The Privacy and Personal Data Protection Policy of Qyon Tecnologia S.A., Qyon Instituição de PayPal Ltda., Qyon Administradora e Corretora de Seguros Ltda. and other companies that make up the Qyon Business Group, which includes its controlling and controlled companies, directly or indirectly, as well as its affiliates and companies under common control in Brazil ("QYON") was created to describe and inform the processes of collection, use, sharing and storing personal data, in order to inform data subjects of their rights and ensure that such data is treated securely and subject to a transparent privacy policy.

1. Definitions

 

The following terms beginning with capital letters contained in the QYON Privacy and Personal Data Protection Policy will have the meanings assigned below, in accordance with the Brazilian General Personal Data Protection Law, Law No. 13,709/2018:

• Processing agents: the controller and the operator.

• Controller: natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data.

• Personal Data: any and all information related to a natural person that allows the identification of its holder.

• Sensitive Personal Data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.

• LGPD: Brazilian General Personal Data Protection Law, Law No. 13,709/2018.

• Operator: natural or legal person, governed by public or private law, who processes personal data on behalf of the controller;

• Policy: QYON Privacy and Personal Data Protection Policy.

• Holder: natural person to whom the personal data that is subject to processing refers.

• Processing: any operation carried out with personal data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.

2. Aplication

 

The Policy applies to all services and products provided and offered by QYON. From time to time, QYON may develop new products and/or services or offer additional services and/or products. If the introduction of such new or additional services and/or products results in any material change in the way in which we collect or process personal data, we will provide additional information, conditions or policies. Except as otherwise indicated when new or additional products and/or services are introduced, they will be subject to this Policy.

​

This Policy applies to natural persons who have a relationship with QYON, through the provision of personal data (whether in the case of providing personal data to contact QYON in their own name or as representatives of a legal entity).

 

This Policy is also applicable to other forms of personal data collection by QYON, which allow the provision or improvement of our services. For example, we may collect information through partners or relating to our technologies.

 

All forms of collection and use of your personal data are described in this Privacy Policy. The practices described in this Policy only apply to the processing of your personal data in Brazil and are subject to applicable local laws, with emphasis on the LGPD.

3. Data collection

 

When accessing QYON's virtual page, requesting, hiring or using QYON's products or services, some personal data is provided and collected, which may be processed by QYON, according to its purpose. In some cases, the data is provided directly by the Holder, but it is also possible that some Personal Data is collected automatically, as specified below.

 

The Holder must only provide true, current and accurate personal data, being solely responsible for false, outdated or inaccurate information provided to QYON. Data provided by the Holder.

 

This data includes all information that the Owner voluntarily entered or provided on the Platform, covering:

​

(I) Personal Data of the User/Holder: any data that, in any way, identifies the User/Holder as a natural person, such as, but not limited to, name, identification documents, nationality, profession, address, date of birth, parentage, gender, telephone number, email address, telephone number, bank details, as well as any other information that allows your personal identification.

(II) Personal Data that may appear in Electronic Tax Documents: collectively, electronic invoices (NFe), electronic service invoices (NFSe), electronic consumer invoice (NFCe), electronic waybill (CTE), as well as any other documents issued by the platform and transmitted to the systems of the Federal Revenue Service, Treasury Department and City Halls whose recipient is the Contracting Party, which will be automatically downloaded/stored by the Platform for analysis and access by the Contracting Party.

(III) Personal Data that may be included in Electronic Financial Documents: together, issuance of invoices and payment receipts issued by the platform and transmitted to banks digitally to the systems of Banks whose contractor has a relationship, which will be processed/stored by the Platform ERP for analysis and access by the Contractor.

​

(IV) Personal Data of Users' collaborators, contractors, employees, representatives and vendors: any data that, in any way, identifies them as natural persons, such as, but not limited to, name, identification documents, nationality, profession, address, date of birth, affiliation, gender, telephone number, email address, telephone number, bank details, remuneration, pay slips, as well as any other information that allows your personal identification.

 

Data provided by the holder to open an account and access the QYON Bank platform

 

To access the QYON Bank platform, QYON requests the availability of personal data, according to the classification between accounts of individuals or legal entities.

 

To create and access Individual accounts, the data collected is:

 

• Full name, registration number in the Individual Taxpayer Registry and date of birth, gender identification information, marital status, city and state of birth of the Holder, data necessary to verify and confirm identity and to enable contractual fulfillment;

• Address data including login, number, complement, neighborhood, city, state and zip code, email address and landline or cell phone number, necessary for communication with the holder in order to guarantee compliance with contractual and legal obligations and regulatory;

• Parental data, with the mother's name being mandatory and the father's name being optional, to verify homonyms;

• Identification document data, with document number, date of issuance, issuing body and state of issuance, to secure the Holder's identity verification procedures;

• Sending a personal document (ID containing CPF or CNH) + Photo of your face, with access to the camera to capture the holder's facial image, a procedure known as Facematch, used to increase the security of access to the platform and verify the holder's identity .

