PRIVACY POLICY
The Mundo Mapping platform, a private legal entity, registered with CNPJ 50.129.520/0001-77, headquartered at Rua Laplace, 96 – 1 Andar – Brooklin Paulista – in the city of São Paulo, State of São Paulo, in order to comply with the determinations of Law No. 13,709/2018, known as the General Data Protection Law (LGPD), Law 12,965/2014 (Civil Rights Framework for the Internet, in order to comply with the determinations of Law No. 13,709/2018 (General Data Protection Law – LGPD) and Law 12,965/2014 (Civil Rights Framework for the Internet), in addition to reinforcing the trust of our customers, providers, suppliers, hereby establishes its Privacy Policy, which will govern the collection, storage, disposal, in short, all processing of personal data within our Platform.
This Privacy Policy applies to all individuals who, in any way, have their personal data processed by the Mundo Mapping Platform (hereinafter referred to simply as “Holders”), whether on its website, in the services provided by it, as well as in the pre-registration and complete registration documents for its events, from registration to the application for a vacancy in our staff, and the offer of products and provision of services.
We recommend a careful analysis of the provisions presented below, making ourselves available from now on for any clarifications that may be necessary for their perfect interpretation.
1. Who We Are
MUNDO MAPPING (“MAPPING”, “We”) is a platform that connects brands and opinion leaders, with the aim of forming strong and meaningful partnerships for the production of interesting and efficient advertising content.
To do this, we need to collect some personal data from registered opinion leaders, always seeking to bring together people whose profile is close to each other.
2. Personal Data
Personal data is any and all information related to an identified or identifiable natural person (article 5, item I, of the LGPD). In other words, it is any information that allows you to identify, connect to a natural person, such as, for example, name, RG number, CPF number, date of birth, bank information, telephone number, proof of address, among others.
Sensitive personal data, in turn, is all information of racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data related to health or sex life, genetic or biometric data, when linked to a natural person (article 5, item II, of the LGPD).
3. Processing of Personal Data
The processing of personal data consists of any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation, control, modification, communication, transfer, dissemination or extraction of information (article 5, item X, of the LGPD).
Processing will only be carried out when we have a legal basis for it. Legal bases include: consent (e.g., when you give your consent); contract (for example, where the processing is necessary to enter into or perform a contract with you); the fulfilment of a legal or regulatory obligation by us, as controllers, or by the controller, where we are operators; exercise of our rights; and our legitimate interests as controllers, or the legitimate interests of the controller or third parties, when we are operators, in accordance with applicable law.
In cases where the processing of your personal data is carried out solely on the basis of your consent, you have the right to withdraw your consent at any time, which will not affect the lawfulness of the processing based on your consent before the revocation; or the lawfulness of the processing based on other legal hypotheses.
We may process your personal data on the basis of legitimate interests, provided that your fundamental rights and freedoms prevail. If applicable, we will process your personal data based on our legitimate interest to ensure the quality and continuity of our services, to improve them, as well as to support, carry out and promote our activities.
The processing of sensitive personal data, in turn, can only occur, under the terms of article 11 of the General Data Protection Law, only when the holder or his/her legal guardian consents, in a specific and staked manner, for specific purposes.
The only exceptions in which the consent of the holders is not required will be for:
(i) compliance with a legal or regulatory obligation by the Mundo Mapping platform;
(ii) shared processing of data necessary for the execution, by the public administration, of public policies provided for in laws or regulations;
(iii) conducting studies by a research body, ensuring, whenever possible, the anonymization of sensitive personal data;
(iv) regular exercise of rights, including in contracts and in judicial, administrative and arbitration proceedings, the latter under the terms of Law No. 9,307, of September 23, 1996 (Arbitration Law);
(v) protection of the life or physical safety of the holder or third parties;
(vi) health protection, exclusively, in a procedure performed by health professionals, health services or health authority;
(vii) guarantee of fraud prevention and security of the data subject, in the processes of identification and authentication of registration in electronic systems, safeguarding the rights of the data subjects and except in the case of the fundamental rights and freedoms of the data subject that require the protection of personal data.
