Privacy Policy – OpenSolo

OPEN SOLO PLATFORM PRIVACY POLICY

Last updated on 09.07.2021

Hello, welcome to the Open Solo Platform Privacy Policy (“Privacy Policy” or “Policy”)!

We at OPENSOLO HOLDING S.A (“OpenSolo”, “we” or “our”), present below the Privacy Policy of the Open Solo platform (the “Platform” or “OpenSolo Platform”), which explains in a simple, objective and transparent manner which Personal Data we collect from you (“you”, “User”, “Data Subject”), for what purposes, with whom they may be shared and what resources are available to Data Subjects to manage the Data.

It is not possible for us to offer the functionalities of the Platform without having access to this Personal Data. In other words, the processing of Personal Data is a condition for the efficient use of the Platform.

The content of this Policy is as follows:

PRINCIPLES OF PERSONAL DATA PROCESSING
WHICH PERSONAL DATA DO WE COLLECT AND PROCESS
WHY DO WE COLLECT AND PROCESS THESE PERSONAL DATA
HOW DO WE USE COOKIES
WHAT LEGAL BASES DO WE USE TO PROCESS YOUR PERSONAL DATA
WHEN DO WE DELETE THE PERSONAL DATA
WITH WHOM DO WE SHARE YOUR DATA
WHAT ARE YOUR RIGHTS REGARDING THESE PERSONAL DATA
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA
INTERNATIONAL TRANSFER
CHANGES TO THIS POLICY
HOW TO MAKE A COMPLAINT
APPLICABLE LAW AND JURISDICTION
GLOSSARY

If after reading this Policy you still have further questions, or for any reason you need to communicate with us on matters involving your Personal Data, you can contact us by e-mail at contact@opensolo.com

ATTENTION: IN CASE YOU DO NOT AGREE WITH ANY OF THE TERMS PRESENTED THROUGHOUT THIS POLICY, YOU SHOULD NOT USE ANY OF OUR SERVICES.

1. PRINCIPLES OF PERSONAL DATA PROCESSING

When OpenSolo acts as Data Controller, that is, when OpenSolo makes decisions about which Personal Data must be collected and how is the best way to process it, we will do it based on good faith and in line with the following principles:

The Purpose Principle
The Adequacy Principle
The Necessity Principle
The Principle of Free Access
The Data Quality Principle
The Transparency Principle
Security Principle
Prevention Principle
Non-Discrimination Principle
Accountability Principle

OpenSolo may collect and store various Personal Data from Data Subjects during the provision of its Services, as well as during the use of the OpenSolo Platform.

In addition, OpenSolo is committed to collecting only the Personal Data that is essentially necessary for the purpose for which they were collected, that is, we seek to ensure that we minimize the collection of excessive Personal Data.

2. WHICH PERSONAL DATA DO WE COLLECT AND PROCESS

OpenSolo can collect the Personal Data indicated in this Policy (i) directly from the Data Subjects; (ii) through third parties, such as Partners and Providers; (iii) or through public sources, as needed for the purposes described in the Section “Why Do we collect and Process these types of Data”. We only receive or collect the following types of information related to Users: (1) Registration Information; (2) Financial and Personal History Data; (3) Regulatory Data; and (4) Device Information, as described in this Policy. Thus, OpenSolo may collect all or some of the Personal Data listed below in accordance with our interaction with you.

2.1 Registration Information: The information that the User fills in when registering on the Platform to create an account, before using the Services:

Individual Tax Number (CPF) or National Registry of Legal Entities (CNPJ), as applicable
access password
e-mail address
telephone number

2.2 Financial Data and Personal History: This is information we collect to run a credit analysis and guarantee that you are capable of fulfilling the obligations set forth in the contract with other Users and/or our Partners, which includes:

Credit Score
Status before the Federal Revenue
Bank account data
Specific consultations, such as the status and history of legal proceedings, tax, financial, banking, credit, and payments.

Based on these Personal Data, we, or one of our Partners will evaluate whether you are able to purchase the Products on the Platform and/or order the Services through the Platform.

2.3 Regulatory Data: For the Exchange Transactions and Credit Insurance Units, in addition to the Personal Data listed above, we will need to collect some specific information about you and the company you represent, such as:

Balance Sheet and Billing Information
Number of Employees
Branch and Bank Account Number
Transaction-related data
Legal representative’s full name
Legal representative’s Individual Tax Number (CPF)
E-mail of the legal representative
Phone number

2.4. Device Information: This is information collected through technologies, such as cookies when Users interact with the Platform. This information includes:

Technical data, such as URL information
Necessary cookies
IP Address
Preferred Language
Types of devices you are using to access or connect to the Platform
Unique device ID

3. WHY DO WE COLLECT AND PROCESS THESE PERSONAL DATA

3.1 Registration Data

We will collect Registration Data primarily to create a User account for you, through which you will be able to request and consult our Services. In addition, we may process your Personal Data for the following purposes:

To identify and authenticate your User account;
To provide the Services;
To mediate your relationship with other Users and with Partners;
To provide technical support;
To answer your questions;
To protect our legal rights;
To contact you (by e-mail, mail, text messages and/or telephone) on several matters, including the use of the Platform and/or collection of amounts due;
To send you messages with information about metrics identified on the Platform related to User consumption.

