Privacy Policy

Welcome to the Privacy Policy of WePayment Instituição
de Pagamento Ltda., simply WePayment.

We are committed to protecting your privacy! This Privacy Policy explains how we collect, use, disclose and protect your personal information and respect your rights under applicable law when you provide your information on our website.

1. WEpayments's commitment to protecting privacy

Privacy is among the fundamental rights of the individual. It is protected by Brazilian law and consists of your ability to control the exposure of information about your personal life, your intimacy, and the availability of information about yourself, to rectify, ratify or delete these, and to protect the confidentiality of your communication, your home, your image, honour, and reputation to third parties.

Considering you and your business valuable, WEpayments is committed to the Security and Privacy of Information and maintains the quality, privacy and security offered to its clients, staff, and partners.

Therefore, WEpayments strives to ensure compliance with national legislation and regulatory acts in maintaining appropriate policies, procedures, work instructions and technical measures to protect the privacy of personal data under their responsibility.

This Privacy Policy constitutes WePayment’s commitment to processing personal data, whether digital or physical, obtained directly from the data holder or third parties.  

By accepting this Privacy Policy, you freely and expressly agree to the terms herein, directly or through your legal representative, who must also be aware of the rules.

Thus, we would like you to learn about and become familiar with how we handle your data.

We recommend you carefully read this Data Privacy Policy to ensure that your decision to allow or refuse the collection and processing of your personal information and to keep it with us is free, enlightened, and voluntary.

2. Purpose

The purpose of WEpayments is to establish the principles for the security and privacy of its users’ data (“Users”), which is eventually collected and processed as a result of the User’s access to the online system available at https://wepayments.com.br, and the services and products provided by it. Hence it establishes the WEpayments Privacy Policy (“Privacy Policy”).

3. Who we are

WEpayments Instituição de Pagamento Ltda. is a fintech company specialised in instant payments. It is an electronic Foreign Exchange (eFX). A payment institution that handles payments and billings on behalf of third parties founded by seasoned professionals with many years of experience in the domestic and cross-border payment industry specialising in transactions involving high volumes of payments.

3.1. Personal Data Controller

The Controller is responsible for deciding on the central issues for handling personal data and establishing how it will be processed. These decisions include the instructions to contracted operators for carrying out particular processing of personal data.

Article 5, Section VI of the Brazilian General Law on the Protection of Personal Data (LGPD) defines a Controller as a “natural or legal person, governed by public law, responsible for decisions regarding the processing of personal data.”

WEpayments acts as a Controller regarding its staff’s data and when supplying its products or services to its clients, essentially for payment and billing transactions, under the provisions of this Policy.

 

 

WEPAYMENTS INSTITUIÇÃO DE PAGAMENTO LTDA.

Address: Rua Francisco Rocha, nº198, Batel, CEP 80420-130,

Taxpayer registration number (CNPJ): 32.708.748/0001-30,

 

It is, therefore, essential to highlight that WEpayments Instituição de Pagamento Ltda handles your data as described in this Policy.

For any questions about handling/processing your data, you may contact our client service channel, as mentioned in item 3.3. Personal Data Supervisor of this Privacy Policy.

 

3.2. Personal data operator

The Operator is responsible for handling data on behalf of and according to the purpose defined by the Controller.

According to art. 5, section X of the LGPD, it is the natural or legal person of public or private law who handles personal data on behalf of the Controller.

The Operator is responsible for handling personal data according to the instructions provided by the Controller, who will verify compliance with its instructions and the regulations on the matter.

As the responsible party for processing this data, the Data Operator may only process the information for the previously established purpose, either in this Policy or in an appropriate document.

Data Operators have the following obligations:

(i) Follow the Controller’s instructions.

(ii) Sign agreements that establish, among other matters, the framework of activities and responsibilities with the Controller.

(iii) Notify the controller in case of contract with sub-operator(s).

Accordingly, for WEpayments clients, WEpayments will always act in the Operator role.

3.3. Personal data supervisor

The Personal Data Supervisor is responsible for ensuring that an organisation, whether public or private, complies with the Brazilian General Law on the Protection of Personal Data (LGPD).

According to § 2 of Art. 41, it is the Supervisor’s duties:

● Accept claims and communications from data holders, provide clarifications and adopt measures.

● Receive communications from the national authority and adopt measures.

● Guide the entity’s staff and contractors regarding the practices to follow related to the protection of personal data. And

● Perform other duties determined by the Controller or established in complementary rules.

