PRIVACY POLICY – PRODUCTS AND SERVICES UPX

Welcome to UPX. When using our websites, products and services (“UPX services”), rules and standards of our Privacy Policy, appropriate to the relevant legislation, will apply for greater security and transparency in the treatment of data provided by users.

As our products and services are varied, as UPX always seeks improvement and innovation, additional Terms, Licenses and Contracts may provide for specific terms and conditions of use for each product or service. Such documents will be available to each customer and user in their access panel when contracting UPX products and services.

After entry into force of Brazilian Law No. 13,709 / 2018 (LGPD - General Data Protection Law), express consent about the Privacy Policy for brazilian citizens will be required, which can be done on the client's panel or channels of communication.

I. COLLECTION AND PROCESSING OF PERSONAL DATA

UPX only collects data necessary for the Contract and for the performance of its products and services. In this way, data will be collected from the legal entity, (eg Corporate Name, TAX ID number, address, telephone, e-mail) and from the individual authorized representative of the company to sign contracts and participate in the management of the contracted services (p eg full name and security number or other official identification document, e-mail, telephone, profession and address). 

The time for using and processing the data will be the validity period provided for in the UPX product and service contracts, which each customer has access to at the time of contracting, or as long as the user wishes to keep their customer account active in the UPX systems. 

Personal data will be used to prepare and sign contracts and legal documents between the parties, as well as to identify users and their use of products and services, access to the customer panel, payment and purchase processing and communication with the customer. 

There may be other specific purposes for using data depending on the product or service, due to its technical characteristics, which will be expressly informed in the respective contract.

The user who signs contracts and accepts the expression of consent on behalf of a legal person, declares, under the penalties of the law, that he is his legitimate legal representative (eg partner, manager, employee, agent or legal attorney). 

In order to improve the quality of our services, in some cases, we remove the personal identity from the data transmitted by you. Such data is gathered to others to produce aggregated and anonymous statistical information (eg number of visitors, source IP address and country of the internet access provider's domain, date and time of access). 

Services in which the user wants to protect his data on the internet or monitor if there has been a leak (eg financial data such as a credit card), UPX will use the personal data reported by the user or third party Controller (eg financial institutions or public bodies), authorized under legal terms, for the purpose of executing the digital protection service, seeking to anonymize data whenever possible.

II. COOKIES 

Some of our websites, products and services may use "cookies". Cookies are text files generated by your browser that are placed on your computer's hard drive when you access certain websites. 

Cookies help to inform you whether or not you have visited the site before, it helps to identify resources in which you may be most interested, filling out data in forms, saving passwords and preferences, improving the online experience. When required by law, you can visit our websites and refuse the use of cookies at any time on your computer.

III. USER’S SAFETY OBLIGATION

UPX uses security systems, rules and other procedures to ensure the protection of personal data, as well as to prevent unauthorized access to data, improper use, disclosure, loss or destruction. However, despite UPX's best efforts, it is the duty of each user to ensure and ensure that their computer is adequately protected against harmful software, such as viruses, spyware, adware, unauthorized remote access, among other activities and programs malicious in the digital environment.

In addition, you should be aware that, without the adoption of adequate security measures (for example, the secure configuration of your browser, use of updated antivirus software, “firewall”, non-use of software of illegal or doubtful origin), the risk of personal data and passwords being accessed by third parties, without authorization to do so, is considerably higher.

It is also advised that whenever data is provided on open and public networks, such as the Internet, your data may circulate without security conditions, with the risk of being seen and used by unauthorized third parties. So, follow the basic rules of digital security, keeping your computer and your data safe.

Some services may be used to monitor and collect specific data from the user or from third parties, such as the BGP Monitor or Vedatta services, which perform the monitoring, p. eg, expectations of your ads, ASN, IP prefixes and traffic providers, credit cards, CPF, CNPJ, among others. In such cases, the user declares that he is authorized, under the terms of the American or Brazilian legislation, depending on the territory of use and owner of the monitored data, for the monitoring or search of own or third party data, exempting UPX from any and all responsibility or indemnification in case of data collection without third party authorization.

IV. RIGHTS OF PERSONAL DATA HOLDERS – BRAZILIAN`S USERS

Personal data is all information related to the identified or identifiable natural person. Brazilian Law nº 13,709 / 2018, which protects the use and treatment of personal data, will still be regulated by brazilian government authorities, but UPX values ​​the transparency and digital security of its customers, observing the good standards of practice in information security.

The data will only be used for the specific purposes of access and use of users to the products and services offered and their contracting. The holder of personal data has the right to request the correction and updating of his data, as well as to ask about its use and treatment and to cancel his consent. With provision for entry into force as of August 2020, Law nº. 13,709 / 2018, for all brazilian users, establishes in its art. 18 the following rights (transcription in Brazilian Portuguese):

