The need to ensure that administrative activities within ILLIX, hereinafter referred to as the "Controller", are carried out in compliance with Law No. 13,709/2018, also known as the General Data Protection Law (LGPD), enacted with the purpose of protecting the fundamental rights of freedom and privacy, as well as establishing rules on the collection, use, storage and distribution of data.
For questions, we recommend reading: General Data Protection Law
Principles
Always in the performance of legitimate and specific purposes, we process Personal Data based on the following principles:
- respect for privacy;
- informational self-determination;
- freedom of expression, information, communication and opinion;
- inviolability of intimacy, honor and image;
- economic and technological development and innovation;
- free initiative, free competition and consumer protection;
- human rights, the free development of personality, dignity and the exercise of citizenship by natural persons.
General Principles of the LGPD
- Purpose: We process Personal Data for legitimate, specific and informed purposes;
- Adequacy: We process Personal Data in a manner compatible with the purposes disclosed and provided for by law;
- Necessity: We limit Processing to the minimum necessary to achieve the purposes;
- Free access: We guarantee facilitated and free-of-charge consultation on the processing of Personal Data;
- Quality: We guarantee the accuracy, clarity and updating of the data;
- Transparency: We provide clear and accessible information to Data Subjects;
- Security: We adopt technical and administrative measures to protect Personal Data;
- Prevention: We adopt measures to prevent damages in the processing of Personal Data;
- Confidentiality: We apply hierarchical access only to authorized persons;
- Integrity: We focus on the accuracy and updating of the information;
- Availability: We guarantee access to the information whenever necessary;
- Non-discrimination: We do not practice or tolerate any form of discrimination;
- Accountability: We adopt effective measures to demonstrate compliance with data protection rules.
Rights of Data Subjects
- Confirmation of the Existence of Processing;
- Access to the data;
- Correction of incomplete, inaccurate or outdated data;
- Anonymization, blocking or deletion of unnecessary, excessive data or data processed in non-compliance;
- Information about the entities with which we carry out shared use of data;
- Information about the possibility and consequences of refusing or withdrawing consent;
- Withdrawal of consent;
- Review of automated decisions;
- Data portability (pending regulation by the ANPD).
Processing of Personal Data
We carry out activities typical of a Controller and Operator Processing Agent. When the action of an Operator Agent is necessary, we establish a written contract that defines the subject matter, purpose and obligations in accordance with the LGPD.
- Registration: name, e-mail, phone, address, vehicle license plate number;
- Contact: first name, last name, Tax ID, full address, mobile, WhatsApp, e-mail;
- Sending notices: name, e-mail, phone;
- WhatsApp: name, e-mail and phone.
Sharing of Personal Data
ILLIX does not sell Personal Data and only shares it for legitimate and specific purposes.
With whom we share:
- Microsoft Azure – Platform and database management.
- Google – APIs for data transformation.
- Zamzar – Document conversions in various formats.
Data Retention
Customer, employee and third-party data will be retained for up to 5 years after departure or termination. After this period, the data will be deleted or, in the case of physical documents, shredded.
How to talk about your data
If you believe your personal data has been processed in a manner incompatible with this Policy, contact us through the privacy portal: https://www.helloethics.com/illix/lgpd or by e-mail at dpo@illix.com.br.
Glossary
Database
For questions or information about your report data that is not found on this page, contact our DPO (Data Protection Officer) at dpo@illix.com.br.
Cookies
Small files temporarily stored on the USER's computer, used to identify browsing preferences and other information related to their visit to a particular website/web page.
Personal Data
Information that identifies or makes the REPORTER identifiable.
Sensitive Personal Data
Data on racial or ethnic origin, religious conviction, political opinion, membership in unions or organizations of a religious, philosophical or political nature, data concerning health or sexual life, genetic or biometric data when linked to a natural person.
Data Processing
Any operation carried out with personal data, such as those referring to: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
Reporter
Any natural person who accesses and/or uses the functionalities of Hello Ethics.
Personal Data Breach
A security incident that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data.
Consent
Free, informed and unambiguous manifestation by which the data subject agrees to the processing of their personal data for a specific purpose.
Anonymization
Use of reasonable and available technical means at the time of processing, through which a piece of data loses the possibility of direct or indirect association with an individual.
Deletion
Erasure of data or a set of data stored in a database.