Privacy Policy

Controller BMS is committed to the privacy and security of its visitors and clients during the entire site navigation process. The registration data of visitors and customers are not sold, exchanged or disclosed to third parties.

The Controller BMS website uses cookies and information from your browsing (browser session) with the aim of profiling the public who visit the site and always improve our services, products and content. Throughout this process we keep your information completely confidential. It is worth remembering that your data is recorded by the website in an automated manner, eliminating human manipulation.

So that this data remains intact, we advise our clients not to disclose their password to third parties, even if they have full confidence in it.

Changes to our privacy policy will be duly informed in this space.

  1. PERSONAL INFORMATION WE COLLECT

When you visit our communication area, we record data such as frequency of use, date and time of access, when you view, or click on a specific option, or your preference.

When clients log into our services area, read our users and Internet protocol (IP) addresses, information is stored that makes it possible to identify you and register your use of the Platform.

When visitors access our communications area, read our e-mail addresses, messages, CVs (in the case of sending CVs to HR) and Internet protocol (IP) addresses, information is stored that makes it possible to identify you and register your use of the Platform.

Please be advised that no decisions are taken by us on the basis of profiles, except for the purposes of legitimate prevention of internet fraud, in which circumstances the law recognises a legitimate interest in data processing.

  1. PURPOSE

Controller BMS, as the Data Controller, will handle your personal data for the following purposes:

  • Manage your registration as a user of the platform, aiming at your identification in order to grant you access to the services available to registered users;
  • Conduct contact via e-mail about updates or information related to human resources, products or services or general matters, provided that it is necessary or reasonable;
  • To issue a response to any request or enquiry made through the visitor and customer service channels available on our pages;
  • Use your information to generate de-identified and embedded data. For example, to generate statistics about visitors and users, their jobs or areas of expertise, number of clicks on a specific project, or visitor or user demographics.

For security reasons, the use of our website’s features may require you to change your password. Please note that secure access also depends on the correct use and storage of confidential passwords.

  1. USE OF DATA

In order to improve our services, please note that personal information related to your interests and preferences may be used by Controller BMS for the purposes of analysis, visitor and user profiling, marketing studies, quality surveys and improving interaction with our clients.

If you expressly allow it, your personal data may be used for the provision of personalised advertising of our products and services, which will be presented via e-mail or other means of electronic communication, by us or third party collaborators.

You can cancel your notifications by following the instructions in each communication you receive.

  1. DATA RETENTION PERIOD

Your personal data will be kept as long as we maintain a valid contractual relationship (in the case of customers accessing our online services) and as long as we maintain an information exchange relationship (in the case of access and use of the communications area), thereafter for the period determined for any obligations arising from the processing of the data or as established by law.

  1. WHO GETS MY DATA

To fulfil the purposes stated in this Privacy Policy, it may be necessary to report or release your personal data to third parties for the following reasons:

  • Business Transfers: relating to any reorganization, restructuring, merger or sale, or any other transfer of assets, including personnel, provided that the receiving party agrees to treat your personal information in accordance with our current Privacy Policy;
  • Service Providers: to provide services on our behalf or to help us provide our services. To provide marketing, advertising, communications, infrastructure and IT services, to personalise and improve our services, to provide customer service, to analyse and improve data (such as data about user interaction with our services), to process and manage satisfaction surveys.
  1. DATA PROTECTION RIGHTS

As a Data Controller, we are committed to respecting the confidential nature of your personal data and to ensuring the full exercise of these rights. These are rights guaranteed to you in data protection:

  • Right of access: the holder of the data processed, that is, you, has the right to confirm whether we are processing your personal data and, if we are, you have the right to obtain a copy of this data and other information regarding handling, recipients, the retention period, and the source collecting the data if not provided by you, among others;
  • Right to amend: this is the right granted to you to rectify inaccurate data and change incomplete information, in addition to being guaranteed to verify the authenticity of the data being processed;
  • Right to erasure: by means of this right you may also impose the deletion of your data, without undue delay, if they are being improperly and unlawfully handled or if the purpose for which they were used or collected has ceased to exist, with the exception of the exercise of expression and information, compliance with a legal order, postulation or defence in legal proceedings, public interest of public health and for scientific or historical research purposes or statistical purposes;
  • Right to limitation of handling: You have the right to request that the suspension of the handling of your information is unlawful or the accuracy of the data has been contested;
  • Right to object: you are also assured the right to object to the handling of your data when it is used for direct marketing purposes or when the processing is terminated due to a particular situation, except where there is a legitimate interest or it is necessary for the exercise or defence of claims;
  • Right not to be subject to personalised decisions: you have the right not to be subject to a decision based solely on the automated processing of your data, including profiling, with legally binding effects on or affecting you, subject to the exceptions provided by law, such as when necessary for the performance of a contract between the data subject and the party responsible for the data, or if you have expressly authorised it;
  • Right to portability: refers to the right to receive the personal information concerning you that you have provided to us or to another party responsible for processing the same, as well as the possibility of transmitting this data directly to another party responsible, without the last party to whom the personal data have been entrusted being able to prevent this, provided that the processing of this information is lawful, is necessary for the performance or diligence of a contract, has been processed, with express permission, under special categories provided for by law and that it is carried out by automated means;
  • Right to transparency: this right aims to ensure that there is transparency and accuracy of information or communications intended for you or the general public, related to the purpose of the use and processing of such personal data, as well as that they are easily accessible and understandable, and formulated in clear and simple language. The information will be provided in writing or by electronic means. If you wish, the information may also be provided orally, provided that you identify yourself;
  • Children’s data privacy: where direct offers of information services and the processing of data concern or are directed at children under 16 years of age, it will only be considered lawful and possible if there is parental or legal guardian consent.

To exercise the rights mentioned above, please send an email to:dpo.lgpd@controllerbms.com.br, indicating your (I) identity, sharing your full name and email address used in the communication area, login (in the case of a customer), an ID to establish your identity and (II) the right(s) you are exercising. The exercise of such rights is free of charge, except where requests are deliberately unfounded or excessive, in which case the individual will be required to bear the costs of processing.

  1. INFORMATION ON COOKIES

We use cookies on this platform, mainly to allow a better browsing experience for the user. If you are interested in further information, please read our Cookies Policywebsite, its purpose and other useful clarifications.

  1. CHANGES

This Privacy Policy will change from time to time and as required by legal, regulatory or operational changes. Please note that we will notify you of such changes (including the effective date) as required by law.