News Technical Assistance Catalogs Contact

Privacy Policy.


Cromex is a Brazilian company with more than 40 years of history, leader in the national market of plastic colors and additives, operating in the entire national territory and exporting to more than 40 countries in different continents.

Certified by ISO 9001, ISO 14001 e ISO 45001, Cromex fulfills with excellency its role as a company that is 100% engaged with the global issues on sustainability.


Cromex is concerned with information security, especially regarding the privacy and protection of personal data that it may access as a result of its activities. Therefore, in compliance with the General Law on Personal Data Protection (“LGPD” – Act no. 13,709/2018), this Policy describes the practices adopted by Cromex for the collection, treatment, and storage of its data and information.

We understand that our activities of data collection, both online and offline, covering personal data collected by our several channels, including, but not limited to – websites, Applications, Customer Service Center, Points of Sale, Research, and Events.

When the user interacts and uses the services offered by Cromex, he or she gives his or her free and express awareness and consent with the terms stipulated in this Privacy Policy.


  • Holder: individual whose personal data and/or sensitive personal data are object of treatment;
  • Personal Data: any and all information that makes the individual identified or identifiable;
  • Treatment: any operation or set of operations in which personal data and/or sensitive personal data are used, including in relation to the collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, or control of the information, modification, communication, transfer, diffusion, or extraction;
  • Controller: individual or legal entity, public or private, with power to make decisions related to the treatment of personal data and/or sensitive personal data;
  • Operator: ndividual or legal entity, public or private, who performs the treatment of personal data and/or sensitive personal data on behalf of Controller.
  • Consent:xpress and unequivocal authorization given by the holder of the personal data or his or her legal representative, in writing or in any other mean that demonstrates his or her will, so that Cromex collects and treats its personal data, according to the purpose previously described.


The practices described in this Privacy Policy are only applicable to the treatment of your personal data in Brazil and are subject to the local legislation applicable, especially Act no. 13,709/2018 (General Law on Personal Data Protection, or "LGPD").

Cromex oes not collect and treat personal data without a need, specific purpose, legal and compatible grounding.

Processed personal data are only treated by the persons who had achieved the privilege level and need of access, assuring that your data will not be viewed by collaborators or service providers of Cromex odd to the respective intended purpose.


Acting as the Controller, Cromex may collect certain personal data, such as: navigation data; full name; residential address; e-mail address; telephone; always with the knowledge of the holder and with transparency, from the following sources:

  • Cromex website: It includes both the website we operate from our domains and IP addresses, and websites or pages we maintain in third-party services, such as Facebook, LinkedIn, YouTube, SlideShare, and other third parties offering this type of service.
  • E-mail and instant messaging systems: services used to keep electronic communications between you and Cromex, including those provided directly by use, or third-party services, such as WhatsApp (short messaging service) and similar.
  • Cromex mobile applications: mobile applications directly supplied by Cromex or by third-party services, such as Google.
  • Ads, propaganda, and online forms: interactions with any type of ads, propaganda, and online forms of Cromex.
  • Offline records: Records completed offline, distributed during events and other interactions with Cromex.
  • Data received from third parties: Including, but not limited to, social media and third-party websites such as, for instance, Facebook, Instagram, LinkedIn, YouTube, and similar, data aggregation services, Cromex partners, public sources, and data received during the acquisition of other companies.


We are committed to safeguarding your personal data and only use them according to the purposes described in this Policy. We indicate below in which areas of the website the information is/may be collected, what are the collected data, and how we use them:

Action Personal data collected Purpose
Complete the contact forms Name, e-mail, company, telephone, country, and city. Please identify if you are or not already a customer, supplier, distributor, collaborator, or has any other type of relationship with us, sending your message to the person in charge for the region you informed and/or area/activity related to your request, so that he or she may reply to your message more assertively.
Please complete the newsletter subscription form E-mail Send communications about products and news from Cromex.
Complete the forms to download brochures. Name, e-mail, company. If consent is given by ticking the authorization checkbox, we will be able to send communications about products and news from Cromex.
Visit our website
  • IP address
  • Language
  • Location
  • Type of device, browser, and operating system used
  • Age and gender
  • Accessed content and frequency of access
  • Interaction with our content,
  • Duration of sessions,
  • Categories of affinity, and
  • Segments of market of interest
  • Improve content, features, and usability of the website
  • Perform marketing and advertising actions, from the analysis of your interests;
  • Customize your experience while using the website;
  • Identify if you are a potential customer so that we can offer our products
  • Measure and analyze page views and characteristics of visitors in order to measure the results of our actions;


We use the technology of “cookies” in this website. Cookies are small files sent by our website to your computer and that are stored in your browser and that may be loaded by our website with the purpose of identifying you, your interactions, enforce marketing campaigns, and improve your browsing experience.

Strictly necessary cookies

These are essential for the website to function, without them the website would not work properly.

