Instagram Linkedin

Privacy Policy

Objective

Your privacy is important to us. It is CAST's policy to respect your privacy regarding any information we may collect from you. This policy applies when we act as a data controller or data operators in relation to the personal data of users of our Services. It aims to give you guidelines about Personal Data and how we will treat it. It applies to
individuals who interact with CAST services such as customers, employees and people who access our pages and services ("you"). This Policy explains how your Personal Data is collected, used and disclosed by CAST ("CAST", "We", "Us"). It also tells you how you can access and update your Personal Data and make certain decisions about how your Personal Data is used. This Policy covers our online and offline data collection activities, covering the Personal Data we collect through our various channels, including websites, apps, third-party social networks, Service, Sales and Events. Please note that We may aggregate Personal Data from different sources (website, offline event). As part of this, We combine Personal Data that was originally collected by different CAST entities or CAST partners.

NORMATIVE REFERENCES

  • NBR ISO 9001 - Quality Management System.
  • General Personal Data Protection Law (LGPD) - LAW No. 13.709, OF AUGUST 14, 2018.
  • Marco Civil da Internet - LAW No. 12.965, OF APRIL 23, 2014, establishes principles, guarantees, rights and duties for the use of the Internet in Brazil.

AREAS INVOLVED

All areas of CAST, all group companies and their customers or users, browsers of CAST pages or services.

DEFINITIONS

LGPD - General Data Protection Law - Law No. 13,709, of August 14, 2018.

ANPD - National Data Protection Authority - This is the body that will supervise and guide the application of the LGPD, as well as being responsible for applying administrative sanctions in the event of a breach of the law.

Legal Basis for Processing - The processing of Personal Data is permitted by the LGPD in accordance with the legal bases provided, such as the consent of the Holder, the fulfillment of legal and/or regulatory obligations
by CAST, the existence of a contract between CAST and the Holder, as well as legitimate interests of CAST or the Holder.

Biometrics - A measurable physical characteristic or personal behavioral trait used to recognize or verify a person's identity. Facial images, fingerprints and
iris samples are examples of biometrics.

Consent - This is the free, informed and unequivocal expression by which the Data Subject agrees to the processing of their Personal Data for a specific purpose.

Personal Data - Any data relating to an identified or identifiable natural person, such as: IP, geolocation, name, ID, CPF, address, telephone number, bank account, vehicle data, among others
.

Sensitive Personal Data - Personal data that includes racial or ethnic origin, religious conviction, political opinion, trade union membership, data relating to health or sex life, genetic data or biometric
.

Purpose - The reason or motivation for processing Personal Data.

Legitimate Interest - Processing of data carried out by the Controller, due to an interest of its own, of other companies or of society, without the processing affecting the rights and freedoms
individual of the Data Subject.

Free Access - The Data Subject's right to have access to all information regarding the processing of their Personal Data. 

Opposition - This is the Data Subject's right not to want their data processed. This right can be exercised in certain specific situations.

Security - means the use of technical and administrative measures to protect Personal Data from unauthorized access and accidental or unlawful destruction, loss,
alteration, communication or dissemination.

Processing - Any operation carried out with Personal Data, such as: collection, production, reception, classification, use,
access, reproduction, transmission, distribution, processing,
archiving, storage, elimination, evaluation, information control, communication, transfer, dissemination or extraction.

Data Subject - Natural person to whom the Personal Data being processed refers.

Transparency - This is the guarantee to Data Subjects of clear, precise and easily accessible information on the performance of the processing and the respective processing agents, with due regard for trade and industrial secrets
.

Data minimization - Collects only the personal data necessary for the functionality of the product.

Right of data subjects - Right guaranteed to the user to access, correct and delete the data processed

Retention period - period in which data is stored and after a certain period deleted.

Cookies: As is common practice on almost all professional websites, CAST pages may use cookies. use cookies), which are small files downloaded to your computer to improve your experience. experience.

Cody: CAST's mascot for interaction with users, used in the ombudsman channel where users can make complaints, suggestions, ask questions or give compliments anonymously or with identification.

DOM: Diagnosis, Optimization and Metrics - Tool used to assess the behavioral profile of candidates for vacancies and employees for personal and professional development
at CAST.

PERSONAL DATA WE COLLECT ABOUT YOU, HOW WE COLLECT IT AND ITS PURPOSE

Depending on how you interact with CAST (online, offline, by phone...), we collect various types of information about you, as described below:

- Personal contact information: this includes any information you provide to us that may enable us to contact you, such as your name, postal address, e-mail address, business address, social media details or telephone number.

- Account login information: Any information that is required to give you access to your specific account profile. Examples include your e-mail address, username, password in unrecoverable format and/or security question and answer, among others to effect your access to services provided by us.

- Technical information about the computer/mobile device: any information about the computer system or other device you use to access one of our pages, services or applications, the IP address used to connect your computer or device to the internet, the type of operating system and the type and version of the web browser, among other browsing information. If you access a page or application of CAST or one of its partners (such as: SAP, Zeus Point Locator, Microsoft Office 365, Microsoft Teams), the information collected will also include, where permitted, the device ID, geographic location and other similar device data.

- Website/communication usage information: as you browse and interact with our pages and services, We use automatic data collection technologies to collect certain information about your actions. This includes information such as which links you click on, which pages or content you view and for how long, and other similar information and statistics about your interactions, such as response times to content, download errors and length of visits to certain pages. This information is captured through automated technologies such as Cookies (Browser Cookies, Flash Cookies) and web beacons, and also via third-party tracking. You have the right to object to the use of such technologies.

- Market research and customer feedback. This includes information that you voluntarily share with us about your experience of using our products and services, through satisfaction surveys and other means that CAST uses to get feedback from its customers.

- Consumer/customer/collaborator-generated content: This refers to any content that you create and share with Us by email, on third-party social networks or by uploading to one of our websites or applications, including the use of third-party social networking applications such as Facebook, Instagram, among others. Examples include photos, videos, personal stories or other similar content and media. Where permitted, We collect and publish content generated by consumers/customers/collaborators in connection with a variety of activities, including contests and other promotions, website community features, engagement and third-party social networks.

- Content generated in Microsoft Teams: Refers to the recordings of Meetings and Live Events, collecting data such as: image, voice, IP address, name, e-mail address, geographical location and other connection information of all participants. You must be informed in the event invitation that it will be recorded and that the above data will be collected. When the Live Event is started, the recording starts automatically, making it necessary for the organizer/speaker of the live event to inform the participants that the content is being recorded, which may or may not include video images and voice of the participants. In the case of meetings, the organizer or participant who wants to start recording must ask the other participants whether or not they can record. They should also let the participants know as soon as the recording has started and ask them to give their consent so that it is recorded on the same video.

- Information from third-party social networks: This refers to any information that you share publicly on a third-party social network or information that is part of your profile on a third-party social network (such as Facebook, Instagram, Linkedin, among others) and that you allow the third-party social network to share with Us. Examples include your basic account information (e.g. name, email address, gender, date of birth, current city, profile picture, user ID, friends list, among others) and any other additional information or activities that you allow the third-party social network to share. We receive your third-party social network profile information (or portions thereof) whenever you interact with Us by tagging or mentioning Us through a third-party social network. To learn more about how your information from a third-party social network is obtained by CAST, or to opt-out of sharing this social network information, please visit the specific third-party social network's website.

 
- Financial and payment information: Any information that We need to fulfill an order/contract/billing, or that You use as billing or collection data. In any event, We or our payment processing service providers handle financial and payment information in compliance with applicable laws, regulations and security standards.

- Sensitive Personal Data : We do not intend to collect or process sensitive personal data in the normal course of our activities. When it is necessary to process your sensitive personal data for any reason, we will rely on your prior and express consent for any processing that is voluntary (e.g. Covid-19 prevention, biometrics for access to premises or point, for marketing purposes, among others). If we process your sensitive personal data for other purposes, we rely on the following legal bases: crime detection and prevention (including fraud prevention); and compliance with applicable law (for example, to comply with our diversity reporting).

 
- Children's Personal Data: We do not request or collect personal data directly from children and minors. However, CAST may collect personal data from children and minors through their parents or guardians directly, and with the explicit consent of at least one of the guardians for internal use (e.g. health insurance and other benefits and/or obligations). We may publish photos and names of children with their parents or guardians on social networks and/or by email in engagement campaigns and promotions with the express authorization of the guardian. 

COOKIES/SIMILAR TECHNOLOGIES, LOG FILES AND WEB BEACONS

In this Policy we will talk about Cookies and how you can manage your Cookie preferences. We will also provide detailed information on which Cookies are used and for what purpose. We will also talk about other similar technologies.

COOKIES (NAVIGATION TRACKERS)

How and why do we use Cookies? We use Cookies to improve the use and functionality of CAST's pages and services and to better understand how our visitors use them and the tools and services offered there. Cookies help us tailor CAST's pages and services to your personal needs, make them easier to use, receive satisfaction feedback and communicate with you from other places on the Internet.

- What types of Cookies can be used on the pages and services of CAST and its partners? 

We may use the following types of Cookies:

o Session cookies - These are temporary cookies that are deleted when you close your browser. When you restart your browser and return to the site that created the cookie, that site treats you as a new visitor.

Persistent cookies - These cookies remain in your browser until you delete them manually or until your browser deletes them according to the duration period set by the cookie. These cookies will recognize you as a returning visitor.

o Necessary cookies - These are cookies that are strictly necessary for the operation of a CAST page or service. They allow you to browse the site and use our features.
o Cookies that send us information about you - These Cookies are placed by us on a CAST or partner page and can only be read by that Site. They are known as "first party" Cookies.

 o Cookies that send information to other companies - These are Cookies placed on a CAST website by third parties (e.g. Facebook among others). They may use the data collected by these Cookies to anonymously send you targeted advertisements from other websites, based on your visit to the CAST website. e.g. if you use a social widget (e.g. Facebook icon) on a CAST website, it will record your "share" or "like". Facebook (being the company that placed the cookie) will collect this data.

- Managing your cookies/preferences: You should ensure that your computer settings reflect whether you consent to accepting Cookies or not. You can set your browser to warn you before accepting Cookies or simply refuse them. You do not need to have Cookies to use or browse most of CAST's and its partners' pages and services , although you will probably not be able to access all of their features in this case. By accessing the "help" button on your browser (e.g. Internet Explorer, Firefox, Chrome, among others) you can see how to enable, disable and clear cookies. You can also search for further actions. Remember that if you use different computers in different locations, you will need to ensure that each browser is set to your Cookie preferences. As the web beacon is part of a web page, it is not possible to use the "Disallow" feature in relation to that beacon, but you can make it ineffective by using the " Disallow" feature for Cookies placed by that beacon. In addition, where available, you can decide whether to allow Cookies to be placed on your computer or to opt-out of Cookies by visiting the following websites and selecting which company's Cookies you wish to refuse: http://www.aboutads.info/choices/#completed or http://www.youronlinechoices.eu/

Other similar technologies:

CAST or its partners' websites or services may also use other tracking technologies, including IP addresses, log files and web beacons, which also
help us to tailor our websites to your personal needs.

 
- IP addresses. An IP address is a number used by computers on the network to identify your computer every time you connect to the internet. We may record IP addresses for the following purposes: (i) technical problems the user visited on our website and how long they stayed on it); and, (ii) other navigation or click count data (e.g. website traffic report and unique visitor count).

 
- Web beacons. We may use web beacons (or transparent GIFs) on the pages or services of CAST and its partners. Web beacons (also known as "web bugs") are small sequences of code that allow the delivery of a graphic image on a web page for the purpose of transferring
data back to us. We use information from web beacons for a wide variety of purposes, including information about how a user responds to email campaigns (e.g. the time the email is opened, what link the user makes from the email), website traffic reports, unique visitor counts,
auditing and advertising and email reporting, and personalization. 

USES OF YOUR PERSONAL DATA (PURPOSES)

The following table describes the various purposes for which. We collect your Personal Data, and the different types of Personal Data we collect for each purpose. Please note that not all of the uses below will be relevant to all individuals.

 

DISCLOSURE OF YOUR PERSONAL DATA

By using, registering, contracting or interacting with CAST, you acknowledge that the personal data You provide to CAST through the Services or our products may be available to operators around the world, since, to ensure the security of your data, We share it, when necessary, with the following types of third-party organizations:

- Service providers. These are external companies that We use to help Us operate Our business (e.g. employee information, supplier information, fulfillment of
orders, payment processing, fraud detection and identity verification, website operation, market research companies, support services, promotions, website development and data analysis.

STORAGE AND/OR TRANSFER OF YOUR PERSONAL DATA

- Measures we expect you to take: It is important that you also play a role in keeping your Personal Data secure. When you create an online account, a password on one of our systems, among others, please make sure you choose a password that is difficult for others to guess and never reveal your password to other people. You are responsible for keeping this password confidential and for any use of your account. If you use a shared or public computer, never choose the option to remember your login ID, e-mail address, login or password and make sure that you log out of your account whenever you leave the computer/device. You should also use any privacy settings or controls that We provide on our website, services or applications.

PROCESSING OF PERSONAL DATA

CAST may process the personal data collected for:

- Carrying out environmental and social responsibility projects and activities;
- Carrying out fraud prevention processes;
- Carrying out customer service and relationship activities;
- Selling products and/or services;
- Carrying out marketing activities aimed at attracting new customers;
- Profile analysis (profiling); - Analysis of indicators and metrics;
- Granting benefits;
- Recruitment and hiring and training processes;
- Carrying out contractual activities related to the products and/or services purchased;
- Compliance with legal and regulatory obligations;
- Credit analysis;
- Risk analysis;
- Carrying out research and various statistical surveys;
- Responding to requests from clients, former clients and prospects;
- Improving the products and services offered;
- Complying with the determinations of competent authorities;
- Making automated decisions (including the creation of profiles) for the purpose of calculating
premiums and personalizing its products/services to suit the needs of those who
use our digital platforms.
- Legal processes

 

Legal proceedings

CAST may also use the information collected anonymously, without the possibility of direct or indirect association with specific people who use our platforms, in order to improve and personalize the products and/or services we provide.

YOUR CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR PERSONAL DATA

The following mechanisms give You the following control over Your Personal Data:

- Cookies/Similar Technologies: You manage your consent through our consent management solution or your browser, to refuse some or all Cookies/similar technologies, or to alert you when they are being used.

INSTITUTIONAL COMMUNICATION TOOLS AND VIDEO CALLS (MICROSOFT TEAMS AND BLUEJEANS)

Third-party software used for communications may collect data such as image, voice, IP address, name, e-mail address, geographical location and other connection information from all participants.

Live Events (Live / Webinar)

By default, when the Microsoft Teams Live Event is started, the recording is started automatically, making it necessary for the organizer/speaker of the live event to inform the participants that the content is being recorded. By staying in the Live Event, you agree to the collection of this information. The content of the recording may be used in other opportunities and/or promotions.

Meetings

By default, recording is disabled. If recording is required, the organizer must request permission to record the meeting from the participants before the recording begins and inform them as soon as the recording starts that it is being recorded. 

By remaining at the meeting, participants agree to the collection of this information. The content of the recording may be used in other opportunities and/or promotions.

By sending your data to our communication channels listed below, you agree to the processing of the personal data sent in order to respond to your requests, complaints, evaluations, reports and compliments.

- Talk to HR: This communication channel is intended for employees and former employees to communicate with CAST's Human Resources area, to make the most diverse requests. 

Information that is sent voluntarily by the requester is processed by the various areas responsible for responding to the request, according to its content and content. 

By sending an e-mail to Posso Ajudar possoajudar@castgroup.com.br, former employees are informed that they have 24 working hours to agree to their data being processed. If the former employee disagrees with
or does not reply within 24 working hours, all the data sent will be permanently deleted and the request will not be answered. If they agree to the processing in accordance with the terms of the LGPD (Law No. 13,709/18), as well as the collection and processing of personal and/or sensitive data necessary to fulfill their request, the ticket will be forwarded to the team responsible for handling and resolving it.

- Talk to Cody: A CAST ombudsman page where, using a form, users can make reports, complaints, compliments and criticisms to CAST, either anonymously or with identification. The
information is provided spontaneously by users and will be dealt with by the responsible CAST team according to its content.

- DOM: A tool used by the Recruitment teams and the People Development team to select internal and external candidates and build an Individual Development Plan. It collects behavioral profile data by filling in a questionnaire that can be accessed via a link sent by our team, after identifying who is filling it in.

NON-INSTITUTIONAL COMMUNICATION TOOLS AND VIDEO CALLS (WHATSAPP, TELEGRAM, FACEBOOK MESSENGER, SKYPE, FACETIME, WEBEX, GOOGLE MEETING, ZOOM, AMONG OTHERS)

Unofficial communication tools are not allowed, except when used with partners. The tools they provide must be authorized in advance by Corporate IT and must comply with the LGPD. In such cases, when using them, the recommendations of the institutional tools must be followed.

Changes to this Policy

If We change the way We handle your Personal Data, We will update this Policy. We reserve the right to make changes to our practices and this Policy at any time. Please check back frequently to see any updates or changes to our Policy.

Form of contact

For questions, comments or complaints about this policy and our privacy practices, please contact Arthur Juan Moragas (Data Protection Officer - DPO) at lgpd@castgroup.com.br.

Contents
Links
Linkedin Instagram Youtube Facebook Spotify

Copyright 2025 - Cast Informática S.A. - All rights reserved