PRIVACY POLICY AND PROTECTION OF PERSONAL DATA

Incepa Revestimentos Ceramic sands Ltda. (Incepa) takes your privacy very seriously and this means that we are concerned to act in a clear and transparent manner and in accordance with applicable laws and regulations, including the provision of up-to-date information about our policies and activities involving the processing of personal data.

We at Incepa are committed and committed to safeguarding your privacy and protecting your Personal Data and want to invite you to know our policy and how we treat your personal data.

1. TO WHOM THIS POLICY APPLIES:

To Employees, Partners and Customers. We understand how:
Employees: all employees, service providers, drivers, candidates for a vacancy or to provide services;
Partners: Any third parties with whom we have relationships (e.g. architects; etc.); Customers: All individuals or legal entities that purchase Products from Incepa.

2. WHAT DATA IS COLLECTED:

For the development of our activities, we collect your personal data. This data can be collected from different forms:

a) Collaborators: such as name; CPF; date of birth; marital status; nationality; naturalness; sex; photo; disability and what type; PIS; CTPS; position; name of the father; mother’s name; birth certificate of children up to 21 years of age; driver’s license; work permit; voter’s title; certificate of resert or discharge from military service; proof of schooling; certificate of courses; birth/marriage/stable marriage certificate; copy of the spouse’s ID and CPF in the case of a marriage or stable union; voucher

residence; vaccination card for children up to 14 years of age; wage claim; previous jobs; languages; medical records; among others.

b) Partners: such as name; CPF; date of birth; INSS or PIS; mailing address; bank details.

c) Customers: such as name; CPF; date of birth; landline and mobile phone; e-mail; home address; document with photo; bank data; receipt.

3. HOW WE COLLECT YOUR DATA:

Data collection depends on how you relate to us and occurs in different situations, on a regular or occasional basis. Among them:

User registrationName, phone, email and address
NewsletterName, CPF, email, telephone, profession, address, city, state and ZIP Code Participation in awardsName, CPF, date of birth, address, bank details
Use of the “contact” tab on the website or by means of customer service either by telephone, e-mail or chat Name, e-mail, CPF, document with photo, bank details, invoice Download
of image in high resolution on the siteName; profession; email
Download newsletters, manuals and catalogs on the siteName; profession; email
Registration of Employees and Partners (according to the applicable context)CPF; date of birth; marital status; nationality; naturalness; sex; photo; disability and what type; PIS; CTPS; position; name of the father; mother’s name; birth certificate of children up to 21 years of age; driver’s license; work permit; voter’s title; certificate of resert or discharge from military service; proof of schooling; certificate of courses; birth/marriage/stable marriage certificate; copy of the spouse’s ID and CPF in the case of a marriage or stable union; proof of residence; vaccination card for children up to 14 years of age; wage claim; previous jobs; languages; medical records; bank data; among others.
In addition, the Site uses several technologies, own and third-party, that automatically collect information about users’ browsing on the Site. This data is collected through technologies known as cookies – small information files that are stored on the user’s device when accessing a particular website or application, which can be disabled in your browser if you no longer wish to share this data. These technologies may collect information such as: the Internet Protocol (IP) address, the Internet Service Provider (ISP, such as Hotmail, Yahoo, UOL or others), the browser you used when visiting our website (such as Internet Explorer or Firefox), the time you visit, and the pages visited within our website.

4. TO COLLECT YOUR DATA:

Your personal data is used for different purposes, such as:

Registration of usersEnable interaction and communication with customers or potential customers; advertising and marketing content; submit opinion polls
Newsletter, Download of image in high resolution on the site and Download of newsletters, manuals and catalogs on the siteSending institutional marketing campaigns, brand development and dissemination of events and releases.
Participation in awardsFor granting benefits or discounts; carry out marketing and advertising actions;
Use of the “contact” tab on the website or by means of customer service either by phone, email or chat Respond to your requests and requests; receive your suggestions and complaints; satisfaction surveys.
Maintenance of information of Employees and PartnersComply with legal obligations; make payments; control/internal organization corporis.
In addition, certain data may be anonymised for statistical and behavioral analysis compositions, without being able to individualise it. In these cases, such data may no longer be associated with you and will therefore not be classified or protected as personal data and are used only for statistical purposes.

Incepa collects only the personal data strictly necessary to proceed with the processing in accordance with the informed purpose.

You have the right to choose whether or not to share your personal data with Incepa, however, we inform you that in our forms, the mandatory information for the use of the services on our website is indicated in accordance with the law.

Some information is mandatory because it is indispensable for the execution of a contract (pre-contractual analysis) or to respond to a request, or also to comply with our legal obligations. Therefore, if you do not agree to share the required information, you may not be able to respond to your requests.

The information you share, in particular those relating to registration and profile research, will be used to offer products and services tailored to your preferences through marketing communications, and will only be used for this purpose with your consent

5. WHO CAN WE SHARE YOUR DATA WITH?

By accepting this Privacy Policy, you are aware and agree that in some cases, after careful verification, Incepa may share your data. Thus, seeking greater transparency, we inform you that the third parties with whom we share your data are:

Roca Group: your information is shared among roca group companies, especially the headquarters located in Spain. From that moment on, these companies will themselves be responsible for the processing of their personal data, with strict and adequate security standards, as practiceed by the Roca Group around the world. In other words, the Roca Group also adopts data privacy adequacy measures under European law (GDPR).

