Privacy Policy – Park.AI

Privacy Policy

mobCONTENT is committed to your privacy and the protection of your personal data. This privacy policy aims to explain in detail what types of personal data we use, how and for what purpose, as well as your rights as a holder of personal data and our duties in relation to that data. This Privacy Policy applies to the processing of data related to the Park.AI website and application, as well as to all contacts between the data subject and the data controller or its operators.

First, it is important to define some terms. The legal definition of these terms is given by Law no. 13,709/18, the General Data Protection Law (known as LGPD), but we describe below in general terms what they are:

  • Personal data is all information connected to an identified or identifiable natural person (natural person).
  • Treatment Personal data is any type of operation carried out with this data.
  • Controller of the treatment is the one who has decision-making power regarding the treatment carried out.
  • Operator of the processing is the person who carries out some operations relating to the processing, at the behest of the Controller, and without decision-making power.
  • Holder of personal data is the person to whom the data refers – in this case, you!
  • In charge for the processing of personal data is the person appointed by the controller and the operator to serve as a bridge between the Holder, Controller and the National Data Protection Authority (ANPD).
  • National Data Protection Authority, or ANPD, is a body of the Federal Public Administration that has the capacity to supervise and sanction personal data processing operations governed by the LGPD.

The LGPD and the Marco Civil da Internet (law no. 12,965/14) govern the use of personal data and are the basis for this Privacy Policy. In addition to the explanations above, from now on we will use the following terms with the following meanings:

  • E-Trilhas or Provider: The company that provides access to the Park.AI website and application.
  • LGPD: The General Data Protection Law, Law no. 13,709/18.
  • Service or Platform: The set of functionalities offered via website and application by Park.AI, namely: Offering information about trails and the possibility of interacting with managers and service providers.
  • Website: The Parque do Mico website, accessible via URL: https://micoleao.org.br/o-parque/
  • Application / App: Park.AI software, accessible via download from app store from the user's device:
  • User: Any person who accesses and/or uses the services of the Park.AI website and/or application.
  • Account: The set of data on access to the service and its use by the user.
  • Profile: The user's set of personal data visible on the website and application.

The Mico-Leão-Dourado Association will be the Controller of your personal data and mobCONTENT will Controller It is Operator, in relation to different forms of processing of your personal data, in this contractual relationship signed between us and you, the Holder. Below, we will explain all relevant aspects of the processing of your personal data.

  1. Personal data protection
    1. Applicable legislation

The processing of personal data in Brazil is governed by General Data Protection Law, The law number 13,709/2018, also known by the acronym “LGPD”. The LGPD applies to any processing of personal data: (1) carried out in Brazilian territory; (2) to offer or supply goods or services in Brazilian territory; (3) individuals located in Brazilian territory; or (4) collected in Brazilian territory.

  1. Identification and contact of the person responsible for processing personal data

Whenever the Holder has any request involving personal data processed by Controller, he must look for the In charge. Therefore, these are the means of contact with our In charge, as well as your identification: Marcos Ferreira, contato@etrilhas.com.br.

  1. Explanation of the rights of the holder of personal data and how to exercise them

According to the LGPD, you, as the holder of personal data processed by Park.AI, have a series of rights. We, on the other hand, have a duty to guarantee the means of exercising these rights. To do so, you can contact our In charge via the routes indicated in the previous item or access our rights exercise tools of the Data Holder by clicking on this link: https://etrilhas.com.br/assets/pdf/politicadeprivacidade.pdf.

You Your rights as holder of personal data are the following:

  1. Confirmation of existence of data.
  2. Access to data, including in full copy in HTML format.
  3. Correction of incorrect or incomplete data.
  4. Anonymization, blocking or deletion of excessive data or data processed in non-compliance with legislation.
  5. Data portability to third-party services.
  6. Deletion of data obtained based on consent.
  7. Revocation of consent.
  8. Information about the possibility of not providing consent and the consequences of refusal: We base the majority of the data collection and processing we carry out on your consent. This is a condition of your access to the service. You can withdraw it at any time and your account will be deleted.
  9. Information on recourse to the ANPD to resolve any doubts or problems. Access the ANPD website at the link: https://www.gov.br/anpd/pt-br/canais_atendimento/cidadao-titular-de-dados/reclamacao-do-titular-contra-controlador-de-dados
  10. Details of processing activities

When performing our service, we need to process a series of personal data for various purposes. At the end of the day, the objective is to provide a complete and quality service for you. We always try to collect only the data strictly appropriate and necessary to carry out these purposes and not keep the data for longer than necessary.

In the following table, we will detail the types of data we collect and process when carrying out the service, the method of collection, the purpose for which we process each one and the legal basis that underlies each type of personal data processing. In addition, we will detail the people with whom this data may be shared in the course of carrying out these purposes and whether it will be shared with third parties abroad.

