Progic Privacy Policy

1. Purpose

Progic exists to  generate value for corporate communication  within companies, promoting strategic connections between employees and strengthening organizational culture.

One of our goals is  to strengthen your trust  in how we safeguard privacy and protect your personal data.

This  Privacy Policy  is a  public document , created with the objective of informing, in a clear, accessible, and transparent manner, the holders of personal data, both external and internal, about how Progic processes personal data in the context of its activities.

This document  describes the privacy practices  adopted by Progic in its relationship with clients, employees, suppliers, and other data subjects, indicating the purposes, legal bases, forms of processing, sharing, and the rights guaranteed to data subjects, in accordance with applicable legislation.

The guidelines in this document apply to Progic’s role as a  Personal Data Controller , guiding the processing of information under its responsibility. In its role as a data processor, Progic follows the contracts signed with the controller and respects its limits and guidelines, and is not covered by this document.

2. Definitions

2.1 Personal Data Controller:
A natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data, including defining the purposes and methods by which the processing will be carried out.

2.2 Anonymized Data Data
relating to the data subject that cannot be associated, directly or indirectly, with a natural person, considering the use of reasonable and available technical means at the time of processing.

2.3 Personal Data
Information relating to an identified or identifiable natural person, that is, someone who can be identified directly or indirectly from the data or its combination with other information.

2.4 Sensitive Personal Data
Personal data concerning racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, as well as genetic or biometric data, when linked to a natural person.

2.5 Purpose:
A specific, explicit reason, informed to the data subject, that justifies the processing of personal data. The processing must be limited to the purposes previously informed and be compatible with the context of the service provided.

2.6 Personal Data Operator:
A natural or legal person, governed by public or private law, who processes personal data on behalf of the controller, in accordance with the controller’s instructions and within the limits established by the controller.

2.7 Data Subject:
The natural person to whom the personal data being processed refers, regardless of the nature of the relationship with the service or the controller.

2.8 Data Processing
Any operation performed with personal data, such as those involving collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, control, modification, communication, transfer, dissemination or extraction.

3. Legal Basis for Processing Personal Data

The processing of personal data carried out by Progic is always based on a valid legal basis, in accordance with applicable legislation, observing the principles of purpose, adequacy, necessity and transparency.

Depending on the nature of the relationship established with each data subject and the purposes involved, Progic may process personal data based on, among other legally foreseen grounds:

a) with the consent of the data subject, when we request free, informed and unequivocal authorization for the processing of personal data; b) in the legitimate interest of Progic or third parties, always after careful analysis that ensures that this processing does not violate the fundamental rights and freedoms of the data subject and is aligned with their reasonable expectations; c) in compliance with a legal or regulatory obligation  , when the processing is required by law or by competent authorities; d) in the execution of a contract or preliminary procedures related to a contract, when the processing is necessary to enable the fulfillment of obligations assumed or the employment relationship with collaborators.

Whenever the processing of personal data is legally based on consent, the data subject may revoke it at any time, provided that the revocation does not affect the legality of processing carried out previously.

In cases where the legal basis is not consent, Progic ensures that the processing will be carried out in a proportionate manner, strictly necessary for the stated purposes, and with respect for the rights of the data subjects.

4. Personal Data Controller

In the context of this Privacy Policy, Progic acts as the Data Controller , being responsible for decisions regarding the processing of personal data entrusted to it by data subjects.

a) define the purposes for which personal data is collected and used; b) establish the means and procedures for processing; c) ensure that the processing is supported by an adequate legal basis; d) adopt technical and administrative measures for the protection of personal data; e) ensure the exercise of the rights of data subjects, as described in this Policy.

Progic maintains up-to-date internal records of personal data processing activities under its responsibility, which document the purposes, categories of data processed, applicable legal bases, data subjects involved, and measures adopted to protect the information, in accordance with current legislation and its role as a data controller.

5. Treatment Agent

PROGIC TECNOLOGIA E COMUNICAÇÃO LTDA, a private legal entity, registered with the CNPJ under number 09.362.098/0001-00, with headquarters in Florianópolis/SC, at Rodovia José Carlos Daux, 500 – Edifício Techno Towers, Bloco 304 Torre I, CEP 88030-000.

