Privacy and Security Policy
At Iteris, we believe in the power of automation and business process management to drive business success. We have an innovative DNA and are committed to transforming the way companies operate by solving problems and simplifying complexities.
With this in mind, we developed CAP, a platform for business process automation and management, with the goal of bringing efficiency through automation and providing effectiveness in management processes. This is CAP’s formula for exponential business growth!
We are committed to digital innovation, technological security, and above all, the privacy of all data that may be part of numerous business processes, both for Iteris and our clients.
We have developed a dedicated website for the CAP platform. Through this Policy, along with the Terms of Use, we demonstrate our commitment to confidentiality and transparency in the processing and use of personal data collected, explaining how they are handled, the purposes for which they are collected, and establishing an accessible communication channel for you, the data subject, to contact us.
The terms of this document apply to data collected through the website https://www.capplatform.com/, including but not limited to the following situations:
- Visiting our website;
- Contracting our solutions;
- Sharing personal data with other data processing agents.
1. DATA PROTECTED BY THE LGPD
The General Data Protection Law (“LGPD”) (Law No. 13,709/2018) came into effect in September 2020 and aims to protect the personal data of a natural person residing in Brazil, also known as the data subject.
In summary, the LGPD applies when:
➔ The data processing operation is carried out in Brazil; |
➔ The data processing activity aims to offer or provide services to individuals located in Brazil; |
➔ The personal data was collected in Brazil. |
There are two categories of data outlined by law: “personal data” and “sensitive personal data,” as shown below:
➔ Personal data refers to any data that identifies or makes an individual identifiable. |
➔ Sensitive personal data refers to information that requires greater care, mainly to protect against discrimination, such as data on racial or ethnic origin, religious beliefs, political opinions, and others, depending on the applicable legislation. |
The parties responsible for personal data processing are referred to as “controller” and “processor”:
➔ Controller: The natural or legal person who decides how the personal data under their possession will be processed. |
➔ Processor: The natural or legal person who processes personal data on behalf of and according to the controller’s instructions. |
In addition to these essential concepts, for a better understanding of this document, we outline other important definitions:
Term | Concept |
Data Subject | The individual to whom the personal data refers, who may be a client, company representative, or user of the CAP website. |
DPO (Data Protection Officer) or EPD (Data Protection Officer) | The person we designate to serve as a communication channel between us, the data subjects (you), and the National Data Protection Authority (ANPD). |
Processing | All activities we perform related to personal data, including but not limited to collection, storage, and sharing. |
Legal bases | The legal reasons that authorize us to process personal data, such as consent, compliance with a legal obligation, execution of a contract, among others. |
ANPD | The National Data Protection Authority, a federal public administration body responsible for regulating and overseeing the protection of personal data and privacy in Brazil, and ensuring LGPD compliance. |
2. PURPOSE AND USE OF YOUR PERSONAL DATA
To help you understand how your data will be processed, we clarify that ITERIS, the owner of CAP and developer of this website, will act as the controller of personal data in the following situations:
- When data is entered through the website https://www.capplatform.com/;
- When necessary to formalize the contracting of the CAP platform;
- In the context of our partnerships;
- In the prospecting of new clients.
In these cases, we will be responsible for appropriately selecting the legal bases related to the purposes outlined in this Policy, making decisions regarding the nature and duration of data storage, and directly responding to data subjects’ requests as per the rights provided by the LGPD.
On the other hand, in our relationships with clients, if personal data processing occurs within the context of our services using the CAP platform—such as entering personal data into the software—and we are responsible for its storage, we will act as data processors.
This means that, in this context, our clients, as data controllers, are exclusively responsible for decisions regarding essential elements of data processing, such as data collection. Clients are also responsible for responding to data subject requests and determining the appropriate legal basis for each data flow involving personal data. In such cases, the specific client’s Privacy Policy will apply.
3. PERSONAL DATA WE COLLECT, PURPOSES, AND PROCESSING
We may collect different sets of data depending on the nature of our relationship.
Below is a list of personal data types that may be processed in different contexts, such as using our website or contracting the CAP platform:
DATA SET | PERSONAL DATA | PURPOSE |
Registration and contact data | Full name, email, mobile/work phone, geolocation, and additional information such as company size, number of employees, company segment, and department. | Contact: We may process your data to contact you or answer any questions about our services.
Marketing: We may use your data to inform you about updates, content, CAP-related topics, and relevant news, with an easy opt-out option at any time. |
Client registration data | Full name, email, mobile/work phone, address, CPF, and payment data when contracting our services/products. | Contracting: Your data will be used to enable the delivery and provision of our services. |
Identification, geolocation, and device settings and browsing data | Identifiers of your electronic devices, such as the IP (Internet Protocol) address of your computer or MAC address of your phone, as well as model, manufacturer, operating system, carrier, browser type, connection speed, internet service provider, website from which the user arrived at our site. | Access Record: We have a legal obligation to store certain information (such as your IP, date, and time of access) to provide it to judicial authorities when necessary. To learn more about data collection through cookies and similar tools on our website, please see our Cookie Policy. |
We may also collect or be required to collect certain data sets to comply with legal or regulatory obligations imposed on us, respond to requests from the National Data Protection Authority (ANPD) or other public authorities, and for legitimate purposes authorized by the LGPD or other applicable regulations.
4. SHARING PERSONAL DATA
In certain situations, ITERIS may share your personal data to facilitate our service provision through the CAP website, as clarified below:
DATA PROCESSING AGENTS | PURPOSE OF SHARING |
Business partners | We may share your personal data with partner companies to facilitate and improve the use of our site, such as:
|
Suppliers | We may share your data with suppliers that assist us in performing our overall business activities, including companies or partners responsible for:
|
Authorities |
|
In these cases, we assume all responsibility for contracting our suppliers and partners, prioritizing those that comply with international data protection laws and recognized security standards.