You can contact our data supervisor below to answer and/or resolve any queries you may have regarding WEpayments’s handling of your data:

 

DATA PROTECTION OFFICER

Alberto Pereira

E-mail: privacidade@wepayout.co

4. Our principles for the protection of your personal data

In compliance with current regulations, especially the Brazilian General Law on Data Protection, we have established ten principles for data processing at WEpayments:

 

i. Lawfulness: we will use your personal data only if:

▪  we receive your permission,

▪  it is necessary to carry out an agreement in which you are a party,

▪  it is required to fulfil a legal obligation,

▪  it is necessary for the protection of your vital interests,

  we have a justified interest in using personal data without impairing your freedom or interests,

▪ if the Controller (our client) takes responsibility for obtaining the corresponding measures to comply with the Brazilian General Law on the Protection of Personal Data.

ii. Honesty: we will explain why the data we collect is useful to us.

iii. Specific purposes and data reduction: we only collect personal data that is genuinely necessary. If we can achieve the same result using less data, we will prioritise using only specific data.

iv. Transparency: we inform how we use people’s data.

v. For people whose data we collect, we make it easy for them to exercise their rights: to access, rectify and delete their information and to object to handling their data.

vi. Duration of data storage: we store data for a limited time.

vii. We guarantee data security, i.e., data integrity and confidentiality.

viii. If a third party must use personal data, we will take steps to ensure that they are committed to protecting that data.

ix. If we need to transfer data beyond the Brazilian Territory, we will work to ensure that this transfer has the necessary legal support.

x. If data becomes jeopardised (lost, breached, damaged, unavailable, etc.), we will notify the competent data protection authorities and the affected parties if the breach threatens to undermine the freedom and rights of the data holders seriously.

In summary, WePayment is committed to collecting and processing only Users’ data with one or more legal grounds for processing and is strictly necessary for the rendering of the services hired by such Users.

Focusing on the security of the information provided by the Users, WEpayments will provide a modern data processing system and commits to constantly evaluating the security and privacy procedures involved in the WePayment System to ensure they are up to date with the most current techniques.

5. Our solutions

WEpayments focuses on different payment solutions via bank transfer, payments and billing via PIX QR Code, billing via bank slip and validation of bank data.

Our solutions offer payments via Pix, Bank Transfer, billing via PIX or Bank Slips, and payments visibility, besides the previous validation of bank data for payments with less risk of inconsistencies, refunds, and automatic and daily reconciliation.

For the users of systems developed by WEpayments, this document shall be construed together with the Terms and Conditions of Intermediation and Payment Management Services of each solution provided.

We emphasise that the Users shall use the WEpayments System and the services provided by WEpayments for the purposes provided in the corresponding agreements and applicable terms and conditions of use. It is forbidden to use them for illegal, improper, or unauthorised purposes or in a manner that infringes the rights of third parties.

6. Definitions

For this Privacy Policy, the following shall mean:

 

i. ACAM: The file containing the registration processing details and the cancelled transaction records. The document is sent to the Central Bank through the File Transfer System – STA.

ii. API: These are how two systems communicate. API is an acronym for Applications Programming Interface.  

iii. Bank reconciliation: This is the breakdown of the financial control of payments processed through the WEpayments system with all bank account inflow and outflow information

iv. Business continuity: The organisation’s ability to continue delivering products or services at a previously defined acceptable level after disruptive incidents.

v. Categorisation of information: Categorisation of information: How information handling within WEpayments is organised and equivalent to the so-called “classification of information” in other companies to guarantee consistency and coherence in data and information handling.

vi. Client: A natural or legal person maintaining a commercial relationship with WEpayments, through contract.

vii. Confidentiality: The guarantee that the information is only available to authorised persons.

viii. Cross-border Payment: Is the flow of payment between different countries.

ix. Due diligence: A preliminary assessment of a business opportunity considering the operation and transaction risks.

x. Exchange Bank: These are financial institutions authorised to make general foreign exchange operations and credit transactions linked to such operations.

xi. Fintech: According to the Central Bank, these companies introduce innovations in financial markets through the intensive use of technology, potentially creating new business models.

xii. Information Security: A series of practices and methods aimed at safeguarding the confidentiality, integrity and availability of information handled within the organisation.

xiii. Integrity: Ensuring the accuracy and completeness of the information and its processing methods.

xiv. Holder: The natural person owner of the processed personal data.

xv. Payment arrangement: According to the Central Bank of Brazil, a payment arrangement is a set of rules and procedures regulating the rendering of particular payment service to the public. The non-financial legal entities that provide payment arrangement services are known as payment institutions and are responsible for the liaison with the end-users of the Service. Financial institutions can also operate with payments.

xvi. Payment Gateway:  It is a system with the primary function of connecting and transferring information between a user and financial institutions (banking institutions, credit card operators and fintech companies) using a digital environment.

xvii. Partner: A legal entity with which WEpayments will have a reciprocal cooperation relationship through agreements, cooperation terms or similar.

xviii. Payin: Is the digital payment flow that begins with the payment of an issued billing.

xix. Payin Split: The digital payment flow of billing is split into a percentage or fixed amount among the participants of a marketplace ecosystem (marketplace and suppliers).

xx. Payout Remittance: This digital payment flow starts with sending financial resources between countries.

xxi. Personal data: Information regarding an identified or identifiable natural person.

xxii. Pix: This is the Brazilian instant payment method created by the Central Bank in which funds are transferred between accounts within seconds, at any time or day.

xxiii. Processing: any operation that involves personal data, such as collection, production, reception, classification, use, access, cross-checking, copying, transmission, distribution, processing, filing, storage, elimination, evaluation or control of the information, modification, communication, transfer, dissemination, or extraction.

