1. ABOUT CROMEX
Cromex is a Brazilian company with more than 40 years of history, leader in the national market of plastic colors and additives, operating in the entire national territory and exporting to more than 60 countries in different continents.
2. CROMEX’S COMMITMENT WITH PRIVACY
Cromex is concerned with information security, especially regarding the privacy and protection of personal data that it may access as a result of its activities. Therefore, in compliance with the General Law on Personal Data Protection (“LGPD” – Act no. 13,709/2018), this Policy describes the practices adopted by Cromex for the collection, treatment, and storage of its data and information.
We understand that our activities of data collection, both online and offline, covering personal data collected by our several channels, including, but not limited to – websites, Applications, Customer Service Center, Points of Sale, Research, and Events.
3. KEY DEFINITION
- Holder: individual whose personal data and/or sensitive personal data are object of treatment;
- Personal Data: any and all information that makes the individual identified or identifiable;
- Treatment: any operation or set of operations in which personal data and/or sensitive personal data are used, including in relation to the collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, or control of the information, modification, communication, transfer, diffusion, or extraction;
- Controller: individual or legal entity, public or private, with power to make decisions related to the treatment of personal data and/or sensitive personal data;
- Operator: ndividual or legal entity, public or private, who performs the treatment of personal data and/or sensitive personal data on behalf of Controller.
- Consent:xpress and unequivocal authorization given by the holder of the personal data or his or her legal representative, in writing or in any other mean that demonstrates his or her will, so that Cromex collects and treats its personal data, according to the purpose previously described.
4. STATEMENT ON DATA PRIVACY
Cromex oes not collect and treat personal data without a need, specific purpose, legal and compatible grounding.
Processed personal data are only treated by the persons who had achieved the privilege level and need of access, assuring that your data will not be viewed by collaborators or service providers of Cromex odd to the respective intended purpose.
5. PERSONAL DATA SOURCES
Acting as the Controller, Cromex may collect certain personal data, such as: navigation data; full name; residential address; e-mail address; telephone; always with the knowledge of the holder and with transparency, from the following sources:
- Cromex website: It includes both the website we operate from our domains and IP addresses, and websites or pages we maintain in third-party services, such as Facebook, LinkedIn, YouTube, SlideShare, and other third parties offering this type of service.
- E-mail and instant messaging systems: services used to keep electronic communications between you and Cromex, including those provided directly by use, or third-party services, such as WhatsApp (short messaging service) and similar.
- Cromex mobile applications: mobile applications directly supplied by Cromex or by third-party services, such as Google.
- Ads, propaganda, and online forms: interactions with any type of ads, propaganda, and online forms of Cromex.
- Offline records: Records completed offline, distributed during events and other interactions with Cromex.
- Data received from third parties: Including, but not limited to, social media and third-party websites such as, for instance, Facebook, Instagram, LinkedIn, YouTube, and similar, data aggregation services, Cromex partners, public sources, and data received during the acquisition of other companies.
6. PERSONAL DATA COLLECTED IN OUR WEBSITE AND THEIR PURPOSE
We are committed to safeguarding your personal data and only use them according to the purposes described in this Policy. We indicate below in which areas of the website the information is/may be collected, what are the collected data, and how we use them:
|Action||Personal data collected||Purpose|
|Complete the contact forms||Name, e-mail, company, telephone, country, and city.||Please identify if you are or not already a customer, supplier, distributor, collaborator, or has any other type of relationship with us, sending your message to the person in charge for the region you informed and/or area/activity related to your request, so that he or she may reply to your message more assertively.|
|Please complete the newsletter subscription form||Send communications about products and news from Cromex.|
|Complete the forms to download brochures.||Name, e-mail, company.||If consent is given by ticking the authorization checkbox, we will be able to send communications about products and news from Cromex.|
|Visit our website||
We use the technology of “cookies” in this website. Cookies are small files sent by our website to your computer and that are stored in your browser and that may be loaded by our website with the purpose of identifying you, your interactions, enforce marketing campaigns, and improve your browsing experience.