When necessary, we also ensure that we provide clear and lawful instructions for the processing of shared data.
Additionally, in cases of international data transfer, we reiterate our commitment to only contract suppliers that adopt security measures and best practices in line with the protection level established by Brazilian law, as regulated by the ANPD (National Data Protection Authority).
In the absence of regulations, we ensure that international transfers will only be carried out in accordance with Article 33, IX of the LGPD, and exclusively with companies that adhere to other data protection standards, such as the European GDPR, the U.S. CCPA and CDPA, and Australia’s Privacy Act.
5. PROTECTION OF OUR SYSTEMS AND YOUR PERSONAL DATA
To protect the personal data we process, we use appropriate technologies and procedures according to the level of risk and the services provided. We have a team responsible for managing data protection in accordance with legal provisions, regulatory requirements, technological changes, and other relevant factors that may influence data protection.
Here are some technical and administrative security measures we apply to ensure the security of information and personal data in our systems:
Security Measures |
→ Firewall and updated antivirus |
→ Protection against unauthorized access |
→ Segregation of roles for information access |
→ Cláusulas contratuais que exigem que todos os nossos colaboradores, fornecedores e parceiros se atentem ao cumprimento das diretrizes da LGPD |
→ Contract |
It is important to warn you that, even if we take all the indicated measures and precautions, due to the nature of the Internet itself, there is a risk that malicious third parties may improperly access the information stored in our systems. If this occurs, we will be responsible within the limits provided by the applicable legislation.
Finally, we emphasize that it is prohibited to use any device, software, or other resources that may interfere with the activities and operations of this website, other systems, or databases. If any intrusion, attempt, or activity is identified that violates or contradicts intellectual property rights laws and/or the provisions stipulated in this Policy, terms of use, and/or applicable laws, including the LGPD (General Data Protection Law), the responsible party will be subject to the applicable sanctions, as provided by law or outlined in this document. The responsible party will also be required to compensate for any damages caused.
6. HOW LONG DO WE USE YOUR PERSONAL DATA?
We periodically conduct an objective and individual analysis of the stored data sets, always checking if the legitimate purposes for which the data was initially collected still persist or, if necessary, whether we are obligated to retain them due to potential legal or regulatory requirements.
To be transparent with our users and clients, we inform you that we follow specific parameters to determine the retention and storage period for personal data:
Data retention periods |
The period necessary to fulfill the purpose of the collection; |
The moment the user stops using the site; |
Until consent is revoked or a request for deletion of data is made by the owner, this only applies when the legal basis for data processing is consent; |
The period necessary to demonstrate compliance with specific legal or regulatory duties and obligations; |
Legal, regulatory deadlines, judicial decisions, or requirements set by competent authorities; |
The duration of the contract; |
The period necessary for the regular exercise of rights in judicial, administrative, and arbitral proceedings; |
Exclusive use by ITERIS, with access by third parties prohibited, and as long as the data is anonymized. |
7. RIGHTS PROVIDED BY THE LGPD
Our priority is to explain your rights and maintain an accessible communication channel so you can exercise them.
According to the LGPD, the owner has several rights that can be exercised. Here we list the main rights regarding the processing of your personal data:
Rights | How to exercise them |
Confirmation and access to data | You can request confirmation of the existence of data processing so that, if positive, you can access and review details about the processing, as well as request copies of this information. |
Data correction | Once the existence of data processing is confirmed, the LGPD ensures that you can correct or remove any incomplete, inaccurate, or outdated data. |
Information about data sharing | You have the right to know which public and private entities we share your data with. We include, in section 4 of this Policy, an indication of our relationships with third parties that may involve data sharing. |
Information on the possibility of not consenting to data processing | You have the right to receive clear and complete information about the possibility and consequences of not providing consent. |
Refuse marketing and advertising | You may, at any time, request the cancellation of advertising and other materials through the link provided in the marketing email sent. |
Revocation of consent | If you have consented to any purpose for processing your data, you can always choose to revoke your consent. This will not affect the legality of any prior data use or sharing done before the revocation request. |
To exercise the rights provided by the LGPD and listed here, which are not absolute, you must contact our DPO, as addressed in the next section.
8. DATA PROTECTION OFFICER (DPO)
ITERIS has a team of professionals dedicated to data protection and privacy.
If you have any specific questions that have not been clarified by our Privacy Policy, Cookie Policy, Terms of Use, or platforms, you can contact our DPO via email: dpo@iteris.com.br.
9. GENERAL PROVISIONS
The use of the name CAP platform, CAP (Central de Automação de Processos), and the domain https://en.capplatform.com/ (and its branches), as well as the content of the website’s screens, are the property of Iteris Consultoria e Software LTDA and are protected by intellectual property laws and international treaties. The improper use and reproduction, in whole or in part, of such content are prohibited unless we give express authorization.
These Terms are a form of adhesion contract and may be altered or modified at any time, whenever new restructures are needed, adapting to new techniques and procedures, while always maintaining the level of reliability and security.
Therefore, it is important that you regularly review the document to verify if you continue to agree with its terms before proceeding with browsing, registration, or signing up for any feature on our website.
This Privacy Policy complies with and should be interpreted according to the laws in force in the Federative Republic of Brazil. To resolve any doubts or issues related to it, the parties elect the Court of the District of São Paulo/SP, to the exclusion of any other.
All rights reserved. All trademarks are registered.
- Last updated: June 26, 2023.