xxiv. QR code: This is the technology evolving from the bar code in the payment process.

xxv. Remitters: These companies allow people and businesses to send and receive small amounts of money between different countries.

xxvi. SandBox: A platform for usability testing. In WEpayments‘s case, for the analysis of digital payment processing. 

xxvii. Sensitive data: Personal information on racial or ethnic origin, religious belief, political opinion, membership of a trade union or religious, philosophical or political organisation, information on health or sex life, genetic or biometric data, when associated with a natural person.

xxviii. Split Billing: The digital payment flow of billing is divided, in percentage or fixed value, between the participants of a marketplace’s ecosystem (marketplace and suppliers).

xxix. Term of use:  An electronic contract governing the rules, conditions, and limits of the services provided through WEpayments solutions.

xxx. Trader: This is the client hiring digital payment processing services.

xxxi. User: A legal entity or natural person (including representatives, authorised representatives or assignees authorised to handle payment instructions) who provides their personal information for processing by WEpayments.

 

7. Obtaining personal data

7.1. The Information you provide us

Comprising of:

  • Website Contact Data: Whether you contacted us through our website or requested a demo, you provide us with your first name, last name, telephone number, e-mail address, preferred language, company name, number of employees, job title or role, and an indication of the products you are interested.
  • Social Network Data: If you contact us through messages, chatbots or posts on our networks, or even on complaint sites, we will gather your data to identify you and answer or solve specific issues you may share with us and/or on social networks.
  • Usage Data: Data entered by users when accessing the platform and/or website that allows WEpayments to fulfil the agreed/required objective. In these cases, the User is responsible for accurately updating the information entered.
  • Supporting Data on WEpayments Solutions (companies/traders): When contacting our support team, we gather your name, e-mail address, phone number, company name, job title and contact level to provide the requested support, besides the information you share with us.
  • Supporting Data on WEpayments Solutions (End-client, Business Clients): When contacting our support team, we gather your name, taxpayer registration number, e-mail address, phone number, and bank details. Occasionally, we may also collect your address to provide the requested assistance, besides the information you share regarding the support.

7.2. What kind of personal information does WEpayments collect?

Considering the purposes of our solutions when using our services, we need the following information to help you enjoy our Services and to improve them further:

  • Identification Details: information about your identity, like full name, tax registration number, date of birth, mailing and e-mail address, mother’s name and telephone number.
  • Financial Data: bank and details for payment and bank details and information about the payment methods used by our clients.
  • Technical Data: your IP address, time and date of access, geographical location, data about the device you use to access the website and cookies.
  • Usage Data: information about how you use our Services, such as the shopping behavioural patterns and transaction volumes.
  • Biometric Data: includes information such as a photo of your documents.
  • Statistical or Demographic Data:  includes information and statistics that categorise users.

 

Biometric Data is the only sensitive information about you that we may intend to handle and exclusively to provide security to you and our Services. Do not worry; we will notify you when we need this information.

7.3. What information is generated when our client uses our services?

We collect and use the following information to provide the activities for which you hired us:

  • Access logs: WEpayments may automatically capture application access logs, including the IP address, with the date and time used to access our WPO Dashboard. We will only provide this data to third parties with your express consent or court demand.
  • Usage Data: We gather information about your interactions on the WPO Dashboard, such as your browsing, the pages or other content you access or create, your searches, and other actions.
  • Location related to the logged-in device: With your consent, we only gather information regarding your location through your logged-in equipment. And you may revoke your consent to share your position at any time.
  • Device Features: Like most applications, to function, WEpayments automatically collects data about your device’s specifications, including its operating system, version, language preference and token.
  • Communications with WEpayments: When you communicate with us, we collect your communication information, including metadata such as date, IP and time and all content of communications, together with any information you choose to provide.
  • Cookies and similar technologies: We use cookies – text files generated and stored on your browser by websites and online advertisements. Cookies are used to: remember your preferences and settings, understand your behaviours and interests, and focus our marketing campaigns and sharing, with the Marketing Agency and Google Analytics, in the case of our website, for such purposes. We suggest you check the privacy policies provided by such third parties.

7.4. How does WEpayments collect personal information?

You may provide us with Identification Details and Financial Data when using our payment processing Services. We may also collect your Personal Data when you contact us through our communication and client service channels. We may request Biometric Data to prevent fraud and security threats and confirm your identity.

We may automatically collect data, such as Technical Data and Usage Data, when you interact with our Services through cookies, logs in services, applications, software and similar technologies.

We may also receive your data from the clients you have transacted with.

Additionally, for your security and to improve our Services, we may receive your data from third parties and public sources, like companies introducing us to you, state agencies and service providers, including fraud prevention agencies.

7.5. Why does WEpayment collect personal data for?

We use your data for the following purposes, with their corresponding legal grounds, which authorise their processing:

Personal Data

Purpose

Legal Grounds

 

Identification Details

Financial Data

Technical Data and

 Usage Data

 

To provide our Services, including processing payments, chargebacks, and refunds, sending transaction notifications, identity checking, identifying and preventing fraud and security threats, data analysis, maintaining systems, hosting data and complying with our legal and regulatory obligations.

