1. General Information
This Privacy Policy contains information about how we process, in whole or in part, by automated means or otherwise, the personal data of users who access our website. Its purpose is to inform interested parties about the types of data collected, the reasons for collection, and how the user may update, manage, or delete this information.
This Privacy Policy has been prepared in accordance with Federal Law No. 12,965 of April 23, 2014 (Brazilian Civil Rights Framework for the Internet), Federal Law No. 13,709 of August 14, 2018 (Personal Data Protection Law), and EU Regulation No. 2016/679 of April 27, 2016 (General European Data Protection Regulation - GDPR).
This Privacy Policy may be updated as a result of any regulatory update, which is why users are encouraged to consult this section periodically.
2. User Rights
The site undertakes to comply with the rules set forth in the GDPR, in respect of the following principles:
- The user's personal data will be processed lawfully, fairly, and transparently (lawfulness, fairness, and transparency);
- The user's personal data will be collected only for specified, explicit, and legitimate purposes and may not be further processed in a manner incompatible with those purposes (purpose limitation);
- The user's personal data will be collected in a manner that is adequate, relevant, and limited to what is necessary for the purposes for which they are processed (data minimization);
- The user's personal data will be accurate and kept up to date whenever necessary, so that inaccurate data are erased or rectified whenever possible (accuracy);
- The user's personal data will be kept in a form that permits the identification of data subjects only for as long as necessary for the purposes for which they are processed (storage limitation);1/12
- The user's personal data will be processed securely, protected against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by adopting appropriate technical or organizational measures (integrity and confidentiality).
The site user has the following rights, granted by the Personal Data Protection Law and the GDPR:
- Right of confirmation and access: this is the user's right to obtain from the site confirmation as to whether or not personal data concerning them is being processed and, if so, the right to access their personal data;
- Right to rectification: this is the user's right to obtain from the site, without undue delay, the rectification of inaccurate personal data concerning them;
- Right to erasure of data (right to be forgotten): this is the user's right to have their data deleted from the site;
- Right to restriction of data processing: this is the user's right to restrict the processing of their personal data, which may be obtained when they contest the accuracy of the data, when the processing is unlawful, when the site no longer needs the data for the stated purposes, and when they have objected to the processing of the data and in the case of unnecessary data processing;
- Right to object: this is the user's right to object, at any time and on grounds relating to their particular situation, to the processing of personal data concerning them, and they may also object to the use of their personal data for marketing profiling (profiling);
- Right to data portability: this is the user's right to receive the personal data concerning them that they have provided to the site, in a structured, commonly used, and machine-readable format, and the right to transmit those data to another site;
- Right not to be subject to automated decisions: this is the user's right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
The user may exercise their rights by means of a written communication sent to the site with the subject "RGDP-botconversa.com.br", specifying:
- Full name or company name, CPF number (Individual Taxpayer Registry, of the Brazilian Federal Revenue Service) or CNPJ number (National Registry of Legal Entities, of the Brazilian Federal Revenue Service), and the user's e-mail address and, where applicable, that of their representative;
- The right they wish to exercise with the site;
- The date of the request and the user's signature;
- Any document that can demonstrate or justify the exercise of their right.
The request must be sent to the e-mail address: contato@botconversa.com.br, or by mail to the following address:
BotConversa LTDA
R CONS MOREIRA DE BARROS, n 2268, Room 71;
LAUZANE PAULISTA ;
São Paulo - SP;
ZIP Code 02.430-001.
The user will be informed in the event of rectification or deletion of their data.
3. Duty Not to Provide Third-Party Data
During the use of the site, in order to safeguard and protect the rights of third parties, the site user must provide only their own personal data, and not that of third parties.
4. Collected information
User data will be collected in accordance with the provisions of this Privacy Policy and will depend on the user's consent, which may be waived only in the circumstances provided for in Article 11, item II, of the Personal Data Protection Law.
4.1. Types of data collected
4.1.1. User identification data for account registrationThe use of certain site features by the user will depend on registration, and in these cases, the following user data will be collected and stored:
- name
- email address
- social media details
- phone number
- CPF number
- CNPJ number
4.1.2. Data provided in the contact form
Any data eventually provided by the user when using the contact form available on the website, including the content of the message sent, will be collected and stored.
4.1.3. Data related to the execution of contracts entered into with the user
To carry out a purchase and sale contract or a service agreement eventually entered into between the website and the user, other data related to or necessary for its performance may be collected and stored, including the content of any communications held with the user.
