Privacy Policy

We collect and use some personal data belonging to those who use our website. In doing so, we act as the controller of this data and are subject to the provisions of Federal Law no. 13.709/2018 (General Personal Data Protection Law - LGPD).

We care about the protection of your personal data and have therefore made available this privacy policy, which contains important information about:

• Who should use our website;
• What data we collect and what we do with it;
• Your rights in relation to your personal data;
• How to contact us.

1. Who should use our website

Our website should only be used by people over the age of eighteen. Therefore, children and teenagers should not use it.

2. Data we collected and reasons for collection

Our website collects and uses some personal data from our users, in accordance with the provisions of this section.

3. Personal data expressly provided by the user

We collect the following personal data that our users expressly provide to us when using our website:

• Full name;
• Date of Birth;
• CPF;
• Address;
• E-mail address;
• Telephone numbers.

This data is collected at the following times:

• When the user accesses the customer area;
• When the user fills in the purchase form;
• When the user joins;
• When the user fills in the contact form.

The data provided by our users is collected for the following purposes:

• So that the user can purchase our products;
• So that users can get to know our launches;
• So that we can send our products to registered users;
• So that we can send offers to our registered users;
• So that the user can contact our Customer Service;

4. Personal data obtained in other ways

We collect the following personal data from our users:

• IP address;
• Geolocation data;
• Data from transactions made through the site.

This data is collected at the following times:

• When the user logs in or out of the site;
• When the user makes a purchase;
• When the user clicks on a product.

This data is collected for the following purposes:

• Guarantee the quality, integrity and authenticity of transactions carried out on the site;
• Comply with legal requirements for storing application access logs;
• Personalize the user experience.

5. Sensitive data

No sensitive data will be collected from our users, as defined in articles 11 et seq. of the Personal Data Protection Act. Thus, there will be no collection of data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data relating to health or sex life, genetic or biometric data, when linked to a natural person.

6. Cookies

Cookies are small text files that are automatically downloaded to your device when you access and browse a website. They basically make it possible to identify users' devices, activities and preferences.

Cookies do not allow any files or information to be extracted from the user's hard disk, nor is it possible to access personal information that does not come from the user or the way in which they use the site's resources.

a. Website cookies

Website cookies are those sent to the user's computer or device and administered exclusively by the website.

The information collected through these cookies is used to improve and personalize the user experience, and some cookies may, for example, be used to remember user preferences and choices, as well as to offer personalized content.

b. Third-party cookies

Some of our partners may set cookies on the devices of users who access our site. These cookies, in general, aim to enable our partners to offer their content and services to the user who accesses our site in a personalized way, by obtaining navigation data extracted from their interaction with the site.

The user can obtain more information about third-party cookies and how the data obtained from them is processed, as well as having access to a description of the cookies used and their characteristics, by accessing the following link:

Google Analytics

The entities responsible for collecting cookies may transfer the information obtained to third parties.

c. Cookie management

The user can oppose the registration of cookies by the website by simply deactivating this option in their own browser. More information on how to do this in some of the main browsers used today can be found at the following links:

Internet Explorer Safari Google Chrome Mozila Firefox Opera

The deactivation of cookies, however, may affect the availability of some tools and functionalities of the website, compromising its correct and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, impairing the user's experience.

7. Collection of data not expressly provided for

Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are provided with the user's consent, or that the collection is permitted on the basis of another legal basis provided for by law.

In any case, the collection of data and the processing activities resulting from it will be informed to the users of the site.

8. Sharing personal data with third parties

We do not share your personal data with third parties. However, we may do so in order to comply with a legal or regulatory requirement, or to comply with an order issued by a public authority.

9. How long your personal data will be stored

The personal data collected by the website is stored and used for a period of time that corresponds to what is necessary to achieve the purposes listed in this document and that takes into account the rights of its holders, the rights of the website controller and the applicable legal or regulatory provisions.