 

Legal obligation, fulfilling the Agreement with you and legitimate interest (developing and improving our Services, prevention and security when processing payments).

 

Identification Details

Financial Data

Technical Data and

 Usage Data

 

 

To analyse transactions and consumer profiles for behavioural analysis and to prevent fraud and security threats, to track and improve our performance and enhance our Services.

 

 

Legitimate interest (to develop and enhance our Services).

 

Identification Details

Financial Data

Technical Data

 Usage Data and

Biometric Data

 

 

 

To manage our relationship with you, through our communication and client service channels, which may involve procedures to confirm your identity and prevent fraud.

 

 

Legal obligation, contract compliance and legitimate interest (to develop and improve our services).

 

Name

E-mail address

 

 

To send direct marketing communications to you

via e-mail or text message.

 

Consent

 

 

All personal data to be processed is subject to one or more legal grounds. Consent, as a general rule, is not a legal basis for processing your personal data, except to send direct marketing communications. In these cases, the holder always has the right to revoke consent using the same means we send or through our privacy channel, which will be dealt with in a separate section.

Considering the purposes of our solutions, if you refuse to provide the personal data we require, we may not be able to provide the services properly due to the law or specific rules of the regulator or similar, or due to the terms of a contract with you.

7.6. Information from other sources

To provide our services, we must use data obtained through different channels, as addressed in this Privacy Policy, such as

a) the holders’ voluntary input when filling the registration form to hire services;

b) collecting data during the holder’s access on the WEpayments Platform;

c) obtaining holders’ data from partners, suppliers and service providers hired for specific purposes by WEpayments;

and/or, d) data entered into our solutions to provide services, such as:

i) bank transfers.

ii) payment orders.

iii) charges, among others.

8. Handling of personal data

The personal data under our responsibility and which we collected is handled for the intended purposes for which we collected them. We obtain the information either by interacting with us on our website, our social media pages, e-mails sent with the link to this Data Privacy Policy or through your communications with us online or in person.

We may also collect data from third parties, our clients, strategic business partners, public databases, and marketing partners.

Importantly, we will only use your data for the purposes we collected it for unless we consider the need to use it for another reason that is compatible with the original purpose.

We will notify you by explaining if it becomes necessary to process your data for a new purpose not originally listed.

Regarding data processing in automated form, i.e., without human intervention, we may process your information for fraud prevention and security threat purposes, besides deciding which marketing communications are suitable for you, statistical analysis, and risk assessment. It is based on our legitimate interest in protecting, developing, and improving our services.

9. How we use your information

All data and information collected will only be used for the intentions necessary to perform the hired activities related to their respective purposes.

Because we offer a service involving payment and financial transaction activities, we may jointly work with other companies to properly provide these services, including sharing your data.

We may share this information with other companies such as the same economic group, payment processors, fraud prevention agents, tax identification agencies, bulk e-mail forwarding platforms, and providers of card payment arrangements. We emphasise that we only share your data with companies that guarantee to comply with industry security standards.

We may also share your data with state and regulatory bodies for compliance with legal and other regulatory obligations to which we are subject in all territories where we provide our services.

We may also share your data to protect our, our clients or third parties’ rights, to protect legitimate interests or those of another person, to enforce our terms of use or other agreements, and to bring or defend legal claims.

We will NOT LICENSE, SELL, or TRANSFER your data to anyone for profit or contrary to this Policy.

9.1. Authorized uses

We may use your data to:

  • Allow you to access and use all the WEpayments Solutions features.
  • Send messages regarding support or Service, such as alerts, notifications, and updates.
  • Communicate about products, services, promotions, news, updates, events, and other matters.
  • Analyse user traffic and usage on our applications.
  • Perform targeted advertising.
  • Customise our services.
  • Create new services, products, and features.
  • Any purpose that you authorise at the time of data collection.
  • Comply with legal and contractual obligations.

 

Eventually, we may use data for purposes not provided in this privacy policy, but these will be within your legitimate expectations. The occasional use of your data for intentions that do not comply with this prerogative will be subject to your prior consent.

9.2. Deleting your data and retention period

We retain your data only for the time required to fulfil the purposes for which we collected them, including any legal or contractual obligations, accountability, or a request from competent authorities subject to the minimum period of five (5) years from the collection date of information. Such retention period complies with Article 11 of the Circular of the Central Bank of Brazil – BACEN No. 3461 of 24 July 2009, and the provisions of Article 195, caput and sole paragraph of the National Tax Code.

We consider the amount, nature, and sensitivity of the personal data to determine the appropriate storage period for personal data. Also, the potential data risk arising from unauthorised use or disclosure of your data, the purpose for which we process your personal information and whether we can achieve such objectives through other means.

Specific data will be deleted or subject to becoming anonymous if it is no longer necessary for achieving a particular purpose.

Should you request we delete your information, we will do so as soon as the aforementioned legal retention period has elapsed, unless its retention is required by legal obligations or at the request of a competent authority.

9.3. Monitoring

WEpayments reserves the right to monitor all its platforms, primarily to ensure the compliance of the rules outlined in our Agreement or that there is no violation or abuse of applicable laws.

9.4. Deleting a user

Regardless of the type of User, WEpayments reserves the right to delete a specific user if they breach the law and/or the Agreement is not respected.

9.5. Sharing

For this Service offered by WEpayments, such as payments and collections on behalf of third parties, we need to share personal data to perform the activity for which we were hired.

For example, Pix is a system of electronic money transfers where transmission of the payment order and the availability of funds to the recipient user occur in real-time, with operations 24 hours a day, seven days a week and every day of the year.

These transfers occur directly from the account of the paying user to that of the receiving User, with no intermediary being required and resulting in lower transaction costs.

The image below, extracted from the Central Bank of Brazil’s website, illustrates the flow of information on Pix.

Image 01 – PIX Flowchart

We act as a payment service provider by offering a transactional account or payment initiation services.

A Service Provider for payment initiation is an entity acting on behalf of a client holding a transactional account with a financial institution or an institution authorised to operate by the Central Bank, such as WEpayments, and not participating in its cash settlement.

On the other hand, a Direct Participant is an institution authorised to operate by the Central Bank, offer a transactional account to an end-user, and hold an Instant Payment account (Conta Pagamento Instantâneo – PI ) to settle instant payments.

An Indirect Participant is an institution providing a transactional account for an end-user but not the holder of an Instant Payment (IP) account with the Central Bank nor has a direct connection with the Instant Payment System (Sistema de Pagamentos Instantâneos-SPI). It uses the services of a settling agent in the SPI to settle instant payments.

The Reserve Transfer System (Sistema de Transferência de Reservas – STR) contains the following information: full name, taxpayer identification number (CPF), bank (institution participating in the SPI), branch, account No., type of account for the STR. The SPI contains: full name, CPF, bank, branch, account No., type of account and the account id – telephone, e-mail, virtual payment address (EVP).

In Pix, the Central Bank stores banking and personal data. The banking details refer to specific transaction information (payer, payee, amount, frequency, description). The transactions have the security mechanisms used for those processed in the STR for transfers (DOCs and TEDs), such as messaging and encryption, protected by the prevailing banking secrecy legislation.

Personal data, on the other hand, involves the payer’s and payee’s details. This information, such as name, CPF, telephone number or e-mail address, is kept in the Directory of Transactional Account Identifiers (Diretório de Identificadores de Contas Transacionais – DICT) for registration and maintenance of payment keys. The DICT has its mechanisms to safeguard its data from, for example, attacks to read the database.

Note that the Central Bank of Brazil – (BC) Is responsible for developing and managing the single, centralised addressing base and the single, centralised transaction settlement infrastructure, which operates 24 hours a day.

Source: https://www.bcb.gov.br/content/acessoinformacao/lgpd_docs/relatorio_de_impacto_a_protecao_de_dados_pessoais.pdf

9.6. Possible inclusion in negotiations

All the gathered data, information and content may be considered active for negotiations of which WEpayments is a part of.

9.7. Direct Marketing

WEpayments may treat your data to send you information about offers, products and services. We will only execute this information service and type of data handling with your consent, which will be duly requested from you positively and transparently when your data is collected via the specific form designed for this purpose or by subscribing to our online newsletter.

Therefore, with your consent, you will receive marketing communications via e-mail. You can cancel your consent at any time via the same e-mail.

Your details will be stored for the term following your consent or renewal of authorisation unless you decide to cancel your previously given consent.

9.8. Relationship with Staff / Suppliers / Service Providers / Third Parties

Within this scope, data processing is necessary to fulfil the agreements signed between WEpayments‘s clients and its clients, suppliers and/or data holders who carry out financial transactions, as described in this Policy.

If the data is unavailable, WEpayments cannot fulfil the contractual or even legal obligations required for each type of business relationship.

We will store the data intended for this purpose for the duration of the agreement/contractual relationship. However, this is without prejudice to compliance with legal provisions that may require a more extended storage period, for example, Article 195 of the National Tax Code, Article 14 of Resolution 474/2016 and Article 11 of Circular 3.461/2009, both of the Central Bank of Brazil.

We may also process the data obtained for this purpose to comply with regulatory or legal obligations and for the exercise of rights in legal proceedings.

Situations may occur where the purpose is linked to the existence of a legitimate interest by WEpayments. In this case, we will store the data for the necessary period to fulfil the legitimate interest.

10. The Rights of Personal Data Holders

The national legislation grants you several rights related to your data. One of them is the right to information about the purposes of the processing, retention times and transfers, as described in this Data Privacy Policy.

Additionally, you may request, at any time, access to the information we maintain about you, the rectification if the information is incorrect or incomplete, to delete or limit the existing processing, and if the data is subject to your consent and obtained in digital format, to its portability.

WEpayments is committed to processing your data carefully and in an organised manner to guarantee your rights. Before exercising your rights, you may have to provide proof of your identity to ensure your rights and freedom do not interfere with the rights and freedom of others.

Be advised that in specific situations and due to certain legal or police/judicial/litigation investigation requirements, your request may not be granted immediately or may even be subject to judicial deliberation.

 

10.1. Exercising the Rights of Personal Data Holders

We will respond to all requests within a maximum period of 30 days unless the National Authority for Data Protection decides otherwise, in which case we will respond within the period stipulated by the authority, except in the case of force majeure or impediment, which will be duly reported.

There is no charge for exercising your rights.

Furthermore, if you feel your rights were not safeguarded or guaranteed, you may file a complaint with the National Agency for Data Protection (Agência Nacional de Proteção de Dados – ANPD).

To ensure the confidentiality and protection of your data, we must identify you to respond to your request and validate your information. You must send us a copy of your official identification document, such as a driving licence or passport, together with your request. In this case, a black and white xerox copy will suffice.

It is a security measure to ensure that no personal data is disclosed to anyone not entitled to receive it. WEpayments may also contact you for further information regarding your request.

We will respond to all requests as quickly as possible and in compliance with applicable law.

  • Access: The data holder is entitled to request access to their personal data processed by WEpayments.
  • Rectification: You may request rectification if you detect or become aware of inaccuracies in your data processed by WEpayments.
  • Right to Exclusion or Erasure: You may request the exclusion of your data stored by WEpayments and processed with your consent, which are no longer necessary or relevant for providing services, provided that we have no other reason to retain them, such as to comply with a legal or regulatory obligation to store the data or to safeguard the rights of WEpayments.
  • Right to anonymisation, blocking or deletion: You may request the anonymisation, blocking or deletion of your data if you believe it is processed contrary to this Policy or in breach of applicable personal data protection legislation
  • Right to withhold consent: You can refuse to allow us to process personal data based on your consent at any time. However, if you withdraw your consent, we may be unable to adequately provide part of the services – the consequences of which we will explain to you
  • Right of Review: You may request a review of decisions based solely on automated processing if you believe they affect your interests.
  • Portability: Where data processing is subject to your consent or a digital contract signed with WEpayments and processed automated, you may request your data in a structured and computer-readable digital format.

Data inferred or derived from analyses of the personal information processed by WEpayments shall be excluded from this right.

Furthermore, in cases where a transfer between personal data operators is technically possible, the data holder may request the direct transfer to a different operator other than WEpayments.

  • Limitation: You are entitled to restrict the processing of your data, and it depends on the following situations:

–  A dispute to the accuracy of the data within a period allowing for its confirmation.

– If the data holder objects to the erasure of the information believed to be unlawfully processed, they can, instead, request the restriction of its processing.

– Should the data holder request not to delete the information for legal reasons or judicial defence in court proceedings, and it is no longer in WEpayments’s interest to process it

– If you object to the processing of the data and, pending the assessment, whether or not there are legitimate grounds from WEpayments’s side for further processing.

  • Objection: You can object to our handling of your data processed without your consent if you believe such processing breaches your rights. In these instances, we may have legitimate grounds to process your data according to this Policy and to provide our services.

All rights of data subjects specified above can be exercised upon request by clicking Here!

11. Managing suggestions, complaints and conflicts related to your personal data

You may need to contact WEpayments for a suggestion, complaint, or dispute regarding your personal data. You can contact us directly via telephone or by sending an e-mail to privacidade@wepayments.com.br.

WEpayments will handle the data requested in this ticked based on its legitimate interests and with your consent.

We will solely use the data collected for this Service to analyse and address your suggestion or complaint.

We will store the data collected for as long as necessary to resolve the complaint submitted, except for any statute of limitations in national law requiring more time.

12. Sharing of Personal Data

We may hire selected third-party companies and individuals to provide services complementary to ours, namely – consulting, data analytics, cyber security, data security, hosting, instant messaging, technical support, user engagement, marketing, and our business, compliance, financial and legal advisors. Depending on their specific roles and purposes in assisting and enhancing our Services, these Service Providers may have access to your data and may only use it for such purposes.

Given the nature of our services, we may share a Trader’s and/or its end users’ data with such Trader and the relevant Gateway(s) involved in the transactions, as well as the Gateway’s End User with such Gateway. We are not responsible for and do not control any further disclosure, use or monitoring by or on behalf of the Trader or Gateway that may act as the Data Controller of such information.

The data collected may be shared with our partners for the same purposes in this Policy.

12.1. International Transfer

WEpayments is located in Brazil, and your data is collected according to Brazilian law. However, we may transfer your details internationally to provide our services if the company hosting your information is located abroad, for example, in the USA.

Before we transfer your data internationally, we will ensure that it complies with the necessary level of protection required by this Policy. Additionally, we will only send it to countries or international organisations with adequate data protection or meeting WEpayments’s contractual standard clauses.

By using the services or submitting your data to WEpayments, you agree to the processing of such data in Brazil, Germany, Belgium, Canada, China, Denmark, USA, France, Ireland, Finland, Netherlands, Japan, United Kingdom and Singapore, where applicable, subject to the conditions set out above. 

In the event of investigations and proven legitimacy in this case, as well as by judicial determination, we may transmit your data to competent police or judicial authorities

13. Technical, organisational, and security Measures

To safeguard against accidental or unlawful destruction, unexpected alteration or loss, unauthorised access or disclosure of the personal data entrusted to us, WEpayments takes appropriate technical and/or organisational measures according to the applicable legal provisions.

There are technical measures such as up-to-date firewalls and antivirus systems and communication via encrypted protocols within WEpayments’s systems, together with organisational efforts such as regular password changes, system access monitoring and logging, and internal identity management procedures.

WEpayments is improving its internal controls and implementing an Information Security and Privacy Management System. All the personal data we are responsible for processing is handled with strict confidentiality, using internal policies and procedures for security and privacy, and updated according to the needs and legal changes that require it.

By default, WEpayments strives to ensure that the personal data subject to processing is the minimum necessary to meet the established processing purposes. Also, according to the internal identity management system, only duly authorised persons will have access to them.

Interaction with the WEpayments website occurs through secure communication channels using the HTTPS protocol and SSL security standard.

Staff is constantly informed and trained on the information security and data privacy measures available on the network and the legislation on data security and privacy.

Personal data is anonymised or pseudonymised whenever possible to minimise the risk of data leakage and the identification of data holders.

WEpayments has backup and data recovery systems which allow for the rapid replacement of systems and data in case of an incident.

The Information Security Management System is designed to safeguard the information, ensuring that the confidentiality, availability and authenticity of the data handled by WEpayments comply with the possible standards technically and/organisationally.

14. Information Security

All collected data is confidential, and only authorised persons can access it. Any such use will be under this Privacy Policy. WEpayments will use reasonable existing efforts to ensure the security of our systems and your data. Our servers are located in different locations to ensure stability and security and are only accessed through pre-authorised communication channels.

If it does not invalidate the use of the information collected, we will encrypted it whenever possible.

14.1. Data Security

In compliance with applicable legal provisions, WEpayments is taking appropriate technical and organisational measures to protect your personal data against destruction, loss or alteration, misuse and unauthorised access, modification, or disclosure in an unlawful or accidental manner. We therefore have implemented technical measures (such as firewalls, encrypted protocols and antivirus systems) and organisational measures (such as an identification system, regular password changes, restricted access to resources) to ensure the ongoing confidentiality, integrity, availability and stability of systems and processing services.

14.2. User Data Security

Regarding accessing, collecting, traffic and storing information, WEpayments will adopt the data encryption process that is in use, ensuring the Users’ privacy and data secrecy.

The collected data may receive non-automated treatment, in which case authorised and qualified personnel will have access to use and treat them, compliant and in adequacy with the purposes intended for its collection.

WEpayments is committed to taking all reasonable measures to ensure the absolute secrecy and strict confidentiality of User information and shall not assign, transform, provide directly or indirectly and/or allow access by third parties, in any way, to such information, without Users’ prior authorisation, except (i) the cases provided for in this Privacy Policy; (ii) the disclosure to companies belonging to the same group to which WEpayments belongs; (iii) disclosure due to judicial or competent authority determination; and/or (iv) in other cases provided by law or regulation applicable to WEpayments.

If WEpayments must disclose User information to comply with a law or court order, and to the extent that WEpayments should legally be prevented from doing so, we will notify Users of this obligation so they can take appropriate protective or restorative measures. Nevertheless, WEpayments will only disclose such information under the strict terms and within limits strictly required for its disclosure.

Notwithstanding the security measures adopted, WEpayments will not be liable for any losses arising from violating the obligations due to an event or situation not attributable to WEpayments. These include but are not limited to the action of third parties using public networks or the internet, obliterating the security systems to access the Users’ information, and in case of misuse of the WEpayments System by the Users.

14.3. Protecting Your Personal Data During International Transfers

For the purposes set out in this Privacy Policy, we may transfer your data to internal or external recipients in countries offering different levels of personal data protection.

Therefore, in addition to implementing specific policies and procedures, WEpayments will employ appropriate measures to ensure the safe transfer of your data between WEpayments companies or to an external recipient located in countries with different levels of privacy than the government collecting the personal data.

15. Use of Cookies

When you visit our website, and for better Service and more pleasant browsing, you will be required to accept the creation and storage of text files (Cookies) on your computer.

Cookies or similar trackers are data packets used to connect with the User’s browser and collect information about the navigation and interests of those visiting the website.

This information may contain, for example, the session ID, location, language, equipment used or the operating system.

During the cookie’s valid period, it stores status information when the browser accesses multiple pages of a website or when a browser returns to this same website.

15.1. Cookies

We use two cookies on our website: Session Cookies and Persistent Cookies.

  • Session: they are automatically deleted once you close your browser or our website.
  • Persistent: these remain on your device until the expiry date or until deleted using your browser tools.

