Upon filling out our forms and/or interacting with us through our website, you entrust us with your personal data, the protection of which is a fundamental right of Brazilian citizens, as stated in the Federal Constitution and the General Data Protection Law – LGPD (Law 13.709/2018). In return, we have the obligation to safeguard this information and ensure you have absolute awareness and control over what we will do with it while it is under our responsibility.

With this in mind, we have adopted this Privacy Policy, which aims to:

i. formalize, record, and publicize the processes, rules, and best practices adopted by Optimal to safeguard the privacy, intimacy, and informational self-determination of our employees, clients, and partners;
ii. promote transparency regarding how Optimal handles personal data.

Through this Privacy Policy, you will learn:

i. the personal data that will be collected from your interaction with our website and products;
ii. the purpose of this collection;
iii. your rights as the data subject, as provided by LGPD;
iv. the means by which you can contact us to exercise these rights.

We ask that you read this document carefully until the end and contact us through the following channels if you have any questions or requests: dpo@optimal.com.br.

1. Who we are and what we do?

We at Optimal offer (B2B) solutions to help our clients make faster and more accurate decisions, driven by more scalable and standardized processes. To achieve this, we create software and integrated services for different stages of the production chain for entrepreneurs in the animal and human nutrition segment, aiming for a reduction in production costs and an increase in the quality of their products. To experience, hire, and/or operate these software and services, some personal data of users is necessary, justifying the adoption of this Privacy Policy.

2. What data do we collect?

2.1. Data of software users

To experience, hire, and/or operate our software and services, some personal data of users will be requested through the forms available on our website and/or in the software itself. They are:

a. full name;
b. corporate email;
c. corporate phone;
d. complete corporate address;
e. position and/or role performed for the company contracting our services and solutions;
f. banking data (credit card number, name of the respective holder, expiration date, and security code), only in the case of choosing credit card payment.

2.2. Data of third parties entered into the software by the user

Considering that the solutions we create are B2B and serve to optimize the production chain of our clients, users of our software and services may enter information about third parties into our database. In this case, the responsibility for the processing of this information will be the user who entered it (and, eventually, the legal entity they represent), as the controller, with us being the processor.

The information of third parties eventually entered into our software by users will correspond to general data of suppliers and customers, such as the full name of the entrepreneur’s representatives, corporate email, phone, and official identification documents of the entrepreneur and its representatives.

3. What is the purpose of collecting data?

We use the information you entrust to us for the following purposes:

3.a. Offer our software and services

Based on the data collected via the registration form on our website, we will contact you directly to gather more information about your business and needs. This is to prepare technical and commercial proposals for the provision of services and software licensing that meet your expectations.

3.b. Formalize the hiring and billing of software and services

If you are interested in hiring our services and software, we will prepare the respective private instrument based on the data collected via the registration form on our website, also using the data of the legal entity of the contracting party and the banking data provided by you for billing the corresponding price.

3.c. Provide our services

If we are hired by you, we will use the personal data we collect to:

i. grant the user access to the features of our software and services;
ii. offer educational material, such as courses, guides, infographics, spreadsheets, handouts, webinars, e-books, and others;
iii. send communications, security alerts, updates;
iv. present other software and services and carry out marketing operations;
v. improve the user experience by operating, protecting, conducting functionality tests, maintenance, and continuous improvements in software and services;
vi. maintain the security and integrity of our services and software, prevent fraud, investigate legal, regulatory, and contractual violations, within the legal limits for such actions;
vii. conduct development research;
viii. storage and backups;
ix. consult and edit records, access the user’s account to make requested changes and provide assistance in using the features;
x. register/change the user’s payment methods, consult and manage the user’s financial situation, transfer subscription ownership, make refunds and/or charges, and issue invoices.

3.d. Satisfaction surveys and processing of demands

We may also use the personal data collected for opinion and satisfaction surveys related to our software.

Users may also entrust us with information and personal data to record suggestions, complaints, and resolve doubts through our customer service channels, before, during, or after using the software. In this case, we will use the data entrusted to us for the proper internal processing of these demands.

3.e. Provide support and solve problems

If you contact our technical support and/or seek help operating our software, it will be necessary to share temporary and authorized remote access with our team to the respective hardware on which the programs are installed. In this case, our team may have temporary access to information that may be sensitive to you and your clients. However, this data is not saved in our databases and is not accessible to our team after the end of the support service.

In this context, it is important for you to know that our employees, partners, representatives, and agents are bound by the obligation of confidentiality and confidentiality and all other obligations assumed by Optimal for its clients in this Privacy Policy, under penalty of various sanctions. All of this is to ensure to our clients and users that their data and information will remain secure and confidential, even if it is necessary to share them with us.

