|
Search:
linha
Privacy Policy
Home / Privacy Policy

DEFINITIONS

 

Data: Relates to any information that, either directly or indirectly, allows the identification of a natural person ("Holder"), such as: name, identification number, own telephone number, date of birth, address of residence, electronic identifiers, including IP, etc.

 

Holder: Means any individual, including employees, customers, suppliers, residents in Brazil or in the European Union with whom the Company relates to.

 

PURPOSE

 

The Personal Data Privacy Policy is designed to present the management of personal data that natural persons ("Holders"), with whom MINASLIGAS relates to, provide. MINASLIGAS, within

the framework of the provision of its services, needs to gather some personal data of the Holders so that the commercial interactions can be established and even so that the legal obligations imposed by the Brazilian legislation can be fulfilled.

Therefore, this Policy is aimed to clarify the Owners, whose Data is processed, how such data may be used, to whom this Data may be presented and how it will be protected.

The systems MINASLIGAS uses during the fulfillment of its activities, the filling of any forms requested by MINASLIGAS and the provision of data, either directly or indirectly, imply the knowledge and acceptance of the conditions of this policy and of any other term, related to data protection and privacy. By providing his/her personal data, the Owner authorizes MINASLIGAS to gather, process, use, and disclose his/her data in accordance with the rules set forth in this Policy.

 

DATA USE

 

Data processed by MINASLIGAS shall only be used provided that it complies with the rules established in this Personal Data Privacy Policy, in Regulation (EU) 679/2016 of the European Parliament and Council, of April 27th, 2016, as well as in the Brazilian legislation. MINASLIGAS, whilst dealing with the data, seeks to respect the best practices in terms of security and data protection, promoting actions and improving systems to provide for the protection of the data the Owners provide. All data is processed by MINASLIGAS in strict compliance with the applicable legislation, being treated in specific databases, created for each purpose.

 

CATEGORIES OF PERSONAL DATA AND RELATED PURPOSE OF TREATMENT

 

MINASLIGAS gathers and treats the Data necessary for the manufacture of its products, its commercialization, as well as for activities related to the registration of its employees. In this sense, the following data is treated:

 

Category of personal data

Personal data

Aimed to

Employee registration

Name, address, salary, personal documents, labor, social security, health and safety information.

Employee registration: Name, address, salary, personal documents, labor, social security, health and safety information.

Enable the execution of Human Resources activities, as well as the activities related to the generation of the payroll and the transmission of information determined by legislation, to the competent authorities.

Commercial

Name, email, telephone number, job position and address

Allow, through the Holder, the commercial relationship with the client, including, but not limited to, the contact to offer products.

Suppliers

Name, email, telephone number, job position and address

Name, email, telephone number, job position and address of the suppliers to allow the relationship with them, through the Owner, including, but not limited to, the contact for the acquisition of supplies.

 

  

MINASLIGAS may also receive information from the Owner through its commercial partners, government agencies and the registration through its website, in the contact pages, where there is a term authorizing MINASLIGAS to use the internally received information. If necessary, MINASLIGAS may share the data with partners or with third parties acting on their behalf.

 

PERSONAL DATA MAINTENANCE

 

The period of time during which data is stored, varies according to the purpose for which information is used, in accordance with the current legislation.

 

DATA HOLDERS’ RIGHTS

 

By virtue of the applicable legislation, the Holder may request, at all times:

a) access to his/her data;

b) rectification, elimination or limitation of the processing of his/her data provided that it does not impair MINASLIGAS systems’ operations;

c) the portability of his/her data;

d) opposition to the processing of his/her Data (except for the data required by legislation);

e) the confirmation of which data that concerns him/her is subject to treatment;

f) the copy of the data subject to treatment by MINASLIGAS. The described above requests must be routed to one of the channels indicated in CONTACT US. By virtue of the law, the Holder is guaranteed the right to, sending an email, withdraw his/her consent for the processing of the data. The Holder has the right to withdraw his/her consent at any time, which does not invalidate, however, the treatment carried out until that date, based on the previously given consent.

 

USERS OF THE COMPANY SYSTEMS (EMPLOYEES)

 

This policy of personal data protection fully applies to all Holders and must be observed by all Company’s employees. All the employees will sign the "Term of Commitment", by means of which they confirm they have read and know all the contents of this Policy, committing to watch over its application and observance. The access to systems that contain data will be restricted to employees who depend on them to perform their tasks, through rigid control that identifies the authorized users. Thus, access to the system will be assigned according to the user's profile, and there may be restricted access to certain files due to the position occupied by the employees. Access to the systems will be controlled by the IT area and will be under the supervision of the Information Technology Manager, who will be responsible for assigning passwords for access to the network. Access to the system will only be allowed through login and password, whose nature is personal and non-transferable. In the case of data breach, as well as the inadequate treatment thereof, the employee must contact the Information Technology Manager, whose contact information is described in CONTACT US.