 

Cookies (Session or Persistent) can be categorised according to their function:

  • Strictly Necessary Cookies: They allow navigation on the website, use of the applications, and access to the website’s secure areas. Without these Cookies, we cannot provide the appropriate services to operate the platforms.
  • Analytical Cookies: they collect anonymous statistical data to analyse the use of the platform and its performance.
  • Functionality or Optional Cookies: these ensure the availability of additional website functionalities or save the preferences set by the User when using the platform every time they use the same device
  • Marketing Cookies: they target advertising according to the User’s interests, helping to measure application success and the effectiveness of third-party advertising.

15.2. Purpose of Cookies

This technology is used for the following purposes and collects the following personal data:

  • Manage the authentication of those who visit us online, together with using security measures in the booking request and navigation, ensuring the proper functioning of the authentication module.
  • Track who visits us through location markers, thus learning more about our visitors and enabling us to customise our services.
  • Identify users through their social media, enabling us to send, with your consent, personalised information about the type of services which may be of particular interest to you (if your social media session is open when you visit us).
  • Learn about our website’s performance and ensure its updates and navigation improvements by meeting the expectations of those visiting us online.
  • Optimise your browsing experience by simplifying it, particularly determining your favourite navigation routes.
  • Obtain usage statistics in an aggregated form without identifying the individual data holders originating such information.
  • Allow you to access your pages faster by storing the data or login information you have previously entered.
  • Adjust our website to your chosen browser to visit us.

 

This text file will allow you to easily access the website, customising it according to your preferences. Most browsers accept these files (Cookies), but you can delete them or have them automatically blocked.

In your browser’s Help menu, you can learn how to change these settings.

However, if you do not allow cookies, some functionalities of our website may not be available to you.

We suggest you read your social media privacy policies to familiarise yourself with how they use the browsing information they may collect about you.

15.3. You can control or delete Cookies

Most web browsers automatically accept cookies by default. The User can change the settings to block cookies or alert you when a cookie is sent to your device.

There are many ways to manage cookies:

One is to check your browser instructions or help section to learn more about how to adjust or change your browser settings. By disabling cookies, the User may be unable to visit specific pages of our website or may not receive personalised information when visiting a page.

If you use different devices to access our digital platforms (e.g., computer, smartphone, tablet etc.), you should ensure that each device’s navigator is adjusted to suit your cookie preferences.

To ensure that you can quickly and intuitively manage your cookie preferences within your browser, you can use one of the links below:

  • For more information on “Private Browsing” and cookie management in Firefox click here:
  • For more information on “Private Browsing” and cookie management in Chrome, click here;
  • For more information on “Private Browsing” and cookie management in Internet Explorer, click here:
  • For more information on “Private Browsing” and cookie management in Safari, click here;
  • For more information on “Private Browsing” and cookie management in Opera, click ahere.

16. Personal data breaches

After an impact assessment to identify if a detected data breach entails a high risk to the affected data holder’s rights and freedom, WEpayments will notify the National Data Protection Authority (Autoridade Nacional de Proteção de Dados – ANPD). Additionally, we will inform the relevant data holders within 30 days of learning of the incident unless the regulatory agency sets a shorter deadline.

  We will not communicate with the data holder in the following situations:

  • If we applied all appropriate technical and organisational protection measures regarding the relevant personal data, especially those that render the information unintelligible, such as encryption or anonymisation, to anyone unauthorised to access it.
  • If we took subsequent measures ensuring that there is no longer a risk to the data subjects concerned were taken.
  • If communication to the data holders requires a disproportionate effort. And in this case, public communication or similar may be issued to inform the data holders. We will retain data and information only until it is necessary or relevant for the purposes described in this

Statement, in case of statutory pre-determined periods, or until such time is required for maintaining legitimate interests of WEpayments.

Privacy is vital to WEpayments, and we strive to protect it to the best of our ability. However, we cannot fully guarantee that all data and information collected will be protected from unauthorised access, especially if the credentials needed to access our platforms and software are improperly shared.

17. Privacy Policy Updates

WEpayments reserves the right to change this Privacy Policy to provide you with additional security and convenience; therefore, it is essential that you visit our webpage (https://WePayment.co/pt-br/privacy-policy/) frequently. For convenience, we include the latest updated date at the beginning of the document. If we make changes that require further consent from you, we will post a new version of our privacy commitment.

18. Final Provisions

This document is proprietary to WEpayments, and it is your responsibility to ensure that it is revised to comply with legal needs or changes to the type of processing/handling of personal data under your responsibility.

The latest version of this document is available to all staff, suppliers, service providers and business partners on the website at the following link: https://WePayment.co/pt-br/privacy-policy/ou referring to the entire procedure of WEpayment’s information security and privacy management system, once its implementation is complete. As it does not contain confidential information, it is made openly available to all, including external parties.

WEpayments’s Board of Directors has approved this procedure regarding information security on (07/2022). It is available under a controlled version signed by WePayments’s Managing Director, Fernanda Rachel Zago, Partner.

19. Applicable Law

This document is governed by and construed under the laws of Brazil. The District Court of Curitiba-PR is elected as the competent jurisdiction to settle any disputes arising from this document, expressly waiving any other, however privileged it may be.

©2022 WEpayments. All rights reserved.