Once the periods of storage of personal data have expired, they are removed from our databases or anonymized, except in cases where there is the possibility or need for storage by virtue of a legal or regulatory provision.

10. Legal bases for processing personal data

A legal basis for processing personal data is nothing more than a legal basis, provided for by law, that justifies it. Therefore, each personal data processing operation must have a corresponding legal basis.

We process the personal data of our users in the following cases:

• For the regular exercise of rights in judicial, administrative or arbitration proceedings
• For the performance of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject
• When necessary to meet the legitimate interests of the controller or a third party

a. Execution of contract

For the performance of any contract of sale or provision of services signed between the website and the user, other data related to or necessary for its performance may be collected and stored, including the content of any communications with the user.

b. Legitimate interest

For certain personal data processing operations, we rely exclusively on our legitimate interest. To find out more about the specific cases in which we rely on this legal basis, or to obtain more information about the tests we carry out to make sure we can use it, please contact our Personal Data Protection Officer through one of the channels provided in this Privacy Policy, in the "How to contact us" section.

11. User rights

Website users have the following rights under the Personal Data Protection Act:

• Confirmation of the existence of treatment;
• Data access;
• Correction of incomplete, inaccurate or outdated data;
• Anonymization, blocking or deletion of data that is unnecessary, excessive or processed in breach of the law;
• Portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets;
• Deletion of personal data processed with the consent of the data subject, except in cases provided for by law;
• Information on public and private entities with which the controller has shared data;
• Information about the possibility of not giving consent and the consequences of refusing;
• Revocation of consent.

It is important to note that, under the terms of the LGPD, there is no right to delete data processed on legal grounds other than consent, unless the data is unnecessary, excessive or processed in breach of the law.

12. How the holder can exercise their rights

In order to guarantee that the user who wishes to exercise their rights is in fact the owner of the personal data which is the subject of the request, we may ask for documents or other information which may help to correctly identify them, in order to safeguard our rights and the rights of third parties. This will only be done, however, if it is absolutely necessary, and the requester will receive all related information.

13. Security measures in the processing of personal data

We employ technical and organizational measures to protect personal data from unauthorized access, destruction, loss or alteration.

The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a possible violation would generate for the rights and freedoms of the user, and the standards currently employed in the market by companies similar to ours.

We have adopted the following security measures:

• Our users' data is stored in a secure environment;
• We limit access to our users' data so that unauthorized third parties cannot access it;
• We use an SSL (Secure Socket Layer) certificate, so that data transmission between users' devices and our servers is encrypted.
• We keep records of all those who have, in some way, come into contact with our data.

Even if we do everything in our power to prevent security incidents, it is possible that a problem may occur that is caused exclusively by a third party - such as in the case of hacker or cracker attacks, or even in the case of the user's exclusive fault, which occurs, for example, when they transfer their data to a third party. Therefore, although we are generally responsible for the personal data we process, we disclaim liability in the event of an exceptional situation such as this, over which we have no control whatsoever.

In any case, should any type of security incident occur that could generate significant risk or damage to any of our users, we will notify those affected and the National Data Protection Authority of the incident, in accordance with the provisions of the General Data Protection Act.

14. Complaint to a control authority

Without prejudice to any other administrative or judicial remedy, personal data subjects who feel in any way wronged may lodge a complaint with the National Data Protection Authority.

15. Changes to this policy

This version of this Privacy Policy was last updated on: 22/11/2020.

We reserve the right to modify these rules at any time, in particular to adapt them to any changes made to our website, either by making new features available or by removing or modifying existing ones.

Whenever there is a change, our users will be notified of the change.

16. How to contact us

If you have any questions about this Privacy Policy or the personal data we process, please contact our Personal Data Protection Officer through one of the channels mentioned below:

E-mail: contato@luizvolpato.com
Phone: 41 3018 1701
Postal address: Rua Jerônimo Durski, 897 - Bigorrilho
Curitiba - PR
CEP: 80.730-290