3.2. Financial and Personal History Data

Your Financial and Personal History Data will be processed in order to approve your application and enable us to provide our Services, as well as to:

To provide security mechanisms and fraud control measures to the extent authorized by applicable laws;
To ensure you are able to fulfill the obligations you agreed upon contract;
To comply with legal obligations;
To provide the Services;

3.3. Data for Regulatory Purposes

Your Data may be used to comply with obligations imposed by a competent regulatory or governmental authority in relation to tax and exchange transactions, as necessary and as provided by applicable law. We may also process your Personal Data to allow our Partner Bank, our Partner Carrier and/or our Partner Broker to provide the Accessory Services to you.

3.4. Device Data

To comply with legal obligations
To help us understand your Platform usage patterns and improve the Platform
To customize our Services and provide you with a best suited interface for your needs

We do not use User Data for any purposes other than those described above.

4. HOW DO WE USE COOKIES

OpenSolo may collect information about the User by browsing the Platform. Cookies are small files that are installed on your hard disk, with a limited duration that helps personalize the Services. The installation, maintenance and existence of cookies in the User’s computer depends on the User’s exclusive will and may be eliminated from your computer whenever you so desire.

We emphasize that OpenSolo uses cookies considered essential for the proper performance of the Platform. The User has the option of not accepting them (opt-out), however, with the knowledge that the Platform’s functionalities may be compromised. The same limitation will not apply to marketing cookies since OpenSolo will only use them with the prior and express consent of the Users (opt-in).

5. WHAT LEGAL BASES DO WE USE TO PROCESS YOUR PERSONAL DATA

Our legal basis for collecting and processing will depend on the Personal Data concerned, the specific context for which we collect them and the applicable data protection law.

However, we will generally process your Personal Data on the following legal bases:

A. EXECUTION OF A CONTRACT

This legal basis applies when the Personal Data Processing is necessary for the performance of a contract or for preliminary proceedings related to the contract to which the Data Subject is a party. We use this legal basis to, for example, Process Personal Data to send communications necessary for the provision of our Services, such as email to inform you of outstanding payments and to forward notices related to the Services.

B. PROTECTION OF CREDIT

In some jurisdictions, we may also process your Personal Data to ensure that you will be able to pay for our Services and to contract with our Partners and other Users on the Platform, including through credit analysis, in which case we will evaluate your financial situation and, depending on the information we obtain from this analysis, we may or may not approve your order on the Platform.

C. COMPLIANCE WITH LEGAL OR REGULATORY OBLIGATIONS

Personal Data may be Processed on the basis of compliance with a legal or regulatory obligation in its jurisdiction. In other words, this means that the Processing of Personal Data by OpenSolo is required by law or regulation imposed on us to ensure compliance with specific legislation. As we work directly with our Bank Partners, they may be subject to specific rules and regulations, including in relation to the sharing of their Personal Data with regulatory and/or government bodies.

D. REGULAR EXERCISE OF RIGHTS

At times it will be necessary to process Personal Data in order to defend OpenSolo’s rights in legal, administrative or arbitration proceedings. This will be the case, for example, when it is necessary to obtain legal advice to legal proceedings, legal representation or when we are required by law to withhold or disclose certain information as part of a legal proceeding.

E. LEGITIMATE INTEREST

OpenSolo bases the Processing of the Personal Data of Data Subjects on this legal basis when, after applying the legitimate interest test, it assesses that the Processing in question will not harm the Data Subjects in any way and will, in fact, contribute to the purpose of offering a more efficient Service. We use this legal basis to, for example, personalize your experience on our Platform by means of the necessary cookies.

F. CONSENT

Personal Data may also be Processed based on the consent of the Data Subject or responsible party, in which case OpenSolo will obtain your prior consent in order to proceed with the Processing.

This means that OpenSolo may request your consent to send communications that are not necessary for the provision of the Services, such as information related to the production consumption of Products within the Platform.

6. WHEN DO WE DELETE THE PERSONAL DATA

We have structured the Platform and our operations so that your Data is not kept in an identified manner for any longer than is necessary. That is, we retain Data only for as long as it is necessary for the purposes described above, if we are required to do so by law, or if we have some other legitimate reason for retaining it.

We may keep Data in an anonymized form and for the exclusive use of OpenSolo, that is, without being related or relatable to a User, for longer periods.

The information we collect regarding your IP address and the access logs of registered Users is stored for at least six (6) months in accordance with applicable law.

In addition, you may, at any time, request the deletion of your Personal Data from OpenSolo’s databases, except for the retention of Personal Data which maintenance is permitted by applicable law, for example, due to contractual, legal or regulatory obligations, as well as to allow and ensure the regular exercise of our rights in judicial, administrative or arbitration proceedings.