The General Data Protection Law also prohibits the communication or shared use between controllers of sensitive personal data related to health with the aim of obtaining economic advantage.
The only exception to this rule consists of cases relating to the provision of health services, pharmaceutical services and health care, including auxiliary diagnostic and therapeutic services, for the benefit of the interests of the data subjects, and to allow: a) data portability when requested by the data subject; or b) the financial and administrative transactions resulting from the use and provision of the services referred to in this paragraph.
In other words, we are prohibited by law from sharing your sensitive personal data directly with third parties without your express authorization to do so.
4. Type of Personal Data Collected in Pre-Registration and Purpose
To achieve the purposes mentioned above, we will use the following personal data, pursuant to article 7, item VI, of the General Data Protection Law
PERSONAL DATA USED | PURPOSE |
Pre-registration data: Social network, user, number of followers | Screening of influencers according to social network and number of followers. Confirmation if the person is really an influencer according to the Mapping metrics. |
Pre-registration data, full name, e-mail, password creation, date of birth, gender, zip code, city, state and telephone numbers. | Refinement of the information provided during pre-registration. It is at this stage that the influencer will detail their full name and date of birth, to verify that they are over 18 years old, gender, city and state, as well as telephone numbers for contact and notice of approved pre-registration. |
Complete Registration – Full name, date of birth, CPF, gender, race/ethnicity, email, complete address with: city, neighborhood, state and zip code. Profile picture, social network, social network profile, number of followers, engagement rate, niche, in addition to complete audience data and follower audience profile. Bank details. | Complementation of registration data in order to present to brands and companies the profile of the influencer and the quality of proof of their audience. Bank details for later use to pay for campaigns. |
Full name, CPF, date of birth, contact email | Legal obligation to register the responsible person in case of a user under 18 years of age. |
4.1 Source of Personal Data
Mundo MAPPING can obtain your data in the following ways:
Social networks: We may obtain your personal data through your social networks, when publicly available by yourself.
Direct contact: We may have obtained your personal data through direct contact with you, through one of our employees, at events or other similar occasions and opportunities.
4.2 Storage Time
The data of the pre-registered not approved – will be stored for up to 12 (twelve months). The data of the approved registrants will be stored as long as the term of use contract persists, with a fixed term prepared between the parties and for another 5 (five) years after the end of the procedures and contractual obligations, with a view to complying with a legal obligation, under the terms of article 7, item II, of the General Data Protection Law.
As a rule, we will collect such personal data when you provide it to us or authorize us to obtain it from third parties. We will also be able to obtain them independently, when the information is publicized.
Your personal data will be processed and stored for as long as necessary to carry out the purposes for which the personal data was collected, in accordance with the storage periods required by applicable law or until you revoke the consent given for the processing/storage of your personal data, as applicable.
5. Processing and Security of Personal Data
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your personal data against loss, misuse, unauthorized access, disclosure, and alteration.
All personal data is securely stored in MUNDO’s software and cloud systems. To do this, we use security measures such as firewalls, data encryption, physical access controls to our data centers, and information access authorization controls.
Your data will be stored for a maximum period of 5 (five) years, after which it will be anonymized and deleted from our systems. That is, we will use reasonable technical means available at the time of processing, through which the data will lose the possibility of direct or indirect association with an individual and, subsequently, will be excluded from our database (article 5, items XI and XIV, of the LGPD).
6. Rights of the Personal Data Subject
The holders of personal data shall have the following rights: (a) to information, to be provided by means of a report, to confirm the existence of data processing, (b) to access their personal data, (c) to correct incomplete, inaccurate or outdated data, (d) to anonymize, block or delete data that is unnecessary, excessive or processed in non-compliance with the provisions of the LGPD, (e) the portability of the data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets, (f) the deletion of personal data processed with your consent, except in the cases provided for in this Policy and in article 16 of the LGPD, (g) the information, to be provided by public authorities and companies/individuals with whom the firm has shared the data, (h) information about the possibility of not providing consent and the consequences of refusal, and (i) revoking their consent, pursuant to paragraph 5 of article 8 of the LGPD.