Data may also be transfer to databases physically located in other countries, in roca group companies, also responsible for processing, with the same security standard at the global level.

This transfer to other companies of the Group may occur for the purposes of compliance with the sales, service and administration processes, as well as to ensure the quality of products, research and development of new products, data analysis, among others.

Suppliers and partners: providing a variety of services on our behalf, including the development, maintenance and support of our Online Services, payment processing, communications, research and marketing analytics; consultants in general (e.g. law firms; occupational medicine and safety; health plan operators, etc.); for event management and administration; for the processing of the personal data we collect; our resellers; in the case of mergers or acquisitions, for companies involved in the respective negotiations, and appropriate measures will be taken to anonymise or guarantee confidentiality of the data (e.g. confidentiality agreement, etc.); social networks.

However, we always guide and demand that third parties with whom we share data adopt the best practices of security and confidentiality of personal data in accordance with legal requirements.

In addition, in case of legal determination, application, request or court order, we may share data with competent judicial, administrative or governmental authorities.

6. DO WE TRANSFER YOUR DATA TO OTHER COUNTRIES?

Your personal data may be stored outside Brazil by our suppliers or cloud service providers based abroad (e.g. Google; Amazon; Microsoft; etc.) or by roca group companies, in particular the headquarters located in Spain, always for the purposes described in this Privacy Policy.

By agreeing to this Privacy Policy, you also understand and consent to this “international data transfer”, as provided for in Brazilian law. We guarantee that your personal data that may be transferred to other countries will also be processed in accordance with the appropriate security measures abroad.

7. HOW LONG IS YOUR DATA STORED?

Your data is stored for the period strictly necessary for the respective processing purposes or for the legal period, where applicable.

We will retain your Personal Data only for as long as necessary to fulfill the purposes for which we collect it, including for the purposes of fulfilling any legal, contractual, accountability or request obligations of competent authorities, and Incepa reserves the right to keep custody of data relating to the fulfillment of legal obligations, accountability or request from competent authorities for all legal limitation period applicable to the matter in question.

Personal data processed for marketing, promotional communications and market research purposes will be kept for an indefinite period from the collection of your consent. We retain, however, your right to revoke your consent to such processing at any time.

8. WHAT ARE YOUR RIGHTS AS THE HOLDER OF PERSONAL DATA AND HOW TO EXERCISE THEM?

Brazilian law grants a number of rights in relation to your personal data and you may choose to disclose it or not, in cases where your consent is legally necessary.

However, on some occasions this Data may be required to take advantage of some of the features made available on our Platforms.

Therefore, in compliance with the provisions of the General Data Protection Law (LGPD – Law No. 13,709/2018), you can at any time request that the following rights be met:

• Request confirmation of the existence of processing of personal data;
• Have access to your personal data upon request for a copy of personal data that you have provided to us;
• The correction of incomplete, inaccurate or outdated data;
• Specifically for situations where Incepa necessarily needs your consent and there is no other legal basis for the processing of your Data, the data subject may revoke your consent previously granted for the processing of data (which will have effects for the future), as well as information about the possibility of you not consenting to a particular data processing and the consequences of not consenting;
• anonymization, blocking or deletion of unnecessary, excessive or lawless data in accordance with the law, in legal hypotheses, provided that in reasonable means and efforts compatible with the request in question;
• The portability of your personal data to another service provider or product, when applicable;
• Information about the public and private entities with which we make shared use of data, provided that the request takes place in specific form and period. Requests must be sent to the privacidade@incepa.com.br email and will be promptly reviewed and answered within reasonable parameters the complexity of the withdrawals required for response purposes. In certain cases and based on the law, if your request cannot be met, we will always inform you with written justification.

9. HOW DO WE PROTECT YOUR DATA?

Incepa is aware of your responsibility from the moment we collect your data and as a result we take every effort to ensure physical, electronic and procedural security designed to protect your personal data in accordance with applicable data protection requirements.

We can cite as measures: the digital collection of data only in encrypted form, protection of IT systems through firewalls and controls of restricted access and permanent monitoring of access to information technology systems, all for the purpose of preventing and preventing the access, disclosure and misuse of your personal data.

Internally, our employees must comply with the standards and procedures disclosed from time to time by our Information Technology department, adopting the appropriate practices at the level of information security.

In addition, your personal data is stored only for as long as is necessary to fulfill the purposes for which it was collected, unless there is any other reason for its maintenance, provided that it is substantiated with a Legal Basis.

10. PENALTIES IN CASE OF NON-COMPLIANCE WITH THIS POLICY AT THE INTERNAL LEVEL

Internally, the non-compliance with this Policy by Incepa employees may subject them to administrative penalties to be applied in accordance with the other policies and regulations of Incepa.

11. POLICY MODIFICATION AND UPDATE

This Privacy Policy may be updated in accordance with applicable law at any time. Therefore, we recommend that you periodically visit this page to be aware of the modifications. If you do not agree to the changes, you must immediately stop using the website and may use the contact channels to submit requests of interest to you and exercise your rights.