6. Data Protection Officer

Progic appoints two Data Protection Officers (a primary and a substitute DPO) who act as a communication channel between Progic, data subjects, and the competent authorities regarding matters related to the protection of personal data.

6.1 Definition
For the purposes of this Policy, a DPO is considered to be the person designated to act as a point of contact for matters relating to the processing of personal data, including clarifying doubts, receiving requests from data subjects and communicating with data protection authorities.

6.2 Role
The Progic DPO is responsible for, among other duties:

a) To guide employees and third parties regarding personal data protection practices; b) To receive, analyze, and forward requests from data subjects related to the exercise of their rights; c) To act as an official communication channel between Progic and the competent authorities in matters of data protection; d) To support the supervision of compliance with this Privacy Policy and applicable regulations.

6.3 DPO Identification and Contact Information
Progic, in its capacity as Personal Data Controller, has appointed the following representatives to act as DPO:
a) Data Protection Officer (DPO): Eric Vazzoler; b) Deputy Data Protection Officer: Danielle Sandrini

Data subjects may contact the DPO through the following channels:
a) Address: Rodovia José Carlos Daux (SC-401), nº 500, sala 304, Torre I, Bairro João Paulo, Florianópolis/SC, CEP 88.030-000; b) Email: dpo@progic.com.br

Through these channels, data subjects can clarify doubts, exercise their rights, or report any situations related to the processing of their personal data.

7. Rights of the Personal Data Subject

Progic respects and guarantees data subjects easy and transparent access to information about the processing of their data, as well as the exercise of their rights, in accordance with applicable legislation.

7.1 Definition of Data Subject
For the purposes of this Policy, the data subject is considered to be the natural person to whom the personal data being processed refers, regardless of the nature of the relationship with Progic.

7.2 Rights Guaranteed to the Data Subject
The data subject has, among others, the following rights in relation to their personal data processed by Progic:

a) Confirmation of the existence of processing, allowing verification of whether personal data is being processed; b) Access to personal data, enabling obtaining a copy of the processed information; c) Correction of incomplete, inaccurate, or outdated data; d) Request for deletion, anonymization, or blocking of data, when applicable; e) Information on data sharing, including public or private entities with which the data has been shared; f) Restriction of or opposition to processing, in legally foreseen cases; g) Request for review of decisions made based exclusively on automated processing, when such decisions affect your interests; h) Information on the possibility of not providing consent and on the consequences of refusal; i) Revocation of consent, when this is the legal basis for processing, at any time.

7.3 Exercising Rights
The exercise of rights may be carried out by request of the data subject through the channels indicated in this Policy. For security and protection of personal data purposes, Progic may request additional information to confirm the identity of the applicant.

Legitimate requests will be analyzed and answered within a standard period of 5 (five) business days, which may vary depending on the complexity of the request, always with clear communication to the holder regarding the progress and any need for additional information.

7.4 Legal Limitations
Responding to requests from the data subject will observe the limits established by law, especially in cases where maintaining personal data is necessary for:

a) compliance with legal or regulatory obligations; b) safeguarding Progic’s rights; c) execution of existing contracts; d) compliance with determinations from competent authorities.

8. What Personal Data is processed?

With the goal of providing an appropriate, safe, and compatible experience for its activities, Progic processes different categories of personal data, always in a proportionate and necessary manner, and aligned with the purposes stated in this Policy.

The processing of personal data varies according to the profile of the data subject and the nature of the relationship maintained with Progic, and may involve data collected through online and offline means.

8.1 Categories of personal data processed
Progic may process, among others, the following categories of personal data:

8.1.1 Data of people interested in Progic content and products
: a) name, email address and telephone number; b) location data, such as country, state and city; c) professional profile data, such as job title, company, segment and size; d) other information provided in forms, landing pages and registrations; e) records of interactions with content, emails and campaigns.

8.1.2 Employee and service provider data
a) personal data necessary for the execution of the employment contract; b) information used for compliance with legal obligations, government records, benefits and activities related to the employment relationship.