Art. 18. O titular dos dados pessoais tem direito a obter do controlador, em relação aos dados do titular por ele tratados, a qualquer momento e mediante requisição:
I - confirmação da existência de tratamento;
II - acesso aos dados;
III - correção de dados incompletos, inexatos ou desatualizados;
IV - anonimização, bloqueio ou eliminação de dados desnecessários, excessivos ou tratados em desconformidade com o disposto nesta Lei;
V - portabilidade dos dados a outro fornecedor de serviço ou produto, mediante requisição expressa e observados os segredos comercial e industrial, de acordo com a regulamentação do órgão controlador;
V - portabilidade dos dados a outro fornecedor de serviço ou produto, mediante requisição expressa, de acordo com a regulamentação da autoridade nacional, observados os segredos comercial e industrial;               (Redação dada pela Lei nº 13.853, de 2019)
VI - eliminação dos dados pessoais tratados com o consentimento do titular, exceto nas hipóteses previstas no art. 16 desta Lei;
VII - informação das entidades públicas e privadas com as quais o controlador realizou uso compartilhado de dados;
VIII - informação sobre a possibilidade de não fornecer consentimento e sobre as consequências da negativa;
IX - revogação do consentimento, nos termos do § 5º do art. 8º desta Lei.
§ 1º O titular dos dados pessoais tem o direito de peticionar em relação aos seus dados contra o controlador perante a autoridade nacional.
§ 2º O titular pode opor-se a tratamento realizado com fundamento em uma das hipóteses de dispensa de consentimento, em caso de descumprimento ao disposto nesta Lei.
§ 3º Os direitos previstos neste artigo serão exercidos mediante requerimento expresso do titular ou de representante legalmente constituído, a agente de tratamento.
§ 4º Em caso de impossibilidade de adoção imediata da providência de que trata o § 3º deste artigo, o controlador enviará ao titular resposta em que poderá:
I - comunicar que não é agente de tratamento dos dados e indicar, sempre que possível, o agente; ou
II - indicar as razões de fato ou de direito que impedem a adoção imediata da providência.
§ 5º O requerimento referido no § 3º deste artigo será atendido sem custos para o titular, nos prazos e nos termos previstos em regulamento.
§ 6º O responsável deverá informar de maneira imediata aos agentes de tratamento com os quais tenha realizado uso compartilhado de dados a correção, a eliminação, a anonimização ou o bloqueio dos dados, para que repitam idêntico procedimento.(Redação dada pela Lei nº 13.853, de 2019)
§ 7º A portabilidade dos dados pessoais a que se refere o inciso V do caput deste artigo não inclui dados que já tenham sido anonimizados pelo controlador.
§ 8º O direito a que se refere o § 1º deste artigo também poderá ser exercido perante os organismos de defesa do consumidor.

If it is necessary to provide information on minors, they can only be provided with express parental consent, and UPX does not promote or market its products and services to minors.

V. DISSEMINATION AND TRANSFER OF PERSONAL DATA

When providing our services for the benefit of our customers or between our branches, we may process personal data on behalf of a Controller (whether a customer or any other UPX branch or unit) primarily for the effective operation, management, performance and delivery of our services and products in Brazil and internationally.

The personal data processed will be treated in an appropriate, relevant and limited to what is necessary for the purposes for which they will be processed. Personal data will only be shared with relevant personnel within the companies of the UPX Group, including UPX US LLC, or with duly authorized employees, contracted or subcontracted, in order to guarantee the execution and quality of the services and products offered, guaranteeing their operability commercial and technical.

In accordance with Brazilian, American and European legislation on the protection of personal data, the international transfer of personal data will only be carried out to countries that guarantee an adequate level of protection. If international data transfer is necessary for a country that does not yet meet the European and Brazilian standards for the protection of personal data, due to the need to execute the contracted product or service, UPX will inform the client and provide additional protection so that the transferred data remains adequately secure.

UPX may eventually be required to disclose personal data to regulatory authorities, Court order, agencies or other governmental entities, in administrative or judicial proceedings, and will only do so when there is a clear legal requirement, court order or to defend rights, interests and property of UPX and related third parties, especially its customers, always seeking to protect the privacy and confidentiality of third party data in their custody at all times. Except for the above, we will not share your personal data unless you request or have prior approval for sharing.

VI. UPDATE OF PRIVACY POLICY

The PRIVACY POLICY may be changed at any time, at UPX's discretion and in accordance with any legal changes and / or judicial and administrative requirements. When the change occurs, customers will be informed by email or on the access panel to products and services. For brazilian’s user (after Brazilian Law nº 13,709/18 entry into force), when the Privacy Policy is changed, the holder of personal data must express his express consent through the client’s panel.

VII. DATA CONTROLLER IDENTIFICATION AND SERVICE CHANNELS

All of our products and services are provided by UPX TECNOLOGIA LTDA, with address at Rua Guapuruvu, nº 200, Sala 02, CEP 13.098-322, ALPHAVILLE CAMPINAS, CAMPINAS-SP, Brazil, registered with CNPJ / MF under no. 08.184.140 / 0001-79, telephone +55 (19) 3368-0609, contato@upx.com and UPX US LLC, headquartered at UPX US LLC 318, Atlantic Isle, Sunny Isle Beach, 33160 - FL - USA, contact@upx.com. The data reported above (UPX TECNOLOGIA LTDA) also refer to the Personal Data Controller (“Data Protection Officer”), for the purposes of Brazilian Law No. 13,709 / 2018 (LGPD - General Data Protection Law), effective for August 2020.

The holder of personal data may contact UPX in his Customer Service through the following channels: e-mails dpo@upx.com and contact@upx.com, telephone +55 (19) 3368-0609.