It is worth noting the legal bases for processing personal data. These are the cases in which a Controller is authorized to process personal data. Although the best known is consent - that is, the processing of personal data with the express and informed authorization of the Holder -, the LGPD provides for a series of other bases. They represent hypotheses in which the Controller may collect and process data even without the consent of the Holder. This does not mean that the Controller be free to do what you want with the data: it still needs to observe the Holder’s rights, your duties as Controller and the principles of the LGPD.

If there are cases where we process your personal data based on legal bases other than consent, we will indicate these cases below or inform you within a reasonable time.

Some additional information about the data collection methods listed in the following table:

  • Social login: This is the “Login with Facebook” that you find on our website and app and the “Login with Google” that you find in the app. This is done through trackers placed on the page or in the app that notify Facebook or Google that you want to connect to our service using your account data on the social network. The social network will ask for your specific consent for this connection and, from there, will send us the data necessary to create your account, namely: email, name, country, state and city of residence, gender, date of birth and profile photo. Below are some links and important information about this integration:
  • About cookies and other trackers:
    • Cookies are small files saved on the user's device that allow the website or app to perform a series of functions, such as, for example, performing and maintaining login even across several separate sessions; monitor user navigation on the website or app; among others. Some cookies are essential, which means the website or app will no longer work without them. Cookies can also be your own or third-party cookies, which indicates who will receive the information contained in the cookie, whether our own website or app or a third-party service.
    • The main browsers on the market have native tools to manage the storage of cookies on your computer. You can choose to block third-party cookies, or even any and all cookies. However, if essential cookies are disabled, you will not be able to use the website or app.
    • In addition to cookies, there are other forms of tracking on the internet that are generally used for the purpose of obtaining information about the public that accesses a website or app, in order to obtain insights on how to provide the most appropriate service. This is the case, for example, of web beacons, small invisible files contained on website and app pages that may indicate access statistics for certain sections of a website or that an email has been opened. If we use other forms of tracking in addition to cookies, they will be indicated in the table below.
Registration dataEssential own cookiesNon-essential third-party cookies and other trackersSocial Login (registration data)
Type of data collectedIdentification data (e-mail, full name, city of residence and profession).Login information, service usage preferences.Keywords used in searches, page views, URL where the user and visitor come from, browser they use and access IPs, among others.Identification data (name and email), profile photo, list of friends.
How to obtain dataRegistration form (website or app)Automatic, via web browser.Automatic, via web browser.Automatic, via browser.
Purpose of treatmentProvide access to the service, provide the service, contact the owner.Provide access to the service; provide service.Service personalization; Analysis of aggregated access data; Display of targeted advertising.Provide access to the service, provide the service, contact the owner.
Legal basis usedConsent.Legitimate interest.Consent.Consent.
Data retention timeService usage time; until the customer requests cancellation of the account.Login persistence for 10 days Login persistence for 10 days Service usage time; until the customer requests cancellation of the account.
Sharing with third partiesThere is not.There is not.Data shared with advertising service providers and access data.The data is obtained by Facebook or Google, based on the consent already expressed by the holder to the social network, and is shared with the Controller.
Transfer. InternationalThere is not.There is not.Transfer to cloud servers of the third party involved in the analytics operation. The service used is Google Analytics, which provides specific contractual clauses relating to compliance with the LGPD and selects advertising providers that agree with the terms necessary to ensure compliance with the law, in addition to being certified by international data security guarantee instruments. .The data is originally obtained by Facebook or Google, so the contractual conditions established between the holder and Facebook or Google apply.
  1. Note about Controllers of your personal data:
    1. Park.AI is Controller.
    2. However, Park.AI also uses your personal data to obtain insights business, in order to improve the service offered to users and customers. In this case, and in specific relation to data processing operations relating to this purpose, E-Trilhas is Controller of the data.
  2. Explanation of the indicated processing purposes:
    1. Provide access to the service, provide the service, contact the owner. These purposes include, but are not limited to: managing login to the website or app; provide access to expected functionalities; manage the user account; maintain contact with the service user to resolve issues related to the use of the service; send updates regarding the use of the service, the user's account and their interactions with the website or app; provide, if the user has agreed, marketing via email of relevant services related to the website or app, from Park.AI itself or third parties.
    2. Service personalization; Analysis of aggregated access data; Display of targeted advertising. These purposes include, but are not limited to: applying automated solutions for organizing the timeline and suggesting relevant content within the website or app; connection suggestion to other users; mechanism management upvote It is downvote and evaluations in publications on the website or app; production of internal reports on website or app usage statistics; display of targeted advertising provided by third-party targeted advertising services.
  3. Note on sharing personal data:
    1. In the course of processing your personal data, it may be necessary to share it with third parties. This generally occurs to carry out specific services necessary to achieve the purposes of the processing.
    2. Thus, the Controller you can hire Operators to perform parts of the service.
    3. These Operators, in turn, may eventually hire Suboperators to carry out these services.
    4. Operators It is Suboperators Contractors will need the approval of the Controller and will be subject to specific contractual clauses that guarantee respect for the protection of holders' personal data.
    5. The categories of Suboperators or Operators of personal data with whom we may share your data are as follows:
      1. Cloud storage service company(ies), including email services, file storage, shared work tools, content management systems etc.
      2. Hosting provider company(ies), responsible for storing website and app data and processing user access.
      3. Information security company(ies) or professional(s).
      4. Traffic data analysis company(ies) or professional(s), responsible for analyzing aggregated access data to our services to produce insights regarding improvements to them.
    6. We clarify that, in addition to the sharing specified above, we may also share your data for the following purposes:
      1. Compliance with legal determination, request, requisition or court order before competent judicial, administrative or governmental authorities.
      2. In the case of corporate movements, such as mergers, acquisitions and incorporations.
      3. To protect the rights of E-Trilhas or Associação Mico-Leão-Dourado in any type of conflict, including judicial ones.
    7. Additionally, we clarify that the data publicly posted by the holder, including their personal identifying data as defined in the privacy settings of the website and app, will be visible to other users of the website and app.
    8. About international data sharing: in some cases, it may be necessary to share your data with entities based or whose servers are located outside Brazil. When this occurs, we will make sure that these entities are governed by laws or contractual terms that guarantee a level of data protection equivalent to that provided by the LGPD.
    9. The processing of personal data for purposes not provided for in this Privacy Policy will only occur with prior communication to the user, so that the rights and obligations set out herein remain applicable.
  4. Notice regarding automated processing of personal data:
    1. To provide the service on our website and app, we need to carry out automated processing of some personal data. This means that we apply algorithmic or similar decision mechanisms to, for example, define the hierarchy of content to be displayed on the user's timeline.
    2. According to the LGPD, the holder has the right to request the review of automated decisions using their personal data. To this end, we provide direct contact with our person in charge of processing personal data, indicated in item 1.b of this Privacy Policy, as well as mechanisms integrated into the website and app for indicating preferences.
  5. Safeguarding and security of personal data
    1. Data retention time:
      1. The user's and visitor's personal data are stored by the platform for the period necessary to provide the service or fulfill the purposes set out in this document, in accordance with the provisions of item I of article 15 of Law 13,709/18.
      2. Data may be removed or anonymized at the user's request, except in cases where the law provides other treatment.
      3. Furthermore, users' personal data may only be kept after the end of their processing in the following cases provided for in article 16 of the aforementioned law:
        1. compliance with legal or regulatory obligations by the controller;
        2. study by a research body, ensuring, whenever possible, the anonymization of personal data;
        3. transfer to a third party, provided that the data processing requirements set out in this Law are respected;
        4. exclusive use of the controller, access by third parties is prohibited, and provided that the data is anonymized.
    2. Data security