8.2 Data generated from interaction
During interactions with Progic’s services, content, and communications, additional data may be generated, such as access logs, interaction history, and preferences, with the aim of improving the user experience and the quality of services provided.

8.3 Limitation and Necessity
Progic undertakes to process only the personal data strictly necessary for the stated purposes, avoiding excessive collection or collection incompatible with the context of the relationship established with the data subject.

9. How Personal Data is Collected

Progic collects personal data through various means, always in a transparent manner and consistent with the purposes stated in this Policy. Collection may occur directly or indirectly, in online and offline environments, depending on the data subject’s interaction with Progic’s services, channels, and activities.

9.1 Methods of collecting personal data
Personal data processed by Progic may be collected in the following ways:

Information provided directly by the data subject.
Collection occurs when the data subject themselves provides their personal data, for example, when:

a) Filling out forms on Progic websites, landing pages, or platforms; b) Requesting materials, content, or information; c) Registering to use services or products; d) Contacting us via email, phone, events, or other communication channels.

Data collected automatically during browsing:
When the user accesses Progic’s websites or platforms, certain data may be collected automatically, such as:

a) IP address; b) date and time of access; c) information about pages visited, interactions and navigation; d) data collected through cookies and similar technologies.

This information is used for legitimate purposes, such as improving user experience, security, performance analysis, and service enhancement.

Cookies and similar technologies
Progic uses session cookies and persistent cookies to recognize the user’s browser or device, understand usage patterns, and offer a more personalized experience.

The user can manage or disable cookies through their browser settings, aware that limiting these features may impact the functioning of some website functionalities.

Data from interactions on social media and advertisements.
Collection may also occur through the data subject’s interactions with:

a) Progic profiles and pages on third-party social media platforms; b) advertisements and sponsored content.

In these cases, Progic does not have access to the credentials of the account holders and only receives the information made available according to the settings and policies of these platforms.

Data generated from the relationship with the data subject:
During the relationship with the data subject, Progic may generate additional data, such as:

a) records of contacts, communications and customer service interactions; b) history of interactions with content, emails and campaigns; c) preferences and patterns of service usage.

9.2 Respect for necessity and proportionality
Progic undertakes to collect only the personal data that is strictly necessary, avoiding excessive or inappropriate collection, and ensuring that the data is always related to the purposes informed to the data subject.

10. Processing of Personal Data and Purpose

Progic processes personal data in a transparent manner, consistent with the purposes disclosed to the data subjects, and observing the principles of necessity, adequacy, and proportionality.

10.1 What is Data Processing?
For the purposes of this Policy, Data Processing is considered to be any operation performed with personal data, including, but not limited to, activities of collection, production, reception, classification, use, access, storage, processing, sharing, elimination or evaluation of information.

10.2 Purposes of Processing
The personal data processed by Progic may be used for the following purposes, according to the context of the relationship maintained with each data subject:

Provision and improvement of services
: a) to enable the use of services and products offered by Progic; b) to guarantee functionalities, support and communications related to the contracted services; c) to continuously improve the quality, security and performance of the solutions.

Communication and relationship management
: a) responding to requests, questions, and contacts made by data subjects; b) sending institutional, operational, and informational communications; c) disseminating news, updates, events, and content related to Progic’s activities.

Marketing and content delivery:
a) to provide materials, content, and communications of interest to the data subject; b) to carry out marketing actions and informational campaigns, including in a segmented manner, respecting the preferences and rights of the data subject; c) to allow the cancellation of promotional communications at any time.

Analysis and statistics:
a) analyze the use of Progic’s websites, platforms, and content; b) generate aggregated statistics and reports to better understand user behavior and improve services; c) improve the user experience by evaluating interactions and usage patterns.

Compliance with legal and contractual obligations
: a) to comply with legal and regulatory obligations or determinations of competent authorities; b) to execute contracts, including employment relationships, when applicable; c) to safeguard the legitimate rights and interests of Progic.

10.3 Limitation by Purpose
Personal data will be processed exclusively for the purposes stated or for purposes compatible with the context of the collection. We do not process personal data for purposes incompatible with those informed to the data subject, except when permitted or required by law.

11. Sharing of Personal Data

Progic may share personal data only when necessary to fulfill the purposes stated in this Policy, always observing applicable legislation and the principles of transparency, necessity, and information security.