3.f. Other hypotheses, which will be duly informed and authorized

We will request your authorization before using your data for purposes not specified in this Privacy Policy.

4. What resources do we use to protect your data?

The data operator responsible for storing and safeguarding your information is the Microsoft Azure data center (https://azure.microsoft.com), a cloud platform subject to the world’s strictest security and compliance standards, such as ISO 27001, ISO 27018, SOC 1, SOC 2, SOC3, FedRAMP, HITRUST, MTCS, IRAP, and ENS.

This means that Azure is also responsible for processing the data and information entrusted to Optimal by you, and is subject to the privacy laws of our country.

In addition, we use various technologies to process your data, such as:

– Secure connection in all communications (encrypted with TLS v1.2);
– Encrypted database (Data at rest encryption);
– Individualized database (for each client);
– Firewall to block unauthorized traffic;
– Encrypted disks (SSE with PMK);
– Use of the PBKDF2 method for storing password hashes;
– Authentication control on all services with critical information;
– Authorization control for granular access restriction.

With this, we protect you and Optimal – as much as possible – from unauthorized access, alteration, disclosure, unauthorized destruction, and other incidents with the data we collect and store.

However, it is important for you to know that no security system is infallible. Some situations escape the control of even the most sophisticated security systems, such as the Azure data center. Due to the nature of the internet service, the risk of incidents with data exists, albeit small, and is inevitable. In this scenario, our conduct is to invest in the best systems and technologies to mitigate and control this risk, making our services reliable.

5. Storage and disposal of personal data

The data entrusted to Optimal will be stored for a sufficient period to exhaust the purpose for which they were collected, as detailed below:

i. if for compliance with a legal or regulatory obligation, for the period indicated in the respective regulation;
ii. if for the fulfillment of a contract, until the achievement of the objectives of the respective contractual relationship; and
iii. if based on legitimate interest, which will always be preceded by a privacy impact assessment and carried out within the limits of the purpose that justifies it, until the respective interest ceases.

Optimal will permanently delete all personal data of users related to the client, and also any information about the client itself, after the termination, for any reason, of the respective contract, unless the storage of this personal data and information is necessary to comply with a legal or regulatory obligation, in accordance with article 16 of the General Data Protection Law, in which case the data subject will be informed.

6. Rights of data subjects

You have the power of decision and choice regarding the data we collect and how they are used. To exercise this right, contact us at any time through our communication channel: dpo@optimal.com.br.

It is important for you to know that the General Data Protection Law – LGPD (Law 13.709/2018) defines as personal data subject to protection any information related to an identified or identifiable natural person [1].

Based on this definition, the Law – in summary – ensures the data subject the right to privacy and informational self-determination.

This means that those who collect your personal data must keep them confidential and use them exclusively for the purpose for which they were collected, maintaining transparency and ensuring you total control and influence over the trajectory of the data in the collector’s systems, databases, and records, from entry to exit, including circulation, sharing, and storage of this information.

Therefore, the Law establishes that the data subject of personal data – upon request at any time [2] – has the right to:

– entrust or not entrust your data to Optimal;
– obtain confirmation about the processing of your data;
– update, correct, anonymize, and request access to your data;
– restrict or object to the processing of your data;
– export your data to another service;
– delete your data.

To facilitate the exercise of these rights, Optimal provides the following communication channel, exclusively for this purpose: dpo@optimal.com.br.

7. Responsibilities of data subjects

Without prejudice to other obligations provided in this Privacy Policy, to make the best use of Optimal’s software and services, you also need to be committed to the security of your data by adopting the following behaviors:

i. ensure the exclusivity of your access to the software (login and password), not revealing your login and/or password to third parties;
ii. entrust Optimal with credit card information and/or passwords of any nature exclusively through the form available on our website;
iii. inform us about any suspicion or finding of an incident with your personal data and/or violation of the Privacy Policy, including unauthorized access to your account, suspicious movements, etc., through the channels informed in the preamble of this Privacy Policy;
iv. consult us, through the channels informed in the preamble of this Privacy Policy, whenever you receive information or notices about promotions, campaigns, and surveys received by email, to verify their veracity;
v. provide true, honest, and complete information, being responsible for any incorrect or false information;
vi. be responsible for all data from third parties (e.g. personal data of your clients, your accountant, supplier, service provider, etc.);
vii. inform us about any changes to the data entrusted to us since the information provided by you will be considered correct, authentic, and sufficient for the fulfillment of this Privacy Policy.

For security reasons, we reserve the right to suspend or cancel the user’s account in case of suspicion or non-compliance with this Privacy Policy, without prejudice to other possible judicial and administrative measures necessary for the reimbursement of any damages.