Please note that in the case where the Processing carried out by OpenSolo is based on the legal basis of the Data Subject’s prior consent, such consent may be revoked at any time and at the Data Subject’s own discretion. In this case, OpenSolo will cease the Data Processing, unless we have another legitimate basis to do it, or we are required by law to retain the Personal Data.

7. WITH WHOM DO WE SHARE YOUR DATA

We may, eventually and as necessary, share any of your Data with the third parties identified below:

OpenSolo Partners or our Providers, such as financial institutions, insurance companies, brokers, carriers, cloud storage providers, legal counsel, and others.
Judicial, law enforcement or government authorities or other third parties with whom we are required by law, regulation or court order to share Data
Prospective buyers

In regard to prospective buyers, if the sale is not concluded, we will ask the prospective buyer not to use and disclose your Personal Data in any manner or form and to delete it completely.

We emphasize that the Partners will be allowed to obtain only the information necessary to provide the service properly and we require they commit to the same level of protection and privacy that OpenSolo would have if it had processed them directly, this includes the obligation to not use your Personal Data for any purpose other than the purpose contracted by OpenSolo, as well as obligations of confidentiality and security standards, among others. Whenever possible and compatible with the processing activities and their respective purposes, the information will be provided to these third parties so as to preserve the anonymity of the Users and/or Data Subjects.

Some of the third parties mentioned above may be located outside Brazil. If your Data is transferred to another country, we will take measures as required by law to ensure that it remains protected.

We recommend that Users keep in mind that when you use the Platform and provide us your Data, it may be sent to other countries. Thus, if you wish to proceed with a transaction involving the services of one of OpenSolo’s Partners, then your information may become subject to the laws of the jurisdiction(s) in which the contact or its facilities are located.

If you would like more information about the sharing we conduct in any particular context, please contact us at contact@opensolo.com

8. WHAT ARE YOUR RIGHTS REGARDING THESE PERSONAL DATA

We will ensure that you are able to enforce your rights and respond to your requests in accordance with all data protection laws applicable to you.

In some jurisdictions, you have the right to contact and/or petition to the competent data protection authority to submit a complaint against our data protection and privacy practices. Please do not hesitate to contact us using the information below before filing any complaint with the competent Data protection authority.

Exceptions: There are situations where OpenSolo will need to keep Personal Data provided by Data Subjects and, for such reason, it will be unable to comply with Data Subjects’ requests. In these cases, OpenSolo will notify the Data Subject, informing the reasons in fact or in law that prevent the immediate adoption of the measure (for example, to comply with legal obligations and obligations to third parties).

You may also exercise any of the above rights by sending an email to contact@opensolo.com

9. HOW DO WE STORE AND PROTECT YOUR DATA

We store your Data securely in third party data centers provided by operators of cloud computing services. Before sending your Data for storage in other countries, we adopt measures required by law to ensure that it remains protected.

We use best technical and administrative practices to protect Data against unauthorized access, destruction, loss, alteration, disclosure, or any form of inappropriate or unlawful processing.

At the same time, no platform is completely secure. If you have any concerns or suspicions that your Data is at risk, for example, if someone has accessed your password, please contact us immediately.

10. INTERNATIONAL TRANSFER

In cases where we need to transfer your Personal Data outside its jurisdiction, we will do it in a secure way and in compliance with applicable data protection laws.

In some jurisdictions we will require your prior express and specific consent for international transfers of your Personal Data. However, we emphasize that failure to provide such consent makes it impossible to provide the Services and even to use the Platform. Therefore, by accepting this Policy, you declare to be aware that if you do not provide consent for the transfer of your Personal Data it will make it impossible to provide the Services and, therefore, OpenSolo will not be able to mediate your relationship with Partners and other Users and you will not be able to use the Platform’s functionalities.

11. CHANGES TO THIS POLICY

We may change the provisions of this Policy at our discretion at any time, always in compliance with applicable laws relating to the privacy and protection of Personal Data.

Whenever we materially change this Policy, these changes will be posted on OpenSolo’s website and, whenever necessary, you will be informed of these changes. Thus, we recommend that you check the updated version of this Policy every time you access the Platform.

If any provision of this Policy is deemed unlawful or illegal by any governmental authority, the other terms will remain in full force and effect.

12. HOW TO MAKE A COMPLAINT

You can make a complaint using the OpenSolo contact details listed above. You can also contact and/or petition the competent data protection authority in your jurisdiction.

13. APPLICABLE LAW AND JURISDICTION

Access to the OpenSolo Platforms is permitted to Users residing in several jurisdictions, including Data Subjects located in Brazil, the European Union and other countries in South America. For this reason, OpenSolo shall observe the application of specific data protection laws in the countries where the data subject is located.

We emphasize that this Policy is governed and interpreted principally by the laws of the Eastern Republic of Uruguay, in the Spanish language, electing the courts of the city of Montevideo, Uruguay to settle any claim, dispute, conflict or controversy involving this Policy, which shall prevail over any other, however privileged it may be or may become.