Strictly necessary cookies
These are essential for the website to function, without them the website would not work properly.
|XSRF-TOKEN||Cromex||2h||Used to protect the user, as it impedes certain techniques of submission of malicious forms|
|<rdstation-popup-><popupId><-viewed>||RD Station||From 1 day to 3 months||It prevents the same pop-up from being displayed to the same visitor repeated times in a short period of time|
|cromex_sa_session||Cromex||2h||Identifies the visitor, allowing to recognize it while browsing the pages.|
These cookies adjust the third-party services, such as link to your profile of social media, comments, chatbots, etc.
|remember_web_||Laravel||5 years||Keeps the user logged while accessing the website again from the same device (only admin users of the website).|
|test_cookie||15min||Determine if the user browser supports cookies|
These cookies translate the interactions of visitors into detailed reports of behavior, anonymized.
|__trf.src||RD Station||2 years||Keep the reference of origin of a visit by a user in the website.|
|__utma||2 years||Distinguish users and sessions.|
|__utmz||6 months||Store the traffic origin or campaign from which the user landed on the website.|
|_ga||2 years||Distinguish users.|
|_gat||1 min||Used to restrict the request rate.|
|_gid||24h||Used to distinguish users.|
|rdtrk||RD Station||1 ano||Safeguard the list of all pages accessed by a visitor within the website domain.|
These track the browsing of visitors and collect data so that we can create more relevant communications/ads according to the behavior.
|DSID||15 days||Store the activities of the user within Google in different devices, including for advertising purposes|
|RUL||12 months||Used to provide the delivery of ads or retargeting.|
|IDE||13 months||Register, report, and evaluate the actions of the user with the ad, presenting segmented ads.|
|1P_JAR||30 days||Based on recent research and prior interactions, customized ads are displayed on Google websites.|
|ANID||13 months||Used to display Google ads on websites not belonging to Google|
|NID||6 months||Stores the preferences of visitors and customizes the ads on Google websites based on recent research and interactions.|
|__Secure-3PAPISID||2 years||Builds a profile of interest of the website visitor to display relevant and customized ads using retargeting.|
|__Secure-3PSID||2 years||Builds a profile of interest of the website visitor to display relevant and customized ads using retargeting.|
|__Secure-3PSIDCC||1 year||Builds a profile of interest of the website visitor to display relevant and customized ads using retargeting.|
|c_user||1 year||Tracking of users, from Facebook, for advertisement purposes.|
|datr||1 year||Tracking of users, from Facebook, for advertisement purposes.|
|ft||3 months||Tracking of users, from Facebook, for advertising purposes.|
|sb||1 year||Facebook tracks Facebook users with cookies (fr) used for advertising purposes.|
|spin||1 day||Tracking of users, from Facebook, for advertising purposes.|
|xs||1 year||Session Cookie|
If you wish to verify, enable, and disable cookies or eliminate the stored data related to cookies, refer to the topic.
- To verify, enable, and disable cookies, just click the cookies manager available in the lower left corner of the website and click the option “Minhas Opções” (Minhas Opções), if you wish to eliminate the stored data related to cookies, click “Opt-Out” and place your request;
- If you no longer wish to receive our e-mails about products and news from our newsletter or consented forms, just click the link “descadastro/unsubscribe”, at the e-mail foote
8. CONSENT AND PURPOSE OF THE USE OF PERSONAL DATA
When accessing and/or using any form, printed or digital, website and other digital platforms of Cromex, the holder represents and consents to supply his or her information consciously and voluntarily.
In case of collection of personal information to any other secondary purpose, such as, for marketing actions, Cromex will request the specific consent directly to the User. The collection of personal data of users occurs to meet the following purposes, among others set forth by law:
- Contacts with Cromex, using its communication channels (telephone, e-mail, SMS, WhatsApp etc.);
- Access to the content provided on the website and digital platforms;
- Institutional register and access to our digital platforms to receive Newsletter, institutional bulletins, promotions, and e-mail marketing in any communication channel (telephone, e-mail, WhatsApp and other);
- Observance of legal, regulatory, accounting, and tax obligations, or for the provision of accounts to the National Authority on Data Protection;
- Observance of legitimate institutional, administrative, or legal interests of Cromex
Finally, for statistical and marketing purposes, Cromex may use anonymous or aggregate data (impeding the identification of the user) collected about your events and other activities, to elaborate materials about your actions of impact and/or social actions.
9. TREATMENT AND SHARING OF COLLECTED DATA
Cromex is committed to adopting the best practices of treatment and Information Security, prioritizing the protection and inviolability of the personal data of its customers, partners, collaborators, and other holders, in addition to adopting all administrative, technical, and physical measures of prevention to maintain the integrity of such data, in order to avoid the occurrence of eventual damages.
As permitted by the General Law on Personal Data Protection (LGPD), Cromex may subcontract companies to treat personal data, in part or as a whole.