4.1.4. Access Records
In compliance with the provisions of Article 15, caput and paragraphs, of Federal Law No. 12.965/2014 (Brazilian Civil Rights Framework for the Internet), the user's access records will be collected and stored for at least six months.
4.1.5. Newsletter
The email address registered by the user who chooses to subscribe to our Newsletter will be collected and stored until the user requests to unsubscribe.
4.1.6. Sensitive Data
Not sensitive data of users will be collected, as understood as those defined in Articles 9 and 10 of the GDPR and in Articles 11 and following of the Personal Data Protection Law. Thus, among others, not the following data will be collected:- data revealing the racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership of the user;
- genetic data;
- biometric data for uniquely identifying a person;
- data relating to the user's health;
- data relating to the user's sex life or sexual orientation;
- data related to criminal convictions or offenses or to associated security measures.
4.1.7. Collection of data not expressly provided for
Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are supplied with the user's consent, or, alternatively, that collection is permitted or required by law.
4.2. Legal basis for the processing of personal data
By using the website services, the user agrees to this Privacy Policy.
The user has the right to withdraw consent at any time, without affecting the lawfulness of the processing of their personal data before the withdrawal. Consent may be withdrawn by email at: contato@botconversa.com.br, or by mail sent to the following address:
R CONS MOREIRA DE BARROS, n 2268, Room 71;
LAUZANE PAULISTA;
São Paulo - SP;
ZIP Code 02.430-001.
The consent of persons who are relatively or absolutely incapable, especially children under 16 (sixteen) years of age, may only be given, respectively, if duly assisted or represented.
Personal data necessary for the performance and fulfillment of the services contracted by the user on the website may also be collected.
The processing of personal data without the user's consent will only be carried out due to legitimate interest or in the cases provided by law, that is, among others, the following:
- to comply with a legal or regulatory obligation by the controller;
- to carry out studies by a research body, ensuring, whenever possible, the anonymization of personal data;
- when necessary for the performance of a contract or preliminary procedures related to a contract to which the user is a party, at the request of the data subject;
- for the regular exercise of rights in judicial, administrative, or arbitral proceedings, the latter under Law No. 9,307, of September 23, 1996 (Arbitration Law);
- to protect the life or physical safety of the data subject or of a third party;
- for health protection, in a procedure carried out by health professionals or health entities;
- when necessary to meet the legitimate interests of the controller or of a third party, except where the fundamental rights and freedoms of the data subject prevail and require the protection of personal data;
- for credit protection, including as provided in the relevant legislation.
4.3. Purposes of processing personal data
The user's personal data collected by the website are intended to facilitate, streamline, and fulfill the commitments established with the user, as well as to comply with requests made through the completion of forms.
Personal data may also be used for commercial purposes, to personalize the content offered to the user, as well as to provide the website with support to improve the quality and performance of its services.
Registration data will be used to allow the user's access to certain website content, exclusive to registered users.
The collection of data related to, or necessary for, the performance of a purchase and sale agreement or the provision of services eventually entered into with the user shall serve the purpose of ensuring legal certainty for the parties, as well as facilitating and enabling the completion of the transaction.
The processing of personal data for purposes not provided for in this Privacy Policy will only occur with prior notice to the user, and in any case, the rights and obligations set forth herein will remain applicable.
4.4. Personal Data Retention Period
The user's personal data will be retained for a maximum period of: 6 months, unless the user requests its deletion before the end of this period.
Users' personal data may only be retained after the end of its processing in the following cases:
- to comply with a legal or regulatory obligation by the controller;
- for research purposes by a research body, ensuring, whenever possible, the anonymization of personal data;
- for transfer to a third party, provided that the data processing requirements set forth in the legislation are observed;
- for the controller's exclusive use, with access by third parties prohibited, and provided that the data are anonymized.
4.5. Recipients and transfer of personal data
The user's personal data may be shared with the following individuals or companies:
Google Analytics, located at Av. Brigadeiro Faria Lima, No. 3477, Itaim Bibi, São Paulo/SP.
Transfer may only be made to another country if the country or territory in question, or the relevant international organization, ensures an adequate level of protection for the user's data.
If there is no adequate level of protection, the website undertakes to ensure the protection of your data in accordance with the strictest rules, through specific contractual clauses for the particular transfer, standard contractual clauses, global corporate rules, or regularly issued seals, certificates, and codes of conduct.
5. Personal Data Processing
5.1. Data Controller
The controller, responsible for the processing of the user's personal data, is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data.
