DATA PROTECTION POLICY

Your privacy is important to us. This privacy statement explains how we collect, use, store, share, transmit, transfer, delete or process personal data. This policy describes the measures we take to ensure the protection of personal data. We also tell you how to contact us so that we can answer any questions you may have about data protection.

SCOPE

The data protection policy applies to Creare Sistemas Group (hereinafter called “Creare”) and GoAwake, covering all dimensions and activities in all regions where we operate.

This policy applies to the processing of personal data collected by GoAwake, directly or indirectly, from all individuals, including, but not limited to, current, future, or potential job applicants, workers, customers, suppliers, contractors or subcontractors, shareholders or any third parties. We define “personal data” as any data relating to an identified or identifiable individual or to a person who can be identified by means fairly likely to be used.

COLLECTION AND PROCESSING OF YOUR PERSONAL DATA

In compliance with General Data Protection Regulation (GDPR) and any other applicable local data protection laws or regulations

We commit to comply with all applicable laws regarding personal data and we will ensure that personal data is collected and processed in accordance with the provisions of the law.

Loyalty, Justice and Transparency

We do not collect nor process personal data without having a legal reason to do so. We hereby inform you that we may need to collect and process personal data when needed for the execution of an agreement or to comply with a legal obligation to which we are subject. We may also collect and process personal data for GoAwake legitimate interests, except when those interests are voided by fundamental interests or rights and freedoms.

When collecting and processing personal data, we will provide a fair and complete information notice or a privacy statement about who is responsible for the processing of such personal data, for what purposes personal data are processed, who are the recipients, what are the rights of the data owners and how to exercise them, unless it is impossible or demand disproportionate efforts to do so.

When required by applicable law, we will seek prior consent (for example, before collecting any sensitive personal data).

Legitimate Purpose, Data Limitation and Minimization

Personal data is collected for specific, explicit and legitimate purposes and it is not processed in a manner incompatible with those purposes.

When GoAwake acts for its own purposes, personal data is processed primarily for, but not limited to, the following purposes: recruitment management, human resource management, accounting and financial management, finance, treasury and tax management, risk management, personnel security management, provision of IT tools or internal websites and any other digital solutions or collaborative platforms, IT support management, health and safety management, information security management, customer relationship management, bidding, sales and marketing management, supply management, internal and external communication and event management, compliance with obligations against money laundering or any other legal requirements, data analysis operations, legal corporate management and compliance processes deployment.

On providing our services for the benefit of our customers or between us, we may also process personal data on behalf of a controller (whether a customer or any other entity of Creare/GoAwake acting as such) primarily for the effective operation, management, performance, and delivery of our services. We will ensure that the personal data processed is adequate, relevant and limited to what is necessary for the purposes for which it is processed.

Data Accuracy and Storage Limitation

Creare/GoAwake will keep personal data processed accurately and, when necessary, updated. In addition, we only keep personal data for as long as necessary for the purposes for which they are processed (in accordance with our Data Retention Policy). Creare/GoAwake will act in accordance with the instructions received from its customers, to assist them in fulfilling this obligation.

Security of Personal Data

We have deployed appropriate technical and organizational measures to protect data (personal or not) from accidental or illegal changes or loss, or from unauthorized use, disclosure, or access, in accordance with our Internal Information Security Policy.

When appropriate we take all reasonable measures based on privacy by design and privacy by standard principles to implement the necessary safeguards and to protect the processing of personal data. Depending on the level of risk raised by the processing, we also conduct internal privacy impact assessments in order to adopt the appropriate safeguards and to ensure the protection of personal data. We also provide additional security protections for data deemed confidential.

Disclosure of Personal Data

In the normal course of our business and for processing purposes, we may share personal data with relevant personnel within Creare/GoAwake Group, or with our duly authorized, contracted, or subcontracted employees, to ensure consistency in our activities, thus maximizing the quality and efficiency of our services and operations.

We may also be required to disclose personal data to regulatory authorities, courts and government agencies when required by law, regulation, or legal process, or to defend the interests, rights or property of Creare/GoAwake or related third parties.

Otherwise, we will not share personal data with other parties, unless we receive prior approval for such sharing.

Transfer of International Personal Data

We may transfer personal data to service providers located abroad, including cloud service providers. In such situations, Creare/GoAwake will take the appropriate measures to ensure adequate protection in accordance with the requirements of the applicable laws.

COOKIES AND OTHER TRACKING TECHNOLOGIES

Like many companies, our websites may use cookies and other tracking technologies.

What are cookies? Cookies are small files downloaded to your computer to improve your experience. You can prevent this by changing your browser settings (see your Web browser Help section for instructions). But unfortunately, in most cases, there are no standard options for disabling cookies without completely disabling the functionality and features that they add to the website. Therefore, it is recommended that you allow all cookies if you are not sure whether you need them or not, in case they are used to provide a service that you use.

Account-related cookies:  If you create an account with us, we will use cookies to manage the general registration and administration process. These cookies are deleted when you log out of the system. However, in some cases, they may remain to remember your website’s preferences when you leave.

Login-related cookies:  We use cookies when you are logged in so as we can remember this action. This saves you from having to sign in every time you visit a new page. These cookies are usually removed or cleared when you log out to ensure that you can only access resources and restricted areas when you log in.

Email and/or newsletter-related cookies:  Our website offers newsletter or email subscription services. Cookies can be used to remember whether you are already registered and whether to show certain notifications valid only for registered / non-registered users.

Survey-related cookies:  We regularly carry surveys and questionnaires to provide interesting information, useful tools or to better understand our user base. These surveys may use cookies to remember who has already responded to a survey or to provide accurate results after changing pages.

Forms-related cookies:  When you submit data using a form such as those found on contact pages or comment forms, cookies can be set to remember the user’s details for future communication purposes.

Website preference cookies:  To provide a great experience on our website, we offer a functionality to set your preferences on how it performs when you use it. To remember your preferences, we need to set cookies so that this information can be called up whenever you interact with a page that is affected by your preferences.

Google Analytics cookies: These cookies can track information including how much time you spend on the website and the pages you visit, so that we can continue to produce compelling content. For more information, please visit Google Analytics official webpage.

Cookies for testing and performance improvements: From time to time, we evaluate new features and make minor changes to the way the website looks. When we are still testing new features, these cookies can be used to ensure that you receive a consistent experience on our website, while we try to understand which optimizations our users appreciate most.

Cookies and statistics for communication:  As we sell customized solutions for fleets, it is important for us to understand the statistics about how many visitors to our website actually get in touch and purchase our solutions. This is the type of data these cookies will track. This is important to you, as it means that we can make accurate business forecasts that allow us to analyze our advertising and product costs to ensure the best possible price.

CONTACT

Creare/GoAwake Group has appointed a Data Protection Officer. To exercise their rights as holders of their personal data, they can submit requests or complaints to the following email address: dpo@crearesistemas.com.br .

In the event of an incident involving Personal Data, Creare/GoAwake DPO should be contacted at the aforementioned email address.

LEGAL BASIS

Law 12.965/2014 (Brazilian Civil Rights Framework for the Internet)

Law 13.853/2019 (General Data Protection Regulation)

MP 959/2020 (changes to GDPR)

General Data Protection Regulation (GDPR)