This app is maintained and operated by DHPP Solutions and Services.
We collect and use some personal data that belongs to those who use our app. In doing so, we act as controller of this data and are subject to the provisions of Federal Law No. 13.709/2018 (General Law for the Protection of Personal Data – LGPD).
– Who should use our app
– What data we collect and what we do with it;
– Your rights in relation to your personal data; and
– How to contact us.
1. Who should use our app
Our app should only be used by people who are at least 4 (four) years of age, and use per person under 18 (eighteen) years will only be possible with the consent of at least one of their parents or guardian.
2. Data we collect and reasons for collection
Our app collects and uses some of our users’ personal data in accordance with the provisions of this section.
1. Personal data expressly provided by the user
We collect the following personal data that our users expressly provide to us when using our application:
The collection of this data occurs at the following times:
at the time of registration in the app
The data provided by our users is collected for the following purposes:
just for login
2. Sensitive data
No sensitive data will be collected from our users, as understood as those defined in arts. 11 et following of the Personal Data Protection Act. Thus, there will be no collection of data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political character, given regarding health or sexual life, genetic or biometric data, when linked to a natural person.
3. Data on children and adolescents
We collect the following data from children and adolescents:
Data collection of children and adolescents takes place at the following moments:
at the time of registration
The data of children and adolescents we collect are used exclusively for the following purposes:
log in to the app
The processing of data of children and adolescents is carried out based on the best interest of the child or adolescent.
4. Data collection not expressly provided for
In any case, the data collection and processing activities arising from it will be informed to users of the application.
3. Sharing personal data with third parties
We do not share your personal data with third parties. Nevertheless, we may do so to comply with some legal or regulatory determination, or to comply with any order issued by public authority.
4. How long will your personal data be stored
The personal data collected by the application is stored and used for a period of time that corresponds to what is necessary to achieve the purposes specified in this document and that considers the rights of its owners, the rights of the application controller and the applicable legal or regulatory provisions.
Once the storage periods of the personal data have expired, they are removed from our databases or anonymized, except in cases where there is the possibility or need for storage due to legal or regulatory provision.
5. Legal bases for the processing of personal data
A legal basis for the processing of personal data is nothing more than a legal basis, provided for by law, which justifies it. Thus, each personal data processing operation needs to have a corresponding legal basis.
1. Non-sensitive personal data
We process the non-sensitive personal data of our users in the following cases:
– where necessary to meet the legitimate interests of the controller or third party
2. Data on children and adolescents
The processing of data of children and adolescents is done based on the consent of at least one of their parents or guardians.
Personal data of children may be collected without the consent mentioned in the preceding paragraph when collection is necessary to contact parents or legal guardian, used only once and without storage, or for their protection.
3. Legitimate interest
6. User rights
The user of the application has the following rights, conferred by the Personal Data Protection Act:
– confirmation of the existence of treatment;
– access to data;
– correction of incomplete, inaccurate or outdated data;
– anonymisation, blocking or deletion of unnecessary, excessive or processed data in non-compliance with the provisions of the law;
– portability of the data to another service provider or product, upon express request, in accordance with the regulations of the national authority, in compliance with trade and industrial secrets;
– deletion of personal data processed with the consent of the holder, except in the cases provided for by law;
– information of public and private entities with which the controller made shared use of data;
– information on the possibility of not providing consent and on the consequences of the negative;
– withdrawal of consent.
It is important to note that, under the LGPD, there is no right to delete data processed on a legal basis other than consent, unless the data are unnecessary, excessive or processed in non-compliance with the provisions of the law.
1. How the holder may exercise his or her rights
To ensure that the user who intends to exercise his rights is, in fact, the holder of the personal data subject to the request, we may request documents or other information that may assist in their correct identification, in order to safeguard our rights and the rights of third parties. This will only be done, however, if absolutely necessary, and the applicant will receive all related information.
7. Security measures in the processing of personal data
We employ technical and organisational measures to protect personal data from unauthorized access and from situations of destruction, loss, loss or alteration of such data.
The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a possible violation would generate for the rights and freedoms of the user, and the standards currently employed in the market by companies similar to ours.
Among the security measures adopted by us, we highlight the following:
All emails registered for in-app login are stored on encrypted server in SHA256
Even if you take everything in your power to avoid security incidents, it is possible that there may be a problem motivated exclusively by a third party – such as in case of hacker attacks or crackers or, in case of the user’s sole fault, which occurs, for example, when he himself transfers his data to a third party. Thus, although we are generally responsible for the personal data we process, we are responsible in the event of an exceptional situation such as these, over which we have no control whatsowe dwell.
In any event, in the event of any type of security incident that could create significant risk or damage to any of our users, we will notify those affected and the National Data Protection Authority about the event in accordance with the general data protection law.
8. Complaint to a supervisory authority
Without prejudice to any other administrative or judicial appeal, holders of personal data who feel, in any way, harmed, may lodge a complaint with the National Data Protection Authority.
9. Changes in this policy
We reserve the right to modify, at any time, these rules, especially to adapt them to any changes made in our application, either by making new features available, or by the deletion or modification of existing ones.
Whenever there is a change, our users will be notified of the change.
10. How to contact us
Postal address: Rua Damiana da Cunha 259
Sao Paulo – SP