11.1 Sharing Scenarios
The sharing of personal data may occur in the following situations:

a) Service providers and partners
Progic may share personal data with service providers and partners acting on its behalf, such as technology suppliers, hosting providers, communication tools, marketing, performance analysis, and other services necessary for the operation of its activities.

In these cases, data sharing occurs only to the extent strictly necessary for the execution of the contracted services, subject to contractual obligations that require the proper, confidential, and secure handling of personal data. None of these situations constitute joint control.

b) Advertising and marketing activities
Personal data may be used for promotional activities, communications and targeted advertising, including through third-party platforms, always respecting the preferences of the data subject and guaranteeing the possibility of objecting to this type of processing.

Sharing, when done, may involve technical identifiers, such as cookies or IP addresses, used for campaign measurement and efficiency.

c) Statistics and analysis
The personal data processed by Progic may be used for statistical and performance analysis purposes, preferably in aggregated or anonymized form, so as not to allow the direct identification of the data subjects, aiming at the continuous improvement of services and the user experience.

d) Compliance with legal obligations and protection of rights.
Progic may share personal data when necessary to:

a) to comply with legal or regulatory obligations or court orders; b) to respond to requests from competent authorities; c) to protect and safeguard the rights, security and legitimate interests of Progic, its employees, clients, users or third parties.

11.2 Commitment to data protection
Progic does not sell, rent or trade the personal data of data subjects. All sharing is carried out responsibly and in accordance with the stated purposes, adopting appropriate technical and administrative measures to ensure the security and protection of personal data.

12. International Transfer of Personal Data

Progic may transfer personal data internationally whenever necessary for the performance of its activities, observing applicable legislation and adopting appropriate measures to guarantee the protection and security of the personal data of the data subjects.

12.1 International Transfer Scenarios
International transfer of personal data may occur, for example, when Progic uses service providers or technology suppliers located in other countries, especially for the purposes of hosting, data processing, performance analysis, communication and operation of its services.

Currently, the transfer of personal data is limited to the United States, and is processed exclusively in the context of contracting with suppliers and partners who assist in providing Progic’s services.

12.2 Guarantees adopted by Progic
Whenever there is an international transfer of personal data, Progic ensures that:

a) The transfer will only occur for purposes compatible with those stated in this Policy; b) Data will only be shared with selected and approved companies that adopt appropriate standards for the protection of personal data; c) Privacy and data protection laws in force in the destination countries will be observed, as well as the contractual obligations assumed by the service providers; d) Reasonable technical and administrative measures will be adopted to guarantee the confidentiality, integrity, and security of the transferred personal data.

12.3 Legal basis and data subject’s consent
When using Progic’s services or providing their personal data, the data subject acknowledges that their data may be transferred to other countries, under the terms of this Policy, always observing data protection guarantees and the rights ensured to the data subject.

13. Security of Personal Data

Progic adopts appropriate technical and administrative measures to protect the personal data under its responsibility against unauthorized access, accidental or unlawful destruction, loss, alteration, communication, or any other form of inappropriate processing.

13.1 Information Security Policy
The guidelines, principles, and controls related to information security and the protection of personal data adopted by Progic are formally established in its Information Security Policy, a public document available on its official website.

This policy defines, among other aspects:

a) the protection of information throughout its entire lifecycle, ensuring confidentiality, integrity, and availability; b) the commitment to privacy and protection of personal data, whether acting as a controller or operator; c) the adoption of security and privacy by design principles; d) practices of access control, traceability, risk management, incident response, and business continuity; e) responsibilities of senior management, employees, and third parties regarding the protection of information.

The Information Security Policy complements this Privacy Policy and guides the ongoing adoption of controls consistent with the nature of the data processed and the associated risks.

13.2 Security Incidents
Although Progic adopts continuous protection measures, it is not possible to guarantee absolute security. In the event of a security incident that may cause significant risk or harm to personal data subjects, Progic will adopt the appropriate containment and mitigation measures and will make the necessary communications, in accordance with applicable legislation.