Cookie Provider Duration Purpose
XSRF-TOKEN Cromex 2h Used to protect the user, as it impedes certain techniques of submission of malicious forms
<rdstation-popup-><popupId><-viewed> RD Station From 1 day to 3 months It prevents the same pop-up from being displayed to the same visitor repeated times in a short period of time
cromex_sa_session Cromex 2h Identifies the visitor, allowing to recognize it while browsing the pages.

Functional cookies

These cookies adjust the third-party services, such as link to your profile of social media, comments, chatbots, etc.

Cookie Provider Duration Purpose
remember_web_ Laravel 5 years Keeps the user logged while accessing the website again from the same device (only admin users of the website).
test_cookie Google 15min Determine if the user browser supports cookies

Statistical cookies

These cookies translate the interactions of visitors into detailed reports of behavior, anonymized.

Cookie Provider Duration Purpose
__trf.src RD Station 2 years Keep the reference of origin of a visit by a user in the website.
__utma Google 2 years Distinguish users and sessions.
__utmz Google 6 months Store the traffic origin or campaign from which the user landed on the website.
_ga Google 2 years Distinguish users.
_gat Google 1 min Used to restrict the request rate.
_gid Google 24h Used to distinguish users.
rdtrk RD Station 1 ano Safeguard the list of all pages accessed by a visitor within the website domain.

Marketing cookies

These track the browsing of visitors and collect data so that we can create more relevant communications/ads according to the behavior.

Cookie Provider Duration Purpose
DSID Google 15 days Store the activities of the user within Google in different devices, including for advertising purposes
RUL Google 12 months Used to provide the delivery of ads or retargeting.
IDE Google 13 months Register, report, and evaluate the actions of the user with the ad, presenting segmented ads.
1P_JAR Google 30 days Based on recent research and prior interactions, customized ads are displayed on Google websites.
ANID Google 13 months Used to display Google ads on websites not belonging to Google
NID Google 6 months Stores the preferences of visitors and customizes the ads on Google websites based on recent research and interactions.
__Secure-3PAPISID Google 2 years Builds a profile of interest of the website visitor to display relevant and customized ads using retargeting.
__Secure-3PSID Google 2 years Builds a profile of interest of the website visitor to display relevant and customized ads using retargeting.
__Secure-3PSIDCC Google 1 year Builds a profile of interest of the website visitor to display relevant and customized ads using retargeting.
c_user Facebook 1 year Tracking of users, from Facebook, for advertisement purposes.
datr Facebook 1 year Tracking of users, from Facebook, for advertisement purposes.
ft Facebook 3 months Tracking of users, from Facebook, for advertising purposes.
sb Facebook 1 year Facebook tracks Facebook users with cookies (fr) used for advertising purposes.
spin Facebook 1 day Tracking of users, from Facebook, for advertising purposes.
xs Facebook 1 year Session Cookie

If you wish to verify, enable, and disable cookies or eliminate the stored data related to cookies, refer to the topic.

  • To verify, enable, and disable cookies, just click the cookies manager available in the lower left corner of the website and click the option “Minhas Opções” (Minhas Opções), if you wish to eliminate the stored data related to cookies, click “Opt-Out” and place your request;
  • If you no longer wish to receive our e-mails about products and news from our newsletter or consented forms, just click the link “descadastro/unsubscribe”, at the e-mail foote


When accessing and/or using any form, printed or digital, website and other digital platforms of Cromex, the holder represents and consents to supply his or her information consciously and voluntarily.

Cromex automatically receives the IP address from the holder’s computer, to obtain information that will assist identifying your browser and operating system. When logged in, data and activities of the holder will also be used.

In case of collection of personal information to any other secondary purpose, such as, for marketing actions, Cromex will request the specific consent directly to the User. The collection of personal data of users occurs to meet the following purposes, among others set forth by law:

  • Contacts with Cromex, using its communication channels (telephone, e-mail, SMS, WhatsApp etc.);
  • Access to the content provided on the website and digital platforms;
  • Institutional register and access to our digital platforms to receive Newsletter, institutional bulletins, promotions, and e-mail marketing in any communication channel (telephone, e-mail, WhatsApp and other);
  • Observance of legal, regulatory, accounting, and tax obligations, or for the provision of accounts to the National Authority on Data Protection;
  • Observance of legitimate institutional, administrative, or legal interests of Cromex

Finally, for statistical and marketing purposes, Cromex may use anonymous or aggregate data (impeding the identification of the user) collected about your events and other activities, to elaborate materials about your actions of impact and/or social actions.


Cromex is committed to adopting the best practices of treatment and Information Security, prioritizing the protection and inviolability of the personal data of its customers, partners, collaborators, and other holders, in addition to adopting all administrative, technical, and physical measures of prevention to maintain the integrity of such data, in order to avoid the occurrence of eventual damages.

As permitted by the General Law on Personal Data Protection (LGPD), Cromex may subcontract companies to treat personal data, in part or as a whole.

In these cases, the companies undertake, under the terms of the signed agreements, to keep the secrecy and assure the privacy and security of accessed data, not being able to use them for any other purpose, neither relate these data with other data they have.