​

To create and access Legal Entity accounts, the data collected is:

​

• Corporate name, CNPJ registration number, business name, date of foundation, contact telephone number for the company and CRC registration number in the case of accounting companies – all these data are not considered by the LGPD as Personal Data and are requested to enable the contracting of the payment account;

• Address data including login, number, complement, neighborhood, city, state and zip code, email address and landline or cell phone number, necessary for communication with the legal entity in order to ensure compliance with contracts and legal obligations and regulatory;

• Full name, date of birth, registration number in the Individual Taxpayer Registry of the representative of the legal entity, data necessary to verify and confirm the identity of the representative and the regularity of the representation of the legal entity;

• Affiliation data of the representative of the legal entity, with the mother's name being mandatory and the father's name being optional, to verify homonyms;

• Address details of the representative of the legal entity including login, number, complement, neighborhood, city, state and zip code, email address and landline or cell phone number, necessary for communication with the representative of the legal entity in order to guarantee compliance with contracts and legal and regulatory obligations;

• Identification document data, with document number, date of issuance, issuing body and state of issuance, to secure the Holder's identity verification procedures;

• Sending a personal document (RG containing CPF or CNH) of the legal entity's representative + current version of the legal entity's incorporation document + Photo of the face of the legal entity's representative, with access to the camera to capture the representative's facial image, procedure known as Facematch, used to increase the security of access to the platform and verify the identity of the holder, as well as their powers to represent the legal entity.

Browsing and device data

 

This data includes: IP address of the mobile device used to access QYON services or products, technical data such as URL, network connection, provider, and device information, Cookies (as detailed below), device attributes, such as ID, operating system, browser and model; and device geolocation data if you authorize collection from your device.

 

Personal data arising from the use of QYON Platforms

 

This data includes:

Personal data that may appear in Electronic Tax Documents: collectively, electronic invoices (NFe), electronic service invoices (NFSe), electronic consumer invoice (NFCe), electronic waybill (CTE), as well as any other documents issued in the systems of the Federal Revenue Service, Treasury Department and City Halls whose recipient is the User of the Qyon Platform, which will be automatically downloaded by the Platform for analysis and access by the User.

 

Personal data that may appear in emails with their attachments that are saved on the platform, transforming them into a service record, as configured by the contractor on the platform, authorizing this procedure to be carried out and data collected from third-party systems through integrations configured by the contractor on the platform. QYON platform.

 

Public data Such data includes the Contractor's data collected in public databases, including, without limitation, those collected on the websites and/or systems of the Federal Revenue, Treasury Department and City Halls.

4.Purposes of Processing Personal Data

QYON uses the personal data collected to provide high quality products and services, ensuring the security of its Platforms, in addition to complying with legal and regulatory obligations that require knowledge and sharing of personal data with competent authorities. We detail below the purposes for which we use your personal data:

• Comply with regulatory or legal obligations, as per art. 7th, II, of the LGPD;

• Exercise the right to defense in judicial, administrative or arbitration proceedings, in accordance with art. 7th, VI, of the LGPD;

• Comply with decisions made by authorities, whether administrative or judicial, in accordance with art. 7th, II, of the LGPD;

• Verify identity and ensure greater security while browsing our channels, as well as adopt fraud prevention procedures, with the aim of offering protection to the Holder or QYON, in accordance with art. 7th, II and V, of the LGPD;

• Perform actions due to pre-contractual relationships, or during the contracting period, product) or post-contracting, according to art. 7th, V, of the LGPD;

• Handle complaints, queries and requests (Customer Service, SAC, Ombudsman) and provide support to the Holder, in accordance with art. 7th, V, of the LGPD;

• Use cookies, in accordance with this Policy, in accordance with art. 7th, V, of the LGPD; and

• Carry out maintenance and registration updates, in accordance with art. 7th, II and V, of the LGPD.

Sensitive Personal

 

Data Sensitive data will eventually be collected by QYON only in case of compliance with a legal or regulatory obligation, pursuant to art. 11, II, a) of the LGPD.

 

Data on children and adolescents

 

QYON does not knowingly collect data from children and adolescents through its digital platforms. Therefore, if the parent or guardian becomes aware of the improper provision of such information, they may request the deletion of the respective data, in the manner established by this Policy.

5. Data Subject Rights:

QYON undertakes to comply with the legal standards that apply to the processing of data of any person who maintains a public or private legal relationship, and through which data collection takes place, in respect for good faith and, mainly, but not only , based on the following principles: a.) transparency, b.) purpose, c.) suitability, d.) necessity, e.) quality, f.) accuracy, g.) safety, h.) prevention and i.) no discrimination.

