Security polices

Your privacy is very important to MEREGE, the controller responsible for making this Platform available https://www.merege.com.br/. Therefore, we have prepared this Privacy Policy, which provides for the processing of personal data carried out based on this Platform, which may, depending on the case, be complemented by specific policies.

The processing of personal data carried out is subject to Brazilian legislation, in particular Law No. 13,709/2018 (“LGPD”) and observes the following principles: (a) limitation of the use of personal data to what is extremely necessary to meet business purposes; (b) access to personal data only by essential persons and deletion of data when no longer needed; (c) additional care in handling sensitive personal data; (d) transparency with customers, partners and employees; (e) security of personal data; and (f) establishment of a personal data processing contract with third parties.

It is very important that you read this document carefully and contact us, as indicated here at the end, if you have any questions. BY USING THE PLATFORM OR BY PROVIDING YOUR PERSONAL DATA, YOU DECIDE TO BE AWARE OF THE PRACTICES DESCRIBED IN THIS POLICY.

PERSONAL DATA COLLECTED AND COLLECTION SOURCES

MEREGE may collect the following types of personal data (i) provided directly by you, (ii) collected automatically about you and/or (iii) obtained from other sources:

  • Data provided directly by you: This is the information that you actively enter on the Platform such as full name, telephone, email, address, date of birth, login and password, information about the use of our products/services, payment data. It also comprises data relating to your participation in promotions and contests, making it possible to make reservations and purchase tickets to visit our factories and/or allow the delivery of products/services to you.

 

  • Data collected automatically: This is the information automatically collected about you when using the Platform, such as IP address (with date and time), type of device used to access the Platform, type of browser used, location of your device, identifier number of your device, sequence of clicks, pages accessed and searches performed. In addition, we may store telephone recordings between you and our team and/or any other data arising from your interaction with us via our contact channels and/or social networks.

 

  • Data collected from other sources: If you use a social network account (such as Facebook) to create an account on the Platform, we will collect the personal data indicated at the time of linking the social network account, which will include: name, e-mail address mail and friend list. In addition, we may obtain information about you from other providers of products, services, websites and applications, as well as information from public and commercially available sources (as permitted by law). Whenever we collect information about you from third parties, we will do our best to ensure that those third parties are permitted to share such information with us and that our use of personal data complies with applicable personal data protection laws.

Data that you provide in response to opinion and market surveys, or other types of research that you decide to participate, organized and/or sponsored by/on behalf of MEREGE, may also be collected.

 

We may also collect personal data about you, your device or use of the Platform and/or products/services under the MEREGE brand in the manner informed at the time of collection and/or with your specific authorization, when required by applicable legislation.

 

You acknowledge that you are solely responsible for the veracity, accuracy and authenticity of the data provided, also committing to the safekeeping, secrecy and proper use of any registered login and password, exempting MEREGE from any liability in this regard.

 

 The Platform does not internationally collect or request personal data from persons under 18 (eighteen) years of age. If you are under 18 (eighteen) years of age, do not use the Platform and/or provide any data. If we become aware of data collection contrary to the provisions herein, we will delete the data immediately.

USE OF COOKIES

We use cookies for several functions, including: (i) allowing you to browse and make use of all the features available on the Platform, (ii) enabling analysis of your interaction with the Platform, (iii) promoting a personalized experience, and (iv) ) evaluate the effectiveness of communication and advertising, for example by understanding and analyzing trends and learning about their behavior.

 

For more details on our use of cookies, please also see our Cookies Policy, which can be found at https://www.merege.com.br/contact-us.

 

You will be able to manage cookie preferences from the configuration of your browser or device, however this may prevent the functioning of certain features of the Platform.

USE OF COLLECTED PERSONAL DATA

Your personal data may be collected, stored, transferred or otherwise used by us in the following ways and purposes:

  • Allow your participation in promotions, contests and sweepstakes: If you participate in promotional campaigns, you may be asked to provide your name, email address, address, telephone number and provide answers to other questions related to the specific activity. We need this information to enable you to participate in campaigns or events, as well as to communicate with you and send you any prizes.

 

  • Issue tickets to visit our factories, process payment and enable the delivery of products/services purchased by you and/or your participation in events: We will need your name, email, name of the person who will use the ticket or recipient of the product/service (if not you), date of birth, your payment details, and dietary restrictions. This data will also be used for sales management purposes and allows us to perform a contract with you and/or comply with our legal or regulatory obligations.

 

  • Communication: The personal data collected will also be used so that we can send you important notices and notifications related to you, such as changes to this Policy. Furthermore, personal data will still be used to respond to any interactions you have with us.