8. Does Optimal share my data with third parties?

We do not share with anyone information that can identify you personally, except in the cases described below:

8.a. With your authorization

Occasionally, Optimal may express interest in sharing your personal data with third parties for a specific purpose. In this case, we will contact you before sharing to clarify your doubts and, if convenient, obtain your written consent for this.

If, even after our contact, you do not feel comfortable consenting to the sharing, it’s okay. Optimal will keep your personal data confidential, without sharing it with anyone, and without any consequences for your decision.

8.b. Legal Grounds for Data Sharing

Occasionally, Optimal may be judicially subpoenaed or compelled by an administrative authority to disclose and/or share your personal data. In such cases, we are obligated to do so if we believe, in good faith, that access, use, preservation, or disclosure of the information is reasonably necessary to:

– Comply with any applicable legislation, regulation, legal process, or governmental request;
– Detect, prevent, or address fraud, technical issues, or security problems;
– Protect against harm to the rights, property, or safety of Optimal, our clients, suppliers, partners, employees, or the public, as requested or permitted by Brazilian law.

If Optimal undergoes a merger, acquisition, incorporation, or sale of assets, we will continue to ensure the confidentiality of your personal information and will notify you before they are transferred or subjected to a privacy policy different from this one.

Optimal may also process personal data of users and personal data of third parties inputted by users into our software to fulfill legal and/or regulatory obligations, sharing personal data with public authorities. Examples of this type of processing include:

– Issuing invoices, sharing with the Federal Revenue Service: Name, CPF (Brazilian ID number), address, corporate email, and telephone;
– Filling out service books, performed services books, fiscal integration, filling out DAS – sharing with the Federal Revenue Service: CPF eventually informed in the invoice;
– Accreditation with the Federal Revenue Service – name and CPF of the contracting entrepreneur’s partner;
– Issuing DRE, balance sheet, ledger, daily book, or fixed asset report – sharing with the Federal Revenue Service – name;
– Filling out SEFIP, GRRF, CAGED, DIRF, RAIS, and other labor obligations – sharing with the Ministry of Labor and Employment.

Additionally, personal data may be processed:

– For internal and external audits, for validations of information security issues, seeking confidentiality and anonymization of this data to the extent possible;
– To comply with legal requests from public authorities.

8.c. Sharing with Suppliers, Partners, and Service Providers

For the proper provision of our services, Optimal may share user data with service providers involved in various processes, such as:

Cloud information storage;
Verification of user identity for fraud prevention and credit risk assessment;
Verification of information compared to public databases;
Research, development, and maintenance of applications;
Provision of Optimal services through third-party platforms and software tools (e.g., through API integration);
Marketing promotion, including social media advertising services, lead prospecting, and data analysis;
Consulting and advisory services in accounting, legal, administrative, and process and people management;
Processing and ensuring payment security.
Optimal’s service providers have limited access to user data to perform specific tasks and are contractually and legally obligated to observe the guarantees assumed by Optimal in this Privacy Policy toward data subjects.

9. Data Protection Officer (DPO)

We have appointed a person from our team to handle requests related to personal data, aiming to facilitate our interaction with you regarding the management and control of the information entrusted to us by clients. Through the channel described in the preamble of this Privacy Policy (reproduced below), you can contact Ricardo Prado Amaral, who is our Data Protection Officer (DPO), whenever you want to exercise your rights, request information, and/or provide feedback and suggestions solely related to the treatment that Optimal provides to your personal data: dpo@optimal.com.br.

The main responsibilities of the Data Protection Officer include:

– Managing and monitoring the implementation of our Privacy Policy;
– Developing, maintaining, and proposing improvements to the Privacy Policy and its related processes;
– Ensuring compliance with the provisions of the Privacy Policy;
– Monitoring Optimal’s level of compliance with the Privacy Policy;
– Facilitating the relationship between data subjects and the National Data Protection Authority (ANPD) with Optimal;
– Receiving and addressing data subject requests and inquiries, and
– Preparing Reports on the Impact of Personal Data Protection, with an assessment and review of the risks involved.

10. Updates to this Privacy Policy

This Privacy Policy applies to all software and services offered by Optimal and may be periodically amended at our sole discretion. However, we guarantee that such occasional changes will not diminish your rights without your express and written consent. We will always indicate the dates of changes on our website and make old versions of this Privacy Policy permanently available. If the changes are significant, we will highlight a notice on our website and send notifications via email, all to provide publicity and visibility to these changes.

Feel free to contact us with any questions about this Privacy Policy.

Sincerely,

Optimal Technologies