Privacy Policy
1 – INTRODUCTION AND OBJECTIVE
The privacy notice is an explanatory text about the corporation’s privacy policy, available on the website the user is visiting. Its purpose is to be transparent about the organization’s activities regarding the processing of personal data.
2 – SCOPE OF APPLICATION
a – This notice applies to the TSEA corporate website.
3 – DEFINITIONS AND ACRONYMS
a – LGPD – General Data Protection Law.
4 – RELATED PROCEDURES AND DOCUMENTS
Inserting the notice on the corporate page.
TSEA ENERGIA GENERAL NOTICE ON PRIVACY AND DATA PROTECTION
Transformadores e Servicos de Energia das Americas SA (TSEA Energia), a private legal entity registered with the CNPJ under number 08.870.769/0001-72, with headquarters at Rodovia Fernão Dias, 3045 CEP. 32240-090 – Contagem – MG – Brazil, publishes this Privacy and Personal Data Protection Notice (“Notice”) to provide relevant information regarding the protection of the personal data of the data subjects with whom it interacts.
If you have any questions about the terms used in this General Privacy Notice, please consult the table below:
| Personal data | Information relating to a natural person, directly or indirectly, identified or identifiable. |
| Sensitive personal data | Personal data concerning racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when linked to a natural person. |
| Database | A structured set of personal data, established in one or more locations, in electronic or physical format. |
| Cookies | These are files or information that may be stored on your devices when you visit the Organization’s websites or use its online services. |
| Holder | Natural person to whom the personal data refers, such as former, current or potential clients, employees, contractors, business partners and third parties. |
| Controller | A natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data. |
| Operator | A natural or legal person, governed by public or private law, who processes personal data on behalf of the controller. |
| Data Protection Officer | Person designated by the controller to act as a communication channel between the controller, the “Data Subject” and the National Data Protection Authority. |
| Treatment agents | The controller and the operator. |
| Treatment | Any operation performed with personal data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction. |
| Anonymization | Use of reasonable and available technical means at the time of processing, by which data loses the possibility of direct or indirect association with an individual. |
| Consent | A free, informed, and unequivocal expression of consent by which the data subject agrees to the processing of their personal data for a specific purpose. |
| Sharing | Communication, dissemination, international transfer, interconnection of personal data or shared processing of personal databases by public bodies and entities in the performance of their legal duties, or between these and private entities, reciprocally, with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities. |
| Personal Data Protection Impact Assessment (PDI) Report | Documentation from the data controller containing a description of the personal data processing activities that may generate risks to civil liberties and fundamental rights, as well as measures, safeguards, and risk mitigation mechanisms. |
| National Data Protection Authority (ANPD) | The body responsible for ensuring, implementing, and overseeing compliance with personal data protection legislation. |
Personal data we process
The General Data Protection Law (Law 13.709/2018) defines personal data as data relating to an identified or identifiable natural person. A special classification of personal data is sensitive personal data, represented by health, genetic, biometric data, among others established by law. Such data deserve special attention, as the violation of its protection represents a risk to the fundamental rights and freedoms of the holders of personal data.
We currently carry out data processing activities that may include the following categories of personal data:
- Registration data of legal representatives of clients and service providers: full name, address, date of birth, telephone number, occupation, ID number, CPF (Brazilian tax identification number), email address, signature of the account holder, and similar data;
- Employee registration data: full name, full address, date of birth, telephone number, ID card number, CPF (Brazilian tax identification number), CTPS number (Brazilian work and social security card number), PIS (Brazilian social security number), email address, employee signature, driver’s license number, bank details and similar data;
- Data for fraud prevention and ensuring the security of the data subject: full name of the mother or father and similar data;
- Financial data: payment data, bank information, credit card information, data from the Brazilian credit information system and similar data;
- Browsing data: IP address, MAC address, username and manufacturer/model of the device used, browsing history, type of browser used, operating system used and similar data;
- Online behavioral data: interactions with our websites and applications through cookies stored on the user’s device and similar data;
- Security data: Images, videos, voice recordings, and similar data.
Sensitive personal data of employees:
- Health data: signs, symptoms, illnesses, diseases, medical certificate results, laboratory tests (toxicological tests and other necessary tests), medical diagnoses, progress of health treatments;
- Union membership information: full name, ID number, CPF (Brazilian tax identification number), professional registration number, and similar data.
How do we use your personal data?
The processing of personal data is carried out in full compliance with the principles of privacy and protection of personal data to the fullest extent.
- All personal data processing activities that we carry out have a specific, legitimate, explicit purpose, informed to the data subject, and are fully adequate to the purposes for which they are intended, according to the context of the processing;
- The personal data processed is the minimum necessary for the purpose of the processing, and the data subjects have free access to the processing activities and to all of their personal data;
- Our organization guarantees data subjects transparency regarding our use of personal data, safeguarding trade secrets, and the quality of this data in terms of its accuracy, relevance, and updating according to the need and for the fulfillment of the purpose of the processing, ensuring the data subject the right to rectification of personal data at any time;
- Data subjects will be assured of information security measures and measures to prevent damage from occurring as a result of the processing of personal data, within reasonable limits of what is required and foreseeable.
