Data Privacy Policy – mostID

Scope of Provisions

This MOST Privacy Policy (“Policy”) deals with the personal data of users, partners and customers of MOST – MOBILE SOLUTION TECHNOLOGY LTDA., processed in the performance of its activities and processing of the mostID Solution, available at https: // www.mostid.net , as well as other data collected, among others.

Goals

Objectively and clearly demonstrate our commitments to the privacy of Personal Data, clarifying to everyone who has a relationship with MOST what personal data we process, the reasons why we collect and use it, and with whom we share it, always aiming to security, transparency and efficiency in MOST’s activities. It is also our objective to explain the respective rights in relation to the personal data processed by MOST, as well as to indicate the responsibilities of the processing agents involved.

Any Holder of personal data may, in case of any doubts or concerns, contact us through the electronic address dpo@most.com.br .

In case of disagreement with the terms of this Policy, we emphasize the freedom given to everyone to decide whether or not they intend to relate to MOST, and may even, in specific cases and at their sole discretion, choose not to share certain optional data, which , on the other hand, may result in the impossibility of maintaining the commercial relationship with MOST.

1. Definitions

As defined in the General Data Protection Law (“Law n.º 13.709/18” or “LGPD”) the following definitions are valid:

  • Personal Data:  refers to any information or data, uniquely related to a natural person (a human being considered as a subject of rights and obligations) hereinafter referred to as “Data Subject”. An identifiable person is one who can be identified directly or indirectly, specifically by reference to an identifier such as a name, identity card number, photograph, or through one or more specifically physical, physiological, economic factors, and may be classified as sensitive or not.
  • Data Subject:  natural person to whom the personal data that are subject to processing refer.
  • Treatment : any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication , transfer, diffusion or extraction;
  • Processing agents: the Controller (natural or legal person, public or private law, who is responsible for decisions regarding the processing of personal data) and the Operator (natural or legal person, public or private law, who performs the processing of personal data on behalf of the controller;)
  • Person in charge: person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD)

2. MOST Performance

MOST, developer of the mostID Solution, is a Brazilian technology company, providing services to individuals and private entities, providing services related to electronic registration, with capture, identification and verification of data to support systems to combat fraud and support for decision-making systems, based on analysis of registration data.

3. How does MOST collect Personal Data?

Personal data processed by MOST is collected in the following ways:

  • As Controller:
    • Personal data of employees / collaborators and customers:  MOST uses the personal data of its employees / collaborators and customers to carry out its activities, comply with legal and regulatory obligations, and execute the signed contracts.
  • As Operator
    • Identification Data and Registration Status: through a digital platform , mostID user-clients will be asked for identification data of individuals and/or legal entities (CPF and/or CNPJ numbers), which will be the object of the desired research.

4. What Personal Data do we collect?

  • As Controllers
Personal data
Employees and CollaboratorsName, telephone, e-mail, photo, marital status, education level, affiliation, bank details, RG, CPF, PIS, CTPS, Reservist Certificate, Address, date of birth, dependents, sensitive data regarding health.
Customers and Suppliers Name / Company Name, address, CPF – CNPJ, e-mail, telephones, Registration Numbers. State and Municipal, and data of their respective legal representatives or attorneys.
  • As Operators
Personal data
CPF or CNPJ number under investigation

5. For what purposes do we use personal data?

  • For the preparation and execution of contracts. (art. 7, V of Law 13,709/2018).
  • Meet legal and regulatory obligations (art. 7, II and V of Law 13,709/2018).
  • Meet legitimate interest (art. 7, IX of Law 13,709/2018).
  • For credit protection (art. 7, X of Law 13,709/2018).

6. Sharing of personal data

We value the total privacy of the data we receive and treat them with great care and secrecy. We only share data to the extent necessary and only with those who are committed to treating the data received with the same care as MOST. This sharing can occur in the following cases:  

  • With service providers: 
    • We use service providers who help us to promote the proper performance of contracts and services. When necessary, we will give access to personal information to these providers to the extent necessary for the contract and or service to be performed.
    • The data collected by MOST will be treated on third-party servers, which may be located in Brazil or abroad, but which must always act in accordance with the security and confidentiality policies and mechanisms adopted by MOST, and in strict compliance with the precepts set forth in General Data Protection Law and international standards that deal with the subject.
    • In compliance with legal obligations, we will also share personal data if we believe in good faith it is necessary for our legitimate interest, or that of a third party, in matters of national security, law enforcement, criminal investigation, protecting the security of any person, or to prevent death or imminent physical harm, provided that such interest does not prevail over the interests or rights of the Data Subject. 

7. Storage, conservation and elimination of data

As an Operator, MOST does not store the information collected and received. But if this becomes necessary, MOST undertakes to only do so on servers that meet the security standards established by MOST and the applicable legislation, and even then only for the duration of the provision of services or upon request of the Controller. At the end of the contract with the Controller and the obligation to store it, the data shared with MOST will be deleted.

The data collected as a Controller will be kept by MOST, as long as necessary, for legitimate business purposes and essential to the development of our activity, to comply with legal and regulatory obligations, and to execute the signed contracts. Once the usefulness of the data ceases and the obligation to store it, they will be deleted.

At the Holder’s request, MOST undertakes, when in the condition of Data Controller, to eliminate or anonymize the data. As an Operator, it undertakes to notify the Controller of the Holder’s request, indicating that it manifests itself within a reasonable time and within the legal limits, for the elimination or anonymization of personal data, so that it does not identify it. In both cases, the exception will be in cases where it is legally permitted or mandatory to keep certain personal data, including situations such as the following:

  • If there is an obligation to keep personal data for compliance with legal, tax, auditing and accounting determinations, retaining the necessary personal data for the period required by applicable law.
  • Whenever necessary for judicial or extrajudicial defense, to serve legitimate commercial interests, such as fraud prevention, or to maintain the security of Users.

8. Security of Processed Data

We are committed to protecting all data, personal or otherwise, received in the course of carrying out our activities. We implement technical and organizational measures to help protect data security, all with the aim of minimizing the risks of irregular activities with incoming data.
All information shared with MOST is treated in a confidential and confidential manner, and its employees, suppliers and partners are prohibited from disclosing and/or informing third parties of the information that they have access to without the express authorization of the treatment agents involved.
Regardless of the security processes implemented, MOST is committed to immediately reporting to its user-clients any irregularity or failure in security that could jeopardize the secrecy and integrity of the personal data held by it.

9. Right of Holders

The holder of personal data is assured the right to request any information about data processing carried out by MOST.

10. Changes to this Privacy Policy

From time to time, we may make changes to this Policy. When we make material changes to this Policy, we will communicate visibly and appropriately under the circumstances.

11. Talk to MOST

Questions regarding this Policy can be directed to the Data Protection Officer:

E-mail: dpo@most.com.br

 

Version of 10/13/2022