On this website, the controller of the personal data collected is Thiago Corrrea Lopes Simões, who may be contacted by email at: contato@botconversa.com.br or in person at the address:
R CONS MOREIRA DE BARROS, n 2268, Sala 71;
LAUZANE PAULISTA ;
São Paulo - SP;
ZIP code 02.430-001.
The controller will be directly responsible for processing the user's personal data.
5.2. About the Data Protection Officer (data protection officer)
The data protection officer (data protection officer) is the professional responsible for informing, advising, and overseeing the data controller, as well as the employees who process the data, regarding the website's obligations under the GDPR, the Personal Data Protection Law, and other data protection provisions in national and international legislation, in cooperation with the competent supervisory authority.
On this website, the data protection officer (data protection officer) is Thiago Lopes, who can be contacted by email at: contato@botconversa.com.br.
6. Security in the processing of the user's personal data
The website undertakes to apply technical and organizational measures suitable to protect personal data from unauthorized access and from situations of destruction, loss, alteration, disclosure, or dissemination of such data. To ensure security, solutions will be adopted that take into account: appropriate techniques; implementation costs; the nature, scope, context, and purposes of the processing; and the risks to the user's rights and freedoms.
The website uses an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, so that the transmission of data between the server and the user, and in feedback, occurs in a fully encrypted or enciphered manner.
However, the website disclaims responsibility for the exclusive fault of a third party, such as in the case of a hacker or cracker attack, or the exclusive fault of the user, as in the case where the user themselves transfers their data to a third party. The website also undertakes to notify the user within an appropriate period if any type of breach of the security of their personal data occurs that may pose a high risk to their personal rights and freedoms.
A breach of personal data is a security breach that results, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Finally, the website undertakes to treat the user's personal data confidentially, within legal limits.
7. Browsing Data (cookies)
Cookies are small text files sent by the website to the user’s computer and stored there, containing information related to the website’s browsing activity.
Through cookies, small amounts of information are stored by the user’s browser so that our server can read them later. For example, data about the device used by the user, as well as their location and the time of access to the website, may be stored.
Cookies do not allow any file or information to be extracted from the user’s hard drive, nor is it possible, through them, to access personal information that did not originate from the user or from the way they use the site’s features.
It is important to note that not every cookie contains information that allows the user’s identification, and certain types of cookies may be used simply to ensure that the website loads correctly or that its features function as expected.
Information eventually stored in cookies that allows a user to be identified is considered personal data. Accordingly, all rules set forth in this Privacy Policy also apply to it.
7.1. Site Cookies
Site cookies are those sent to the user's computer or device exclusively by the site.
The information collected through these cookies is used to improve and personalize the user's experience, and some cookies may, for example, be used to remember the user's preferences and choices, as well as to provide personalized content.
This browsing data may also be shared with any partners of the site, seeking to improve the products and services offered to the user.
7.2. Social network cookies
The website uses social media plugins, which allow access to them from the website. Thus, when doing so, the cookies used by them may be stored in the user's browser.
Each social network has its own privacy and personal data protection policy, and the natural or legal persons that manage them are responsible for the collected data and the privacy practices adopted.
Users can check with the social networks for information about how their personal data is processed. For informational purposes, we provide the following links, where the privacy and cookie policies adopted by some of the main social networks can be consulted:
Facebook: https://www.facebook.com/policies/cookies/
Twitter: https://twitter.com/pt/privacy
Instagram: https://help.instagram.com/1896641480634370?ref=ig
Youtube: https://policies.google.com/privacy?hl=pt-BR&gl=pt
Google+: https://policies.google.com/technologies/cookies?hl=pt
Pinterest: https://policy.pinterest.com/pt-br/privacy-policy
LinkedIn: https://www.linkedin.com/legal/cookie-policy?trk=hp-cookies
7.3. Cookie management and browser settings
The user may object to the site's cookie recording simply by disabling this option in their own browser or device.
Disabling cookies, however, may affect the availability of some tools and features of the site, compromising its proper and expected operation. Another possible consequence is the removal of user preferences that may have been saved, negatively affecting their experience.