Only, when necessary Cromex may share user information with:

  • Customers and partners, collaborators, and service providers involved in the conduction of institutional activities;
  • Companies’ providers of platform hosting services, providers of platform maintenance services, providers of e-mail hosting services, event management platforms, as well as service providers occasionally hired for courses, lectures, fairs, expos, and events.
  • Public Prosecution Office, in case of eventual need of rendering of accounts or information, for the observance of legal obligation.


You may exercise any of the rights specified below, at any time, which will always be justified and answered, and met, when applicable, after contact with Cromex.

  • Access right: you may request and receive a copy of your personal data under our custody, clarifications on how we obtain your personal data, which criteria are used, what is the purpose of treatment and with whom we share your personal data.
  • Rectification right: you may request the rectification of personal data that are incomplete, inaccurate or out-of-date, against the verification of validity of the data you provide.
  • Anonymization, block, or elimination right: you may request the anonymization, block, or elimination or personal data you deem are being treated wrongfully in relation to this policy or not in compliance with the applicable legislation on personal data protection.
  • Right to objection: you may object the treatment of your personal data performed without your consent, if you deem that such treatment is violating your rights. In these cases, we may demonstrate that we have legitimate reasons to treat your personal data according to this policy, the legislation in force on data privacy and protection, and to provide our services properly.
  • Exclusion right: you may request the exclusion of your personal data stored with Cromex hat no longer are necessary or relevant for the provision of the services, provided we do not have any other reason to keep them, such as for the observance of legal or regulatory obligation of data retention or to protect Cromex rights.
  • Right for the non-supply of consent: you may refuse the treatment of personal data based on your consent, at any time. However, if you remove your consent, it is possible that we may not offer part of the services properly, case in which you will be informed.
  • Right to review: you may request the review of decisions made solely based on automatic treatment, if you consider these are affecting your interests.
  • Portability right: you have the right to select the portability of your personal data in structured and interoperable format.

In addition, you can also restrict the use and disclosure, or revoke the consent to any of our activities of personal data processing, except the cases with need of retention for the observance of contractual, legal, or regulatory obligation, or against the protection of public interest.

These rights may be exercised in the communication channels detailed in section “CONTACT” of this policy, being necessary to validate your identity by providing a copy of your ID or equivalent means of identification, according to the legislation in force.

To understand more about your rights on personal data, as well as how Cromex will respond to your request, please check our Personal Data Subject Response Policy.


Cromex does not request, collect, process, store or share, consciously, personal data of children and teenagers, except the cases which include legal provision, or explicit consent of the parents or legal representatives, according to the legislation in force.

If we discover the occurrence of any type of treatment of this type of personal data, non-intentionally, quickly removing the personal data of the child or teenager from our records.


Cromex will use your personal data for the time necessary to exercise the strict purposes for which they have been collected, as described in this policy, or to comply with the legal requirement applicable.

Upon the end of the treatment, the data will be eliminated under the scope and technical limits of the activities, authorizing the conservation in the situations set forth by the legislation in force.

Data retention is also possible against the consent of the user, for the period he or she permits the maintenance of storage, or while the interest of the holder in receiving news, informative materials and newsletter from Cromex persists – being possible to opt-out at any time, revoking the consent, as the case may be.


Cromex may perform the international transfer of data to other countries, necessary for the development of our activities and of our customers and partners in events. This transfer can be made between Cromex and the foreign company that will host the event or with the customs entities for the provision of visa and tickets of collaborators and/or customers and partners. Cromex tlso treat data of international customers, due to exporting activities, establishing a pattern of data protection and information security compatible with this Privacy Policy, so that the data are always protected under these terms.


To ensure your privacy and the protection of your personal data, we adopt security measures compatible with our market:

  • SSL Certificate: Our website encrypts the information sent to servers using the Secure Socket Layers (SSL) technology;
  • Restricted access to data: your personal data are only accessed by authorized operators;
  • Security of the devices used to treat data: the devices used to access the personal data are managed by Cromex IT department, which applies security measures, such as enabled and up-to-date antivirus software, firewall, etc.
  • Security requirements to operators: we require operators to adopt measures to keep the privacy and security of your personal data, according to the LGPD, such measures being expressed in contract.


Cromex may change this Privacy Policy at any time. Every time a relevant condition of this Privacy Policy is changed, these changes will become valid, efficient, and binding after the new version is disclosed in our website or sent via e-mail to you.


Cromex reserves the right to disclose or supply the User data for the legal and/or procedural compliance, if necessary, and if so, required by tax, judicial, or administrative authorities, with the knowledge of the respective holders, except in case of legal or judicial provision on the contrary.

If you have doubts about this Privacy Policy, or if you wish to check which personal data you have in our base, with which public and private entities these data were shared, or request the correction, portability, total or partial exclusion, or revoke the respective consent, please contact our Head of Data Protection (“DPO”) using the Request Form on Personal Data or send a message to

Sign up for our newsletter

Receive news in your email