1. OBJECTIVE

To inform all employees, clients, partners and those who who access the NISS website with regard to the application of the General Data Protection Law - LGPD.

2. SCOPE

Applies to all NISS employees, clients and partners. PARTNERS.

3. PROCESS DESCRIPTION

NISS needs to collect and process personal data from its customers. Accordingly, this NISS Privacy and Personal Data Policy (hereinafter the "Privacy Policy"), aims to help our customers understand what personal data we collect, how and why we use it, to whom we disclose it and disclose it and how we protect your privacy when you use our services.

4. WHY?

NISS is committed to protecting the security and privacy of its customers. In this context, it has drawn up this Privacy Policy in order to affirm its commitment and respect for the rules of privacy and protection of personal data.

We want our customers to be aware of the general rules privacy rules and the terms for processing the data we we collect, in strict compliance with the applicable legislation in this area, namely Law No. 13,709, of August 14, 2018 2018 ("General Data Protection Law - LGPD" or simply "LGPD").

NISS strives to respect the best practices in terms of security and protection of personal data promoting/raising awareness of good practices in this area, and improving systems in order to manage the protection of data made available to it by its customers, in close compliance with legal obligations.

Filling in the data collection forms and providing data, directly or indirectly, implies knowledge of the conditions of this Policy, and of any other specific terms, policies and conditions relating to the services provided.

5. WHAT IS PERSONAL DATA?

Personal data means any information relating to to an identified or identifiable natural person (data subject), of whatever nature and data subject), of any nature and regardless of its medium. An identifiable person is one who can be identified directly or indirectly, namely by reference to an identification number or more elements specific elements of their physical, physiological, mental, economic, cultural or social identity, economic, cultural or social identity. Personal data may have different nature in certain situations, which the LGPD classifies as "sensitive data". This may the racial or ethnic origin of the data subject, their political political opinions, religious or philosophical convictions, genetic philosophical beliefs, genetic information, biometric identifiers, sex life, sexual orientation or their health.

6. OTHER IMPORTANT DEFINITIONS

• Consent of the data subject - expression of free, specific, informed and explicit manifestation of will, by which the data subject accepts, by means of a declaration or unequivocal positive act, that the personal data relating to him/her to be processed;
• Controller: A natural or legal person, governed by public or private law. public or private, to whom decisions regarding the processing of personal data;
• Profiling - any form of automated processing of personal data which consists of using personal data to, inter alia, include a natural natural person in a particular category with regard to their professional performance, economic situation health, personal preferences, interests, behavior location or movements;
• Data Protection Officer - "DPO") - person or entity appointed to ensure, in an organization, the processing of personal data data processing complies with the LGPD, ensuring efficient communication with data subjects and cooperation with supervisory control authorities, bridging the gap with the different different areas of activity within NISS. The DPO does not receive instructions regarding the exercise of their functions, reporting directly to the management bodies of the entity that appointed him;
• Controller - natural or legal person, public authority, agency or other body who, alone or jointly with others, determines the purposes and means of processing personal data data;
• Third party - natural or legal person, service or body other than the data subject, the Controller, the Operator and persons who, under the direct authority of the Controller or the Operator, are authorized to process the personal data;
• Data subject - identified or identifiable natural person identifiable natural person to whom the personal data relate;
• Processing - operation or set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise form of making available, comparison or interconnection, the limitation, erasure or destruction;
• Operator: Natural or legal person, public or private, who or private law, which processes personal data on behalf of the controller. behalf of the controller;
• Breach of personal data - breach of security which accidentally or unlawfully causes the destruction, loss loss, alteration, unauthorized disclosure of, or access to access to personal data transmitted, stored or otherwise processed. subject to any other type of processing;
• Pseudonymization - the processing of personal data in such a way that that they can no longer be attributed to a specific data subject without without recourse to supplementary information, provided that supplementary information is kept separately subject to technical and measures to ensure that personal data cannot be be attributed to an identified or identifiable natural person or identifiable natural person;
• Anonymization - a technique that results from the processing of personal data in order to personal data in order to remove sufficient that it is no longer possible to identify the data subject, irreversibly. More precisely, the data must be processed in such a way that they can no longer be used to to identify a natural person using all means that can reasonably be used, either by the controller or by a third party.
• National Data Protection Authority - Public administration body responsible for administration responsible for ensuring, implementing and enforcement of the law;

7. WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

The purpose of this Privacy Policy is to inform customers of the terms of processing of personal data of NISS, determining the purposes and means of processing their their data in the context of the provision of services, for which reason it must be considered a Controller, under the terms of the LGPD.