 

  • Product Marketing, New Events and Market Research: The personal data collected may be used to send you advertising and promotional materials, information about products and new product launches, and/or to invite you to participate in market research. Also, personal data may be used to better understand your tastes and interests and, thus, send you more relevant information. We may need your consent for some of these activities, so your consent will be requested in a timely manner. Without prejudice, we offer several ways for you to unsubscribe from receiving communications of this nature by email at any time, by selecting the unsubscribe link at the end of electronic communications, and/or informing the person responsible for any possible telephone contact, for example.

 

  • Management and auditing: The personal data collected may be used to generate management reports; analysis and solution of administrative, technical and/or operational problems; enable the improvement of products/services; conduct business planning; process payment transactions; protect and prevent fraud and other legal or information security risks.
  • Compliance with legal obligations and defense of rights: Personal data may be used for the purposes of complying with legal or regulatory obligations to which we are subject, as well as for defending rights in judicial or extrajudicial conflicts, and for protecting the rights of MEREGE and from third parties.

MEREGE will only use your personal data for the purposes communicated to you, unless the company deems it needs them for other purposes compatible with the originals, and that there is a legal basis for further processing. That is, personal data may be used for non-conflicting and/or excessive secondary purposes in relation to the purposes listed here.

 

We process your Personal Data for the purposes set out in this Policy because one or more of the following applies:

  • The processing is necessary for the conclusion and/or performance of a contract with you;
  • The treatment results from a legal or regulatory obligation to which MEREGE is subject;
  • Processing is necessary for us to exercise or defend rights;
  • MEREGE has a legitimate interest in collecting and processing personal data, for example:
    • Conduct market research
    • Evaluate and develop possible improvements to the Platform and products/services
    • Personalize communications and content made available to you
    • Conduct and manage company activities
  • You have provided prior consent for certain types of treatment.

SHARING YOUR PERSONAL DATA

MEREGE will only share your personal data with those who have a legitimate need. Whenever the company allows a third party, which processes data on its behalf (third-party operator) or that determines the purposes and means of treatment (third-party controller), to access personal data, it makes sure that such information is used in a way that is consistent with this Policy (and any other applicable personal data handling guidelines).

 

Thus, your personal data may be shared with our parent company, subsidiary companies, affiliates and third parties, such as service providers and partners, for legitimate purposes as follows:

  1. To carry out the personal data processing activities described above, including the storage of collected personal data;

 

  1. To allow third parties to provide services to us, such as the platform that manages ticketing to visit our factories;

 

  1. To comply with our legal, regulatory or contractual obligations, or to respond to a judicial or administrative process, audit or legal requests by public and law enforcement authorities, when we believe that we are legally obligated to do so. Recipient categories include counterparties to contracts, court and government agencies;

 

  1. For the legitimate exercise of rights in judicial, administrative or arbitration proceedings, including preventing injury or threat to rights;

 

  1. Where necessary to protect you and the company and your legitimate interests;

 

  1. As part of corporate due diligence and/or due diligence relating to the merger, acquisition, alteration of the company, we may disclose your personal data to the potential buyer, new service provider and respective advisors, to the extent necessary and appropriate for achieving of the aforementioned purpose;

 

  1. In the case of corporate transactions, such as restructuring, merger or sale of assets, your personal data may be transferred, provided that the terms of this Policy are respected. The same may occur in cases of judicial recovery or bankruptcy; and/or

 

  1. With your legally obtained consent, this is given voluntarily and without you suffering any adverse consequences from your decision to deny or revoke your consent.

 

You declare that aggregated and anonymized information may be freely shared.

INTERNATIONAL TRANSFER OF PERSONAL DATA

Personal data may need to be transferred to countries outside Brazil for the purposes, for example, of administering the audit of conducted processes and storing personal data.

 

We may also subcontract the processing or share your personal data with third parties located in other countries for the purposes of achieving the purposes described in this Privacy Policy.

 

When we transfer your personal data to a country other than Brazil, we will ensure that this transfer complies with applicable rules, particularly the LGPD, and is conducted in a way that preserves your personal data. Thus, we will only carry out the international transfer of your data, in the absence of an adequacy decision by the National Data Protection Authority (“ANPD”) and the safeguards provided in item II of article 33 of the LGPD, in the event that it is necessary and as appropriate in the event of one of the following cases: (i) the protection of your life or physical safety or that of a third party; (ii) the national authority authorizes the transfer; (iii) with your authorization; (iv) to comply with legal or regulatory obligations to which we are subject; (v) to properly perform the contract with you; or (vi) for the regular exercise of rights.

SECURITY OF PERSONAL DATA

MEREGE is committed to protecting the security of your personal data. We use a wide range of security technologies and procedures to help protect your personal data from unauthorized access, use or disclosure. For example, we store the personal data you provide on servers with limited access that are located in controlled facilities, and when we transmit certain sensitive personal information, we protect it through the use of encryption.

 

The personal data processed is stored for the purposes presented in this Policy, in accordance with the law, in, for example, contracted cloud services that may or may not be located in Brazil or physical files, which also meet suitable information security standards, such as:

  1. