Privacy Policy
- Introduction
CIMISA MÁQUINAS POZZER LTDA is committed to protecting the privacy and personal data of its customers, partners, employees, and website visitors. This Privacy Policy has been drafted in accordance with the Brazilian General Data Protection Law (LGPD – Law No. 13.709/2018) and aims to clarify how we collect, use, store, and protect your personal data.
Important: CIMISA DOES NOT SELL or trade personal data under any circumstances. All data collected is used exclusively for the purposes described in this policy.
- Data Collected
CIMISA collects personal data through various forms available on our website and through direct interactions with our clients. Below is a description of the data collected in each situation:
2.1 Contact Form
| Data Collected | Mandatory/Optional |
|---|---|
| Full Name | Mandatory |
| Mandatory | |
| Phone Number | Mandatory |
| Company/Organization | Optional |
| Message/Subject | Mandatory |
2.2 Quotation Request Form
| Data Collected | Mandatory/Optional |
|---|---|
| Full Name | Mandatory |
| Mandatory | |
| Phone Number | Mandatory |
| Company/Property | Mandatory |
| Full Address | Mandatory |
| Product of Interest | Mandatory |
| Desired Technical Specs | Optional |
2.3 After-Sales Form
| Data Collected | Mandatory/Optional |
|---|---|
| Full Name | Mandatory |
| Mandatory | |
| Phone Number | Mandatory |
| Equipment Serial Number | Mandatory |
| Purchase Date | Mandatory |
| Problem/Request Description | Mandatory |
| Attached Photos or Documents | Optional |
2.4 “Work With Us” Form
| Data Collected | Mandatory/Optional |
|---|---|
| Full Name | Mandatory |
| CPF (Brazilian Tax ID) | Mandatory |
| Mandatory | |
| Phone Number | Mandatory |
| Full Address | Mandatory |
| Resume (PDF) | Mandatory |
| Area of Interest | Mandatory |
| Professional Experience | Optional |
Sensitive Data: Submitted résumés may contain sensitive data such as health information, racial or ethnic origin. Such data is given special protection and is used exclusively for recruitment and selection purposes.
- Purposes of Processing
The personal data collected by CIMISA is used for the following purposes:
- Contact Form: responding to inquiries, providing product/service information, maintaining commercial communication.
- Quotation Form: preparing personalized commercial proposals, conducting credit analysis when necessary, monitoring sales processes, maintaining commercial history.
- After-Sales Form: providing technical support, managing warranties and technical assistance, improving products and services, maintaining service history.
- “Work With Us” Form: conducting recruitment processes, evaluating candidate profiles, maintaining a talent pool, communicating recruitment results.
- Legal Bases
The processing of personal data by CIMISA is based on the following legal grounds provided under the LGPD:
| Purpose | Legal Basis (Art. 7 LGPD) |
|---|---|
| Customer service and technical support | Contract performance (item V) |
| Preparation of quotations | Legitimate interest (item IX) |
| Marketing and commercial communication | Consent (item I) or Legitimate interest (item IX) |
| Recruitment processes | Consent (item I) |
| Compliance with legal obligations | Legal obligation (item II) |
Sensitive Data Consent: For sensitive data contained in résumés, processing is based on the specific consent for recruitment purposes (Art. 11, II, “a” LGPD).
- Data Sharing
CIMISA may share personal data under the following circumstances:
- Service Providers: hosting and IT infrastructure, logistics and transportation companies, maintenance and technical support providers, legal/accounting/technical consultants.
- Competent Authorities: when required by law or court order, for security investigations, or as requested by regulatory bodies.
All third parties handling personal data must:
- Sign confidentiality agreements,
- Commit to complying with the LGPD,
- Implement adequate security measures,
- Use the data strictly for contracted purposes.
- Security Measures
CIMISA implements technical and administrative safeguards to protect personal data:
- Technical Measures: data encryption (in transit and at rest), SSL/TLS certificates, secure backup systems, firewalls and intrusion detection systems, user-profile-based access control, continuous monitoring.
- Administrative Measures: staff training, internal security policies, physical access control, incident response procedures, regular security audits.
Incident Notification: In case of a data breach that may pose risks to data subjects’ rights and freedoms, CIMISA will:
- Notify the ANPD (Brazilian National Data Protection Authority) within 72 hours,
- Notify affected data subjects when applicable,
- Take immediate mitigation actions.
- Data Retention
Personal data will be retained only as long as necessary to fulfill the purposes for which it was collected, as shown below:
| Data Type | Retention Period | Justification |
|---|---|---|
| General contact data | 5 years after last contact | Commercial relationship & legal obligations |
| Customer data | 10 years after contract end | Warranty, technical support, fiscal obligations |
| Candidate résumés | 2 years after submission | Talent pool for future opportunities |
| After-sales data | 10 years after service | Technical history & warranty |
| Access logs | 6 months | Security & incident investigation |
After retention periods expire, data will be securely and irreversibly deleted, unless legal obligations require longer retention.
- Data Subject Rights
Under the LGPD, you have the following rights:
- Confirmation of processing activities
- Access to your data (copy of processed data)
- Rectification of inaccurate/incomplete data
- Anonymization, blocking, or deletion of unnecessary or unlawful data
- Data portability
- Deletion of personal data when applicable
- Information on data sharing (third parties)
- Withdrawal of consent at any time
How to exercise your rights: Contact us via contato@cimisa.com.br with the subject line “LGPD Request”, providing: full name, contact e-mail, right you wish to exercise, and documents proving your identity.
Response timelines: acknowledgment within 72 hours; full response within 15 days (up to 90 days in complex cases, with justification).
- Cookies & Tracking Technologies
Our website uses cookies and similar technologies to improve user experience.
- Essential Cookies: site functionality (session-based)
- Performance Cookies: usage analytics and improvements (2 years)
- Functionality Cookies: user personalization (1 year)
Cookie management can be done via browser settings (Chrome, Firefox, Safari, Edge). Disabling essential cookies may affect site functionality.
- Data Protection Officer (DPO)
For matters related to data protection, contact us at:
E-mail: contato@cimisa.com.br
Subject: “LGPD – Data Protection Officer”
Business hours: Monday to Friday, 8:00 AM to 5:00 PM
Responsibilities: act as communication channel with data subjects and ANPD, provide staff guidance, monitor compliance with this policy, ensure LGPD adherence.
- Policy Updates
This Privacy Policy may be updated to reflect: changes in data processing practices, applicable legislation, new website features, or improvements in security processes.
- Significant changes will be communicated via: highlighted notice on our website, and/or e-mail to registered customers (when applicable).
- Continued use of our services after updates constitutes acceptance of the revised policy.
CIMISA MÁQUINAS POZZER LTDA
CNPJ: 90.779.299/0001-17 | Tapejara/RS
Document issued on 11.08.25