In these cases, the companies undertake, under the terms of the signed agreements, to keep the secrecy and assure the privacy and security of accessed data, not being able to use them for any other purpose, neither relate these data with other data they have.
Only, when necessary Cromex may share user information with:
- Customers and partners, collaborators, and service providers involved in the conduction of institutional activities;
- Companies’ providers of platform hosting services, providers of platform maintenance services, providers of e-mail hosting services, event management platforms, as well as service providers occasionally hired for courses, lectures, fairs, expos, and events.
- Public Prosecution Office, in case of eventual need of rendering of accounts or information, for the observance of legal obligation.
10. YOUR RIGHTS
You may exercise any of the rights specified below, at any time, which will always be justified and answered, and met, when applicable, after contact with Cromex.
- Access right: you may request and receive a copy of your personal data under our custody, clarifications on how we obtain your personal data, which criteria are used, what is the purpose of treatment and with whom we share your personal data.
- Rectification right: you may request the rectification of personal data that are incomplete, inaccurate or out-of-date, against the verification of validity of the data you provide.
- Anonymization, block, or elimination right: you may request the anonymization, block, or elimination or personal data you deem are being treated wrongfully in relation to this policy or not in compliance with the applicable legislation on personal data protection.
- Right to objection: you may object the treatment of your personal data performed without your consent, if you deem that such treatment is violating your rights. In these cases, we may demonstrate that we have legitimate reasons to treat your personal data according to this policy, the legislation in force on data privacy and protection, and to provide our services properly.
- Exclusion right: you may request the exclusion of your personal data stored with Cromex hat no longer are necessary or relevant for the provision of the services, provided we do not have any other reason to keep them, such as for the observance of legal or regulatory obligation of data retention or to protect Cromex rights.
- Right for the non-supply of consent: you may refuse the treatment of personal data based on your consent, at any time. However, if you remove your consent, it is possible that we may not offer part of the services properly, case in which you will be informed.
- Right to review: you may request the review of decisions made solely based on automatic treatment, if you consider these are affecting your interests.
- Portability right: you have the right to select the portability of your personal data in structured and interoperable format.
In addition, you can also restrict the use and disclosure, or revoke the consent to any of our activities of personal data processing, except the cases with need of retention for the observance of contractual, legal, or regulatory obligation, or against the protection of public interest.
These rights may be exercised in the communication channels detailed in section “CONTACT” of this policy, being necessary to validate your identity by providing a copy of your ID or equivalent means of identification, according to the legislation in force.
To understand more about your rights on personal data, as well as how Cromex will respond to your request, please check our Personal Data Subject Response Policy.
11. TREATMENT OF PERSONAL DATA OF CHILDREN AND TEENAGERS
Cromex does not request, collect, process, store or share, consciously, personal data of children and teenagers, except the cases which include legal provision, or explicit consent of the parents or legal representatives, according to the legislation in force.
If we discover the occurrence of any type of treatment of this type of personal data, non-intentionally, quickly removing the personal data of the child or teenager from our records.
12. END OF DATA TREATMENT
Cromex will use your personal data for the time necessary to exercise the strict purposes for which they have been collected, as described in this policy, or to comply with the legal requirement applicable.
Upon the end of the treatment, the data will be eliminated under the scope and technical limits of the activities, authorizing the conservation in the situations set forth by the legislation in force.
Data retention is also possible against the consent of the user, for the period he or she permits the maintenance of storage, or while the interest of the holder in receiving news, informative materials and newsletter from Cromex persists – being possible to opt-out at any time, revoking the consent, as the case may be.
13. INTERNATIONAL TRANSFER OF DATA
14. SECURITY MEASURES
To ensure your privacy and the protection of your personal data, we adopt security measures compatible with our market:
- SSL Certificate: Our website encrypts the information sent to servers using the Secure Socket Layers (SSL) technology;
- Restricted access to data: your personal data are only accessed by authorized operators;
- Security of the devices used to treat data: the devices used to access the personal data are managed by Cromex IT department, which applies security measures, such as enabled and up-to-date antivirus software, firewall, etc.
- Security requirements to operators: we require operators to adopt measures to keep the privacy and security of your personal data, according to the LGPD, such measures being expressed in contract.
15. CHANGES TO THE POLICY
Cromex reserves the right to disclose or supply the User data for the legal and/or procedural compliance, if necessary, and if so, required by tax, judicial, or administrative authorities, with the knowledge of the respective holders, except in case of legal or judicial provision on the contrary.