Privacy Policy

This website is maintained and operated by RK & CO. LTDA, a private legal entity registered in Brazil.

This website collects and uses some personal data from its users. In doing so, the company acts as the data controller and is subject to the provisions of Federal Law No. 13,709/2018 (General Law on the Protection of Personal Data - LGPD).

The company respects your privacy and the protection of your personal data. Personal data is used within legal and ethical limits, and to provide the utmost care. To ensure transparency about the precautions taken, we present this privacy policy, which contains important information about:

Who should use the website;
What data is collected and how it is used;
Your rights regarding your personal data; and
How to contact us.

Who should use our website?

This website should only be used by persons over the age of eighteen. Therefore, children and adolescents are not permitted to use it.

Data we collect and reasons for collection
This website collects and uses some personal data from users, as set out in this section.

Personal data expressly provided by the user
The following personal data is collected when users expressly provide it when using the website:

Full name;
Address;
Cell phone or landline;
Zip code;
Email;
This data is collected at the following times:

When the user registers on the website/payment system;
When the user uses the contact form;
The data provided by our users is collected for the following purposes:

In order for the client to access the company's platform;
So that the customer can contact our Customer Service;
So that our Customer Service can contact the customer.
For the Company to offer exclusive offers, promotions, and discounts to customers.

Sensitive Data
No sensitive data will be collected from our users, as defined in Articles 11 et seq. of the Personal Data Protection Act. Therefore, no data will be collected regarding racial or ethnic origin, religious beliefs, political opinions, membership in trade unions or organizations of a religious, philosophical, or political nature, data relating to health or sexual life, or genetic or biometric data when linked to a natural person.

Collection of Data Not Expressly Provided
Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided they are provided with the user's consent or if their collection is permitted by another legal basis.

In any case, the data collection and resulting processing activities will be communicated to website users.

Sharing Personal Data with Third Parties
We do not share your personal data with third parties. However, we may do so to comply with a legal or regulatory requirement, or to comply with an order issued by a public authority.

How long will your personal data be retained? The personal data collected by the website is stored and used for the period necessary to achieve the purposes listed in this document, taking into account the rights of the data subjects, the rights of the website controller, and applicable legal or regulatory provisions.

Once the personal data retention period has expired, it is deleted from our databases or anonymized, except in cases where its retention is possible or required by law or regulation.

Legal basis for the processing of personal data
The legal basis for the processing of personal data is simply the legal basis, provided by law, that justifies it. Therefore, each processing of personal data must have its corresponding legal basis.

We process our users' personal data in the following cases:

With the consent of the owner of the personal data;
For the regular exercise of rights in judicial, administrative or arbitration proceedings;
For the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject. Consent
Certain personal data processing operations carried out on our website require the user's prior consent, which must be freely given, informed, and unequivocal.

The user may revoke their consent at any time. If there is no legal basis permitting or requiring data storage, the data provided with consent will be deleted.

Furthermore, if you wish, you may object to any processing of your personal data based on your consent. However, in these cases, you may not be able to use some website features that depend on such processing. The consequences of not providing your consent for a specific activity are communicated before processing begins.

Execution of the contract
In order to execute any contract entered into between the website and the user, other data related to or necessary for its execution may be collected and stored, including the content of any communications with the user.

User rights
The user of the website has the following rights, granted by the Personal Data Protection Law:

Confirmation of the existence of treatment;
Access to data;
Correction of incomplete, inaccurate or obsolete data;
Anonymization, blocking or deletion of unnecessary, excessive or data processed in violation of the law;
Data portability to another service or product provider, upon express request, in accordance with the regulations of the national authority on trade and industrial secrets; Deletion of personal data processed with the data subject's consent, except in cases provided for by law;
Information about the public and private entities with which the data controller has shared data;
Information on the possibility of denying consent and its consequences;
Revocation of consent.

It's important to note that, under the LGPD, there is no right to delete data processed based on legal grounds other than consent, unless the data is unnecessary, excessive, or processed in violation of the law.

How can the interested party exercise their rights?
To ensure that the user seeking to exercise their rights is, in fact, the data subject of the request, we may request documents or other information that facilitates their correct identification, in order to protect our rights and those of third parties. However, this will only be done if absolutely necessary, and the requester will be provided with all relevant information.

Security measures for the processing of personal data
We employ technical and organizational measures capable of protecting personal data from unauthorized access and from destruction, loss, misplacement, or alteration.

The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a potential breach would pose to the user's rights and freedoms, and the standards currently in place by companies similar to ours.

Among the security measures we adopt, we highlight the following:

- Storing passwords using cryptographic hashes;

- Restrictions on access to databases;

- Monitoring physical access to servers;

- Limitation of permissions to system modules;

- Use of a secure website.

Although we do our best to prevent security incidents, it is possible that a problem may arise that is solely caused by a third party, such as in the case of hacker or cracker attacks, or even in cases of sole fault of the user, such as when transferring their data to a third party. Therefore, while we are generally responsible for the personal data we process, we are exempt from liability in the event of an exceptional situation such as this one, over which we have no control.

In any case, if any type of security incident occurs that could pose a significant risk or harm to any of our users, we will notify those affected and the National Data Protection Authority, in accordance with the provisions of the General Data Protection Law.

Complaint to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, interested parties who consider themselves harmed may file a complaint with the National Data Protection Authority.

Cookies
We use cookies on our website to collect information about the behavior of our visitors and customers. Cookies are small text files that are stored on your device when you access our platform. They allow us to recognize and monitor information about your activities and preferences while you browse our website.

These cookies are intended to:

Analyze and monitor the use of our website and applications.

Help us understand how our visitors and customers use the Platform.
Contribute to the continuous improvement of the website, applications, and communications to ensure we can deliver interesting and relevant content.
Cookies collect information, including, but not limited to:

Pages visited.
Time spent on each page.
Products or services viewed.
Navigation behavior.
Language preferences.
Device used.
Approximate geographic location. By continuing to use our website, you agree to the use of cookies in accordance with this policy. If you do not wish to use cookies, you can disable them in your browser settings, although this may affect website functionality.

Changes to this Policy
This version of this Privacy Policy was last updated on October 10, 2024.

We reserve the right to modify these rules at any time, in particular to adapt them to any changes made to our website, whether by adding new features or removing or modifying existing ones.

Whenever a change occurs, our users will be notified.

How to contact us
To clarify any questions regarding this Privacy Policy or the personal data we process, please contact our Personal Data Protection Officer through one of the channels indicated below:

Email: contacto@shopdrax.com