 

SECURITY MEASURES ADOPTED BY THE COMPANY

 

The Company is committed to ensure the confidentiality, protection and security of the personal data of its Owners, applying appropriate technical and organizational measures for data protection against any form of improper or illegitimate treatment and against any accidental data loss or destruction. The Company owns systems and equipment designed to guarantee data security, creating and updating procedures that prevent unauthorized access, accidental loss and/or destruction of personal data, undertaking to respect the legislation regarding the protection of Holders’ personal data and treat this data only for the purposes for which it has been gathered, as well as to ensure that data is treated with adequate levels of security and confidentiality. In this area, the Company appointed a person responsible for data protection, the Information Technology Manager, to monitor the compliance with the applicable policies and regulations regarding the protection of personal data. In some situations, the Company may transmit the data of the Holders to the competent authorities, since that it is provided for in the legislation or is determined by the competent authority.

 

RISK MANAGEMENT OF DATA PRIVACY - OPERATIONAL RISK

 

The Company adopts a contingency plan to guide the behavior of its employees in the case of data breach, inadequate treatment and violation of its systems by hackers. Human failure, although inevitable, is mitigated through the adoption of manuals and internal policies aiming at the behavior guidance of the employees in the performance of the activities together with the Company, aiming to prevent them from treating the Data in an inadequate manner and/or perform data leakage. System invasion by hackers is mitigated through firewalls and antivirus. It is the responsibility of the Information Technology Manager to monitor this behavior and, should any infraction be identified, it must be brought to the Board, so that the appropriate measures are adopted.

 

 

DATA RISK MANAGEMENT

 

The Company produces and markets silicon and its related alloys and exports its products to several countries worldwide. However, risk limits are related to the treatment of the data of clients’, suppliers’ and associates’ representatives, during the development of their activities, as well as in the treatment of the data of the employees who come to live in Brazil, or those who go to live in the European Union.

 

MAIN RISKS INHERENT TO MANAGEMENT

 

RISK OF DATA LEAKAGE

 

It consists of the risk of data leakage by the Company's employees and/or invasion of the systems used by the Company. The risk of leakage must be mitigated by means of periodic security tests, the adoption of the login and password for each employee, the use of firewall and antivirus systems and the control of access to documents.

 

RISK OF DATA INAPPROPRIATE USE

 

It consists of the use of the data by the Company’s employees for purposes other than those envisaged. This risk can be mitigated by adopting profiles of access to the systems the Company uses, training its employees at the time they are admitted to the Company, periodic training of employees, presentation of the privacy policy of personal data to all employees and application of sanctions in case of legislation violations.

 

RISK OF DATA STORAGE

 

It consists of the storage of data by the Company for a period longer than necessary and/or required by legislation. This risk can be mitigated by constantly reviewing the information stored by the IT team and/or another company hired by the Company.

 

RISK MANAGEMENT AND OPPORTUNITIES SPREADSHEET

 

MINASLIGAS maintains, within the integrated management system, a procedure related to risk management in accordance with document P-8.5.5.3 - Risk and opportunity management. The Information Technology Manager will carry out a systematic analysis in the spreadsheet P-8.5.5.3 – Exhibit GR - Management of IT risks and opportunities, updating the data, periodically.

 

CONTACT US

 

The Holder may contact MINASLIGAS to obtain more information regarding the processing of his/her personal data, as well as any other matter related to the exercise of the rights attributed to them by the applicable legislation and, in particular, those mentioned in this Policy, through the following channels:

Email: minasligas@minasligas.com.br

Address: Rua Maria Luiza Santiago, n ° 200 - 20th floor - Belo Horizonte - MG - Brazil

Phone: +55 31-3261-9519

Intranet: https: //minasligas.sharepoint.com/ti/Paginas/default.aspxbr

MINASLIGAS website: www.minasligas.com.br

 

AMENDMENTS TO THE PERSONAL DATA PROTECTION POLICY

 

The Company reserves the right, at any time, to alter or update this Policy; being such changes duly updated in our integrated management system standards.

 

voltar
topo
linha
Copyright MINASLIGAS - 2015 - Todos os direitos reservados.
Rua Maria Luiza Santiago, 200 | 20º andar | Bairro Santa Lcia | CEP: 30360-740 | BH | MG | Brasil | Edifcio Century Tower
Contato: (31) 3261-8666 / Fax: (31) 3261-8789