The holder may exercise the protection of their rights, whenever they understand/verify any possible non-compliance on the part of QYON, through communication addressed to the following channels: email: lgpd@qyon.com.br and telephone: (19) 2660-2579.

 

QYON guarantees the possibility of submitting requests based on the following rights:

a) confirmation of the existence of treatment;

b) access to data;

c) correction of incomplete, inaccurate or outdated data;

d) anonymization, blocking or deletion of unnecessary, excessive or processed data that does not comply with the Law;

e) data portability to another supplier;

f) the elimination of data processed with the User's consent, except in cases of legal custody and others provided for by Law;

g) obtaining information about the public or private entities with which QYON shared its data;

h) information about the possibility of not providing your consent, as well as being informed about the consequences, in case of refusal;

i) revocation of consent;

j) opposition to treatments carried out based on one of the hypotheses of waiver of consent, in case of possible non-compliance with the provisions of the General Data Protection Law;

k) the review of decisions taken solely based on automated processing of personal data that affect the interests of data subjects, respecting QYON's commercial and industrial secrets, such as, but not limited to, those based on criteria to prevent fraud or arising from the execution of a contract. QYON will make every effort to fulfill such requests in the shortest possible time. However, even in the case of an exclusion request, the minimum storage period for information from users of internet applications, determined by Brazilian legislation, among other applicable legal provisions, will be respected.

6. Storage and deletion of personal data

The personal data of holders who relate to QYON will be kept for a period no longer than that required to fulfill their purposes/objectives, for which they are processed, observing the deadline for compliance with legal obligation, within the scope of applicable legislation. , or regulatory authority of the controller, observing, whenever possible, the anonymization of data.

7. Recipients and transfer of Personal Data

 

Personal Data collected by QYON may be shared with:

​

(a) Research Bodies (in accordance with art. 5, XVIII of the LGPD);

(b) Direct Administration Bodies and Indirect Administration Entities of all Federated Entities of the Brazilian Public Power, in accordance with the law;

(c) Private Legal Entities with a contractual relationship with QYON, provided that the processing conditions relating to the purposes informed to the Holder are maintained, and the Holder is allowed to be aware of such sharing. The transfer of personal data may only be carried out to other countries, territories, or international organizations that ensure an adequate level of protection for data subjects, whether they are users or participants in educational, academic, research or medical relationships.

If there is no adequate level of protection, QYON undertakes to guarantee the protection of data subjects in accordance with the strictest rules, through specific contractual clauses for the proposed transfer, standard contractual clauses, global corporate standards or seals, certificates and codes of conduct regularly issued, in compliance with the most appropriate legislation for the case, under penalty of the data transfer not being carried out.

8. Cookies and similar technologies

When using the services of the QYON Platform, QYON may collect personal information about the services that the Owner uses and how such services are used. This information is necessary for the proper execution of services, as well as to make continuous improvements to the application's functionalities.

(i) Geolocation Information: information about your location may be collected, identified from data such as your IP address or the GPS of your mobile device, to offer you an optimized user experience. Most mobile devices allow you to control or disable the use of Application Location Services in the device's settings menu.

 

(ii) Forms of Use: Information may be collected about the way you use the QYON Platform Services, such as the most used features, changes made, time of use, etc.

 

(iii) Log Data: Log data and device information may be collected automatically when using the services of the QYON Platforms, even if the Holder is not a customer.

QYON may use technologies to store temporary navigation information in order to improve and improve the experience when using its products. The main technological tools that do this are “cookies”, similar technologies are also used.

 

With this, it is possible to know, for example, which websites were visited by the Owner, their Internet Protocol (IP), the version of their browser, etc.

 

However, it is possible for the Owner to configure their device to manage the use of cookies or to alert them when they are active. Some cookies may be necessary for browsing and their deactivation may impair some features of the QYON Services.

9. General Provisions

For other more detailed information and for any communication with QYON regarding this Privacy Policy, the holder may access the customer communication channels, including through the virtual page www.qyon.com

 

QYON, as a legal obligation, must ensure compliance with the law and court decisions and provide Personal Data to respond to authorities, ensure your rights and prevent risks of fraud.

 

This Privacy Policy was updated on March 25, 2024, so the Controller reserves the right to modify, change the information contained in this Policy, available on the website -www.qyon.com

 

The Holder who has provided an email address will be expressly notified in the event of a change to this Privacy Policy.                

Rodovia Luiz de Queiroz, SP-304 - Km 127,5
Americana SP - CEP 13466-170
Fone: 0800 591 0486 | www­.qyon.com