Thus, when you are assisted by an independent third party (real estate broker, for example), on behalf of NISS, this third party will be considered an Operator, under the terms of the LGPD. Therefore, if there are any questions about the regarding the privacy of customer data, we ask that you the competent broker is also indicated, where appropriate, for the purposes of investigating any infractions, intent, negligence, negligence or malpractice.

8. WHAT PERSONAL DATA DO WE COLLECT AND BY WHAT MEANS?

NISS collects personal information provided by the user, information that can identify you. This information collected may vary according to your use of NISS, as well as the type of information you the type of information you choose to provide us with.

In order to make good use of our website, the customer provides some information such as name, telephone number, e-mail address, date of date of registration and source of registration. NISS uses CRM and RD Station systems, through which other information is also provided. In the first system, NISS has access to the customer's customer's conversation history, interactions (whether there have been visits, meetings, exchanges of messages), address, profession and family composition. Through RD Station, on the other hand, the NISS has access to the browsing history of NISS content and some TAGs (identifiers) added to the register.

The TAGs used for segmentation are, in turn: media origin, product of interest source of the media, product of interest, pages visited on the site, email received, email opened and clicked on the email link. All this information collected by NISS is cumulative of behavior, quantifying the interaction of the prospect's actions, so that NISS and its Operators can provide a better service. can provide a better service.

9. CATEGORY OF DATA PROCESSED, MEANS AND FORMS OF COLLECTION

The customer will always be duly informed of the obligation to to provide this data in order to continue with the process with NISS.

• When you register on the NISS website:
  Data Collected: Name, telephone, e-mail, address, profession and family composition. This personal data is mandatory (the customer is duly informed of the obligation to provide this to continue the process).
• Through the CRM system:
  Data collected: history customer's conversation history, interactions (if visits have taken place, meetings, exchange of messages), address, profession and family composition.
• Through other systems:
  Data collected: browsing history on NISS content and some TAGs added to the register. The TAGs used for segmentation are: origin of the media, product of interest, pages interest, pages visited on the site, receipt of e-mail, opening of e-mail and click on the link link.

10. WHAT ARE THE PURPOSES OF COLLECTING YOUR PERSONAL DATA?

Customers' personal data is processed in order to offer content and materials of interest to customers. For this happen, it is often necessary to cross-reference the data that we collect, so that marketing actions are what the customer expects to receive from NISS.

In this sense, we use your personal data to communicate and manage our relationship with you. In this sense, we may contact you by letter, e-mail, social media or SMS, for administrative or operational reasons, for example, in order to send you news about properties that may be of interest to you. interest. We will also use your personal data to respond to your requests, suggestions or contacts, to improve our services and your experience as a customer.

11. On what basis do we process your personal data?

NISS will only process your personal data when it is duly authorized. In order for the processing of personal data to be lawful, there must be an adequate for each specific processing.

With regard to the processing of your data carried out by NISS to improve our services and meet our administrative and quality objectives, the appropriate lawfulness will be the pursuit of legitimate interests of the Controller, as well as Contractual Compliance, when applicable, in addition to the customer's own consent. This implies that data subjects may object to the processing of their data for the aforementioned purposes, under the under the LGPD, if they present valid reasons related to their particular situation. their particular situation. In this case, the Controller may present legitimate reasons justifying the the continuation of such processing, in which case it reserves the right to right to continue processing your data for these purposes purposes, as well as in cases where such processing is necessary for the purposes of declaring, exercising or defending a right in legal proceedings.

With regard to the processing of data carried out by NISS in the context of compliance with legal obligations, the grounds for lawfulness for carrying out such processing - mostly communications to external entities - will be the need for processing for the purpose of complying with legal obligations of the Controller.

12. Which NISS Professionals have Access to Your Data?

When processing your personal data, NISS observes, at all times, the principles of data protection privacy by design. This commitment implies, among other things, that your personal data will only be accessible to people who need to to know them in the performance of their duties, to the strictest extent necessary for the pursuit of the processing purposes listed above.

13. How long will your personal data be kept?

The personal data NISS collects from its customers is processed in compliance with the applicable legislation and are stored in in specific databases. This data is kept in a format that allows data subjects to be identified for no longer than is necessary for the purposes for which they are processed. for which they are processed.