Below are some links to the help and support pages of the most commonly used browsers, which can be accessed by users interested in obtaining more information about cookie management in their browser:
Internet Explorer: https://support.microsoft.com/pt-br/help/17442/windows-internet-explorer-deletemanage-cookies
Safari: https://support.apple.com/pt-br/guide/safari/sfri11471/mac
Google Chrome: https://support.google.com/chrome/answer/95647?hl=pt-BR&hlrm=pt
Mozilla Firefox: https://support.mozilla.org/pt-BR/kb/ative-e-desative-os-cookies-que-os-sites-usam
Opera: https://www.opera.com/help/tutorials/security/privacy/
8. Complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority.
The complaint may be submitted to the authority at the website's headquarters, in the user's country of habitual residence, at their place of work, or at the place where the infringement is alleged to have been committed.
9. Changes
This version of this Privacy Policy was last updated on: 02/08/2020.
The publisher reserves the right to modify these rules for the site at any time, especially to adapt them to the evolution of the BotConversa site, whether by adding new features or by removing or changing those already existing.
The user will be explicitly notified in the event of any change to this policy.
By using the service after any changes, the user indicates acceptance of the new terms. If the user disagrees with any of the changes, they must immediately request cancellation of their account and, if they wish, submit their objection to customer support.
10. Applicable Law and Jurisdiction
For the resolution of disputes arising from this instrument, Brazilian law shall apply in full.
Any disputes must be filed in the court of the judicial district where the website publisher's headquarters is located.
11. Integrations with Google Services
BotConversa may offer integrations with Google services, including Google Calendar. These integrations are used when the user or client company decides to connect a Google account to the BotConversa platform through Google’s OAuth authorization flow.
11.1. Google Data Accessed
When the user authorizes integration with Google, BotConversa may access the following data from the Google account, according to the permissions granted by the user:
- Google account email address;
- basic identification data from the Google account, when necessary to identify the connection;
- list of calendars available in the connected account;
- Google Calendar events, including title, description, date, time, time zone, location, status, participants, organizer, conference links, reminders, and other information associated with the event;
- calendar availability information;
- data necessary to create, update, or delete events in Google Calendar, when this permission is authorized by the user.
BotConversa accesses only the data necessary to provide the functionality of the integration enabled by the user.
11.2. Use of Google Data
BotConversa uses data obtained through Google APIs exclusively to provide the features requested by the user or configured by the client company within the BotConversa platform.
This data may be used to:
- connect the user's Google account to the BotConversa platform;
- display calendar information within the BotConversa platform;
- check availability in Google Calendar;
- create, update, or cancel events in Google Calendar;
- allow automations, flows, or AI assistants configured by the client company to perform calendar-related actions;
- provide technical support, investigate failures, prevent abuse, and maintain the security of the integration.
BotConversa does not use data obtained from Google APIs for advertising, data sales, data brokering, advertising profiling, or any purpose unrelated to the functionalities authorized by the user.
BotConversa does not use Google data to train its own or third-party artificial intelligence models.
11.3. Sharing Google Data
BotConversa does not sell user data obtained through Google APIs.
BotConversa may share Google data only in the following situations:
- with the user who connected the Google account;
- with authorized users from the same client company within the BotConversa platform, according to the account permissions and settings;
- with providers of infrastructure, hosting, security, technical processing, support, or artificial intelligence, only when necessary to provide the platform and integration features;
- when necessary to comply with a legal obligation, court order, or request from a competent authority;
- to protect the rights, security, and integrity of BotConversa, its users, or third parties.
BotConversa does not share Google data with third parties for advertising, marketing, data sales, or the creation of advertising profiles.
BotConversa's use and transfer of information received from Google APIs to any other application will comply with the Google API Services User Data Policy, including the Limited Use requirements.
11.4. Google Data Protection
BotConversa protects the data obtained through Google APIs using appropriate technical and organizational measures, including:
- encryption in transit via HTTPS/TLS;
- encryption of sensitive data when applicable;
- internal access controls;
- restricting access to data only to people and systems that need this information to operate the integration;
- monitoring, technical logs, and security measures to prevent unauthorized access, loss, alteration, improper disclosure, or misuse.
11.5. Retention and deletion of Google data
BotConversa retains data obtained through Google APIs only for as long as necessary to provide the integration, while the account or integration remains active, or for the period required to comply with legal obligations, resolve technical issues, prevent fraud, maintain platform security, or exercise rights.
The user may revoke BotConversa's access to their Google account at any time in the security settings of their Google account or directly on the BotConversa platform.
After revocation, BotConversa will no longer access new data from the connected Google account.
The user may also request the deletion of personal data associated with the integration by contacting suporte@botconversa.com.br by email.
Deletion may be subject to the minimum retention necessary to comply with legal obligations, security, fraud prevention, audit requirements, or the regular exercise of rights.