13.3 Whistleblowing Channel
Progic provides a Whistleblowing Channel on its official website, through which occurrences and incidents related to the following can be reported securely and confidentially:

a) harassment, discrimination or conflicts of interest; b) corruption, fraud or misuse of resources or information; c) non-compliance with internal rules, policies or codes of conduct; d) failures, incidents or risks related to information security and the protection of personal data, including unauthorized access, leaks, losses, misuse of information or weaknesses in controls and processes.

This channel is one of the formal mechanisms adopted by Progic to support the identification, treatment, and mitigation of risks related to information security and data protection.

13.4 Data Subject Responsibility
The Data Subject must also adopt good security practices when using the services, such as protecting their access credentials, using reliable devices, and ending sessions after use, contributing to the protection of their personal data.

14. Cookies and Similar Technologies

Progic uses cookies and similar technologies to improve the browsing experience, understand how users interact with its websites, and offer content and features that are more suited to their interests.

14.1 What are cookies?
Cookies are small files or identifiers sent to the user’s browser or device, which allow access to be recognized, preferences to be recorded, and information to be collected about how websites and services are used.

14.2 What do we use cookies for?
The cookies used by Progic may have, among others, the following purposes:

a) to enable the proper functioning of websites and their features; b) to remember user preferences and settings; c) to analyze browsing patterns and content usage in aggregate; d) to support communication, marketing, and performance measurement actions.

14.3 Types of cookies used
Progic may use, as appropriate:

a) Session cookies, which are temporary and expire when browsing ends; b) Persistent cookies, which remain stored on the device for a certain period or until they are deleted by the user.

14.4 Cookie management by the data subject
The data subject may, at any time, manage, limit or disable the use of cookies through their browser settings.

It is important to note that disabling cookies may impact the functionality of some features on Progic’s websites and services.

14.5 Third-party cookies
This Privacy Policy does not apply to the use of cookies by third parties. Cookies that may be used by external platforms or third-party services are subject to the privacy policies of those respective providers, and Progic is not responsible for their practices.

15. Subsequent Processing of Personal Data

Progic may carry out further processing of personal data when such processing is compatible with the purposes originally informed to the data subjects, taking into account the context of the relationship maintained and the principles of purpose, necessity, transparency and protection of personal data.

15.1 Use for statistics and analysis
Personal data may be used for statistical, analytical and internal studies, with the aim of understanding usage patterns, improving processes, products and services, and supporting decision-making.

Whenever possible, this processing will be carried out in an aggregated or anonymized manner, so as not to allow the direct identification of the data subjects.

15.2 Improvement of services and the data subject’s experience
Subsequent processing may also occur to improve the services, functionalities, content, and communications offered by Progic, seeking to enhance the data subject’s experience and the quality of the solutions provided, as long as it is compatible with the purposes initially stated.

15.3 Safeguarding rights and fulfilling obligations
Progic may carry out subsequent processing of personal data when necessary to:

a) to comply with legal or regulatory obligations; b) to comply with the determinations of competent authorities; c) to safeguard the legitimate rights and interests of Progic, including for the purposes of proof, defense or regular exercise of rights in administrative or judicial proceedings.

15.4 Personal Data Retention Periods
Data relating to the Data Subject’s interactions will be stored by Progic, when based on the legal basis of consent or legitimate interest, for a period of 5 (five) years from the date of collection or the last authorization, except when the consent defines a different period or purpose. The retention period for other personal data processing controlled by Progic, such as contract execution, is described in the control list called Personal Data Mapping.

In the event of a request to delete personal data and/or the account, Progic may retain such data for an additional period of up to 72 (seventy-two) hours, counted from the date of the request, exclusively for operational purposes and processing of the deletion.

15.5 Data Subject Rights
In all cases, the data subject retains the rights provided for in this Policy, and may request additional information or exercise other rights related to the processing of their personal data, in accordance with applicable legislation.

16. Changes to the Privacy Policy

As Progic constantly seeks to improve its services, this Privacy Policy may be updated. For this reason, users are advised to periodically consult this document to stay informed about any changes. If significant changes are made that require new consent, Progic will publish the update and request new consent from the user.

Note: This Privacy Policy has been automatically translated from its original version in Portuguese.