Privacy Notice – Krona Group
Joinville (SC), October 8, 2024.
The Krona Group has Privacy and Personal Data Protection as a constant concern in its connections with customers, suppliers, partners, and the community at large. The Krona Group’s Privacy and Data Protection Governance Program establishes our commitment to transparently communicate how we will handle personal data in our operations, in compliance with Law No. 13,709/2018 – General Data Protection Law (LGPD), Law No. 12,965/2014 – Internet Civil Framework, and other relevant legislation on the subject. This Privacy Notice outlines the processing of data across all companies in the Krona Group.
- Definitions
- Personal Data: information related to an identified or identifiable natural person;
- Sensitive Personal Data: personal data concerning racial or ethnic origin, religious beliefs, political opinions, union membership, or membership in a religious, philosophical, or political organization, data related to health or sexual life, genetic or biometric data, when linked to a natural person;
- Anonymized Data: data related to a holder that cannot be identified, considering the use of reasonable and available technical means at the time of processing;
- Anonymization: the use of reasonable and available technical means at the time of processing, through which data loses the possibility of association, directly or indirectly, with an individual;
- Holder: natural person to whom the personal data being processed refers;
- Controller: natural or legal person, public or private, responsible for decisions regarding the processing of personal data;
- Processor: natural or legal person, public or private, who processes personal data on behalf of the controller;
- Data Protection Officer: person designated by the controller and processor to act as a communication channel between the controller, the data holders, and the National Data Protection Authority (ANPD);
- Processing Agents: the controller and the processor;
- Processing: any operation carried out with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, assessment, or control of information, modification, communication, transfer, dissemination, or extraction.
- Processing of Personal Data
During our activities, we will need to process some personal information to achieve specific purposes.
Activity | Purpose | Types of Collected Data | |
Execution of Contract and Compliance with Legal and Regulatory Obligations With Customers, Suppliers, Partners and other Third Parties | Fulfillment of contractual and legal obligations, relationship management, issuance of invoices and other necessary documents. | Name, CPF, address, phone, email. | |
Contacts, Quotes, Customer Service | Efficient service in cases of questions, clarifications, complaints, and/or requests for quotes. | Name, email, phone, position. | |
Email Marketing | Sending content about products, launches, promotions, campaigns, and any relevant information about the Krona Group, keeping the holder informed and strengthening the relationship between the parties. | Name, email, phone, position. | |
Campaigns, Raffles, Fairs, Marketing Actions | Management of advertising actions, such as promotional campaigns, raffles, and interaction with participants at fairs where the companies of the Krona Group are present. | Name, email, phone, position, CPF*, address*.
*if applicable |
|
Download of Materials | Offering informative and advertising materials about the products of the Group’s companies, such as product catalogs, technical files, reports, institutional files, and brand manuals. | Name, email, phone, position. | |
Use and Experience on Website and Platforms | Analyzing user/visitor interaction on our websites and platforms, improving our relevance in search engines while enabling the best accessibility and usability experience for the user. | Geolocation and IP address. |
- Purposes of Processing
The Krona Group will process personal data to fulfill the following purposes:
- with the holder’s consent, if applicable;
- compliance with legal or regulatory obligations;
- execution of a contract or preliminary procedures;
- regular exercise of rights in judicial, administrative, or arbitration processes;
- protection of life or physical safety of the holder or third parties;
- meeting legitimate interests of the Krona Group, respecting individual rights and freedoms;
- credit protection.
3.1. Processing of Sensitive Data
As with any type of personal data, we will limit the processing of sensitive personal information to the minimum necessary to achieve legitimate purposes, such as:
- with the holder’s consent, if applicable;
- compliance with legal or regulatory obligations;
- regular exercise of rights in judicial, administrative, or arbitration processes;
- protection of life or physical safety of the holder or third parties;
- ensuring fraud prevention and security of the holder in identification and authentication processes in electronic systems, respecting individual rights and freedoms.
- Information Security
Your privacy matters. Thus, we emphasize our solid commitment to the protection of personal data. We invest in cutting-edge technology and a specialized team to ensure the protection of personal data. Therefore, we adopt best security practices to protect the information processed in our daily activities, and processes are constantly updated to meet the highest security standards. Additionally, our employees are trained to handle data responsibly and ethically, signing confidentiality agreements to reinforce this commitment.
- Sharing with Third Parties
The Krona Group will share your data with third parties in the following cases:
- business succession, such as mergers, acquisitions, and incorporations, maintaining the minimum security and legitimacy conditions;
- contracting data processing services with third parties (processors), such as data hosting, processing systems (cloud computing services, artificial intelligence for process efficiency), information technology consulting, advertising and marketing services, credit billing services, and legal advisory services.
These third parties will be subject to the orders and determinations of the Krona Group, which will adopt and require the best applicable security measures, as determined in the “Information Security” section. It is possible that a company in the Krona Group may be required to share data with judicial, administrative, or police authorities to comply with legal obligations.
5.1. International Data Transfer
Some direct and indirect data processors, such as data hosting services, may be located outside Brazilian territory. We ensure compliance with legal requirements arising from personal data protection laws, especially regarding the requirement for third parties to assume the Commitment to the Terms of Information Security and Personal Data Protection.
- Data Storage and Retention Period
Personal data will be stored by us for as long as necessary to fulfill the purposes described in this Notice. The Krona Group is committed to respecting the foundational principles of the LGPD while personal information is processed for the execution of our activities.
Information related to marketing, whether through email, phone, or other forms of communication for promotional actions, will be used by the Krona Group until the holder objects. Rest assured, we will respect your decision not to be disturbed, simply requesting the cancellation of this type of service or, in the case of email marketing, unsubscribing via the link at the end of our emails.
Please note that you may resume receiving promotional/institutional contacts and content if you interact again with any company of the Krona Group.
We will also store access logs to our website and platforms for at least 6 (six) months, in compliance with obligations established in the Internet Civil Framework.
- Cookies
To manage the functionalities of our websites and enhance the user experience on our platforms, we may collect cookies to optimize navigation. You can manage or disable the use of cookies at any time through the cookie notice on our main page or through your own browser.
If you choose to disable certain types of cookies, please note that some functionalities of the site may stop working fully.
- Rights of the Holder
The General Data Protection Law provides various guarantees to holders. Here are some of the rights:
- right to confirmation of the existence of data processing;
- right to access information about data processing;
- right to rectification of your data;
- right to data portability, if and when applicable;
- right to object to the use of data for previously authorized purposes;
- right to deletion of data, except for the maintenance of data necessary to comply with legal obligations and to exercise the right of defense in judicial and/or administrative processes.
- Final Provisions
This notice may be modified at any time to comply with legal matters and/or to align with the purposes of processing carried out by the Krona Group. We recommend reading and continuously monitoring this document.
If you have any questions or requests, please contact the data processing officer at the Krona Group via the channel: protecaodedados@krona.com.br.
Data Protection Officer: Norival da Silva Junior, partner at Silva, Santana & Teston Advogados (CNPJ: 05.935.180/0001-17).