The period of time for which data is stored and varies according to the purpose for which the information is used. There are, however, legal requirements that oblige data to be kept for a certain period of time. time. We take as a benchmark for determining the appropriate period of the various decisions of the data protection data protection authorities, namely the National Data Protection Authority (ANPD).

14. What rights do data subjects have?

Under the terms of the applicable legislation, the data subject may request, at any time, access to personal data concerning them, as well as their rectification personal data concerning them, as well as their rectification, the portability portability of their data, directly via e-mail to privacidade@niss.com.br, or by contacting NISS in person. NISS.

Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint to the ANPD or another competent supervisory authority under the terms of the law, if they consider that their data is not being legitimate processing by NISS, under the terms of applicable legislation and this Policy.

15. What Security Measures has NISS adopted?

NISS is committed to ensuring confidentiality, protection and security of its customers' personal data, by implementing the appropriate technical and organizational measures to protect their data against any form of improper or unlawful processing and against any accidental loss or destruction of this data. loss or destruction of this data. To this end, we have systems and teams designed to guarantee the security of the personal data processed, creating and updating procedures that prevent unauthorized access, accidental loss and/or destruction of personal data, undertaking to comply with the legislation on the protection of customers' personal data and to process this data only for the purposes for which it was collected, as well as to ensure that this data is processed with adequate levels of security and confidentiality.

NISS may, in some cases, pass on your personal data to third parties. to third parties. NISS has defined clear contractual rules on the processing of personal data with its operators, and requires them to adopt the appropriate technical and organizational measures to protect your personal data. However, in some cases, we may be required by law to disclose your personal data to third parties (such as supervisory authorities) over whom we have limited control over the protection of personal data.

The information database formed by the NISS can be made available to strategic business partners with a view to benefit and generate mutual results, such as supplying or improvement of our products, services and advertising.

NISS is not responsible for the use and processing of business and economic partners of NISS to the collected and shared, and it is the responsibility of the responsibility of the company or partner that uses it to give it the proper treatment and use.

It may be necessary - by law, legal process, litigation and/or public and governmental authorities within or outside your country of residence - for NISS to disclose your personal information. We may also disclose your information if we determine that, for purposes of national security, law enforcement or other issues of public importance, disclosure is necessary or appropriate. disclosure is necessary or appropriate.

We may also disclose your information if we determine that the disclosure is reasonably necessary to enforce our terms or to protect our operations or users. In addition In addition, in the event of a reorganization, merger or sale, we may transfer any and all personal information we to relevant third parties.

16. Under What Circumstances is Data Communicated to Other Entities? Entities?

NISS uses other entities to provide certain services. services. The provision of these services may involve access by these entities to personal data of its customers. This is the case with entities that provide support services for NISS systems.

Thus, any entity that characterizes itself as a Operator will process the personal data of our customers, in our our name and on our behalf, under the strict obligation to follow our our instructions. NISS ensures that such entities as Operators offer sufficient guarantees that appropriate technical and organizational measures are in place so that that the processing meets the requirements of the applicable law and law and ensures the security and protection of the rights of the data subjects, under the terms of the subcontracting agreement signed with said Operators.

NISS may also transmit the personal data of its to third parties when it deems such communications as necessary or appropriate:

• in the light of the applicable law,
• in compliance with legal obligations/court orders, e;
• to respond to requests from public or authorities.

In this regard, NISS may transmit your personal data to to any Public Contracting Authority, the Courts, Solicitors, the criminal police or the Public Prosecutor's Office Public Prosecutor's Office when notified to do so or when it is necessary for the fulfillment of legal obligations, in accordance with the law.

In any of the above situations, NISS undertakes to take all reasonable measures to guarantee the effective protection of the personal data it processes.

17. Contact us

You can contact the Data Protection Officer ("DPO") of ("DPO") for further information on the processing of your personal data personal data, as well as any questions relating to the exercise of the rights attributed to you by applicable legislation and, in particular, those referred to in this Privacy Policy. Policy, through the following contacts:
e-mail: privacidade@niss.com.br

18. How do I find out about any changes to our privacy policy? Policy?

NISS reserves the right, at any time, to make modifications or updates to this Privacy Policy Privacy Policy at any time. on our Platforms. We suggest that you check them regularly to be aware of any changes.

Back to home page