The exercise of any of these rights will not affect the lawfulness of any data processing carried out prior to the exercise of such right.
To obtain this information, simply fill out a simple form, which will contain the request for the informative report, its justification and the identification of the data subject. The form will be made available physically and/or through a request made by e-mail contato@mundomapping.com.
After filling out the form, the report will be sent to the holder via e-mail or delivered printed by scheduling a legal consultation at our headquarters.
7. Children and Adolescents
As a rule, we do not process personal data of children (under 12 years old) or adolescents (people between 12 and 18 years old), except when there is a medical request to this effect and the consent of at least one of the parents or guardians.
8. Cookies and Other Tracking Technologies
Cookies are text files placed on your computer or device to collect standard Internet log information and visitors’ use of our website, and to compile statistical reports on website activities.
When you visit our website, we and our business partners and suppliers may use cookies and other tracking technologies to recognize you as a user and personalize your online experience, the services you use, and other online content, as well as to measure the effectiveness of our postings, conduct analytics, mitigate risk, prevent potential fraud, and promote trust and safety on our website.
We may use cookies to distinguish you from other users of our website and services. This helps us to provide you with a good experience when browsing our website or using our services, as well as allowing us to improve them.
As a rule, we will use Google Analytics, a free tool for websites that collects and aggregates anonymized data from visitors, offering access reports, such as the origin of traffic, pages browsed, time of stay, among others.
You can set your browser or device not to accept cookies. However, in some cases, some websites and/or features of our website may not function as a result of this. Some browsers provide settings that allow you to control or reject cookies or include alerts for when a cookie is placed on your computer.
The procedure for managing cookies is different for each internet browser, and you can check the specific steps in the help menu of the browser you are using. You can also reset device identifiers by enabling the appropriate setting on your mobile device.
The procedure for managing identifiers is also different for each device, and you can check the specific steps in the help menu or settings of the device you are using.
9. Third-Party Websites
Our website may, from time to time, contain links to third-party websites that are not controlled by us. If you visit these websites or use the services made available on them, please remember that this Policy does not apply to data processing by third parties, and we recommend that you carefully review how these third parties process personal data before using their websites, applications, or services.
10. Sharing of Personal Data and Contracting with Third Parties
The sharing of personal data with third parties is restricted to companies that help us maintain the operation of our structures. This means that no data is shared deliberately, but merely occasionally because it is contained in third-party systems and software.
However, as MAPPING’s goal is to connect brands and opinion leaders, other users of the platform will be able to access the data you make public, precisely as a way to allow them to get to know your profile and make interesting connections for you.
Whenever possible, in these cases, we will enter into a data processing agreement with the third-party suppliers and/or service providers who have access to your personal data, so that these third parties guarantee a level of data protection compatible with that provided for in this Policy.
In addition, your personal data may occasionally be transferred abroad within the scope of the processing purposes described in this Policy, in accordance with applicable law, with the adoption of all appropriate safeguards and security measures to ensure an adequate level of security and data protection.
We will only transfer your personal data internationally to countries that provide a level of protection for personal data adequate to that provided by applicable law, or based on your consent, a contract with you, or compliance with a legal obligation. Among other cases of international data transfer, the software and applications (all with a very high degree of security) used by us may also eventually store data outside Brazil.
11. Changes to this Policy
A MAPPING. is committed to constantly seeking to improve and develop its services and website, so we may change this Policy from time to time. We will not reduce your rights under this Policy or applicable laws. In the event of significant changes, we will notify you via the contact details provided, if required by applicable law. In any case, we recommend that you periodically review this Policy to stay up to date on any changes.