The platform undertakes to apply technical and organizational measures capable of protecting personal data from unauthorized access and situations of destruction, loss, alteration, communication or dissemination of such data. To this end, it undertakes to meet legal data security requirements and to apply measures consistent with the security expectations that may be had, taking into account the way in which data processing is carried out; the result and risks that can reasonably be expected from it; and the available personal data processing techniques.

The platform undertakes to communicate to the user in the event of any proven breach of security of their personal data.

Personal data stored is treated confidentially, within legal limits. However, we may disclose your personal information if we are required by law or court order to do so.

  1. Specification of safety standards and certifications and, in their absence, of:
    1. Crypto Adoption
    2. Anonymization of data stored for exclusive use by the controller
    3. Data access control
    4. Periodic reviews of system security robustness
  2. Data security controls when handled by operators
  3. Data storage location
  4. Data security breaches
    1. Clarification about the possibility of breaches even when all reasonable precautions are taken
    2. Commitment to provide an expedited report to the ANPD to address the breach
    3. Notice that the holder has a crucial role in maintaining the security of their data
  1. Change to privacy policy
    1. Any changes to this Privacy Policy will be communicated in advance to the Holder, which may renew its consent to the new terms. These changes will be communicated via email indicated by the Holder and will be published at this URL: https://etrilhas.com.br/assets/pdf/politicadeprivacidade.pdf.
  2. Responsibility
    1. Controller and any Operators are responsible for damages caused as a result of carrying out personal data processing activities.
      1. Operators are jointly and severally liable for damages caused by processing when they fail to comply with data protection legislation obligations or when they have not followed the lawful instructions of the Controller, in which case they are equivalent to the Controlling Company.
    2. Controller It is Operators processing agents will only not be held responsible when they prove:
      1. who did not process the personal data assigned to them;
      2. that, although they carried out the processing of personal data assigned to them, there was no violation of data protection legislation; or
      3. that the damage is the result of the exclusive fault of the data subject or a third party.
en_USEnglish
pt_BRPortuguese en_USEnglish