrative proceedings.

3.10 Update

We may update this Privacy Policy from time to time as our business changes or legal requirements change. If we make significant changes to this policy, we will post a notice on our website when the changes become effective, and the date this policy was last revised is identified at the top of the page.

3.11 Contact us

If you have questions about the collection and processing of your personal data by Foundation, you can send your questions, comments, complaints or exercise your rights as a data subject to AMAGGI’s DPO via our contact email privacidade@falm.org.br

We will ensure that the personal data processed is adequate, relevant and limited to what is necessary for the purposes for which it is processed and in compliance with the legal bases established by the LGPD.

4. RESPONSIBILITIES, EXCEPTIONALITIES AND GENERAL PROVISIONS

All employees are individually responsible for ensuring compliance with this document in conjunction with the Code of Ethics and Conduct and current legislation and regulations. Immediate superiors must ensure that their subordinates receive the necessary guidance to meet the requirements of this document.

The Foundation is responsible for this document and its updating, whenever necessary. Any exception to the provisions must be forwarded to the organization’s Management Committee.

5. REFERENCES

General Data Protection Law, Law No. 13,709/2018.