- We guarantee good faith and non-discrimination, and we do not engage in any treatment activities with illicit or abusive discriminatory purposes.
- We carry out personal data processing activities diligently, with accountability and transparency, in order to demonstrate our observance and compliance with the legal principles and obligations for the protection of personal data.
What personal data processing activities do we carry out and what are their purposes?
We carry out the following activities involving the processing of personal data and sensitive personal data for the purposes described:
For the provision of commercial services
- Collection, reception, communication and access of registration data, biometric data and similar data;
For the execution of an employment contract.
To guarantee the security of the account holder and prevent fraud.
- Collection, storage, archiving, analysis, classification and control of navigation data and navigation and biometric data.
For relationships and communication.
- Collection, reception, storage, communication, access and use of registration data.
To guarantee the organization’s security.
- Collection, storage, archiving, use, access, analysis, classification, control, transfer, communication and reproduction of registration, financial and security data.
To guarantee the quality of customer service.
- Collection, storage, archiving, use, access, analysis, classification, control, processing and communication of registration data.
For compliance with court orders; the regular exercise of rights in judicial, administrative, or arbitration proceedings; supervisory and investigative procedures; and legal or regulatory obligations.
- Collection, reception, storage, archiving, use, access, analysis, classification, control, processing, transfer, extraction and communication of all categories of personal data and sensitive personal data that are minimally necessary and strictly relevant to this purpose.
What information protection and security measures are used?
We utilize technical, physical, procedural, and technological resources to promote and guarantee the security of personal data against potential data protection incidents related to unauthorized disclosure, loss, or unavailability.
For how long is personal data processed by the organization?
Personal data is processed within the organization in accordance with our personal data retention and disposal policy. This policy observes the principles of personal data protection and the legal authorizations stipulated by law. Therefore, the storage period for personal data may be determined according to the consent of the data subject or as stipulated by law, depending on the appropriate legal basis, the category of personal data, the processing activity, and its purpose.
Once the purpose of processing your personal data has been achieved and the storage period has expired, the personal data will be deleted or anonymized, in which case it will remain stored (anonymized) for the exclusive purposes of our organization.
With whom is personal data shared?
We share personal data with legal entities outside the organization in accordance with the purpose, authorization, and legal obligation, as stipulated in the General Data Protection Law. These are:
- State bodies, regulatory agencies and other legal entities: all personal data and sensitive personal data necessary for compliance with court orders; regular exercise of rights in judicial, administrative or arbitration proceedings; supervisory and investigative requests; and legal or regulatory obligations;
- Supplementary health insurance providers: personal registration data and sensitive personal health data of employees;
- Health clinics: personal registration data of employees.
- Benefits providers: employee registration personal data.
- Information technology companies: personal registration data, fraud prevention and security guarantee for the data subject, and sensitive personal health, genetic or biometric data for storage in a public cloud within Brazilian territory, in the regular exercise of rights stipulated in a contract;
- Other service providers: personal registration data for the purposes of marketing, promotion, ensuring the quality of services provided, solving technical and/or security problems, communicating with the data subject, and analyzing data to improve customer service and our services, observing our legitimate interests as data controllers.
Rights of the Data Subject
The holder of personal data has rights relating to privacy and the protection of their personal data in accordance with the provisions of the General Data Protection Law, especially in its article 18. Some of the rights conferred on the holder are:
- Right to confirmation of the existence of treatment.
- Right of access to data.
- Right to correct incomplete, inaccurate, or outdated data.
- Right to anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data.
The data subject may make any request regarding their rights via email at privacidade@tseaenergia.com.br.
Use of Cookies and Tracking Technologies
Cookies are files or pieces of information that may be stored on your devices when you visit the TSEA website or use its online services.
TSEA uses cookies to facilitate use and better adapt its pages to the interests and needs of Data Subjects, storing user preferences without processing personal data.
Our Cookie Notice is available at the following address: www.tseaenergia.com.br/aviso-de-cookies.
User-deleted cookies
It is possible to disable the automatic collection of information through certain technologies, such as cookies and caches, on any website, via your internet browser settings.
General Provisions
The following general provisions apply:
- TSEA is not responsible for the accuracy, truthfulness, or lack thereof, of the information you provide, or for its being outdated, or for the documents you submit; you are responsible for providing accurate information or keeping it up-to-date.
- Once on our digital services page, you may be directed via link to portals or other platforms that may collect your information and have their own Privacy Notice, which you may accept or reject.
This General Notice of Privacy and Personal Data Protection may be changed.
This General Notice of Privacy and Protection of Personal Data will be updated when:
- We may modify any relevant element in our Privacy and Personal Data Protection Policy;
- We may include, delete, or modify any personal data processing activity;
- New personal data of any category are added to the personal data processing activities.
Whenever there is any modification to this notice, it will be communicated at this address on our website. The modifications will take effect as soon as they are published here and will never prevent the exercise of the rights of the holders as provided by law.
Our contact details
Data Protection Officer:
- Name: José Antonio Negro
- Email: privacy@tseaenergia.com.br
The Data Protection Officer (DPO) will act as a communication channel between TSEA, the Data Subjects, and the National Data Protection Authority (ANPD).
- CHANGE CONTROL
| Version Number | Date | Change |
| 01 | 19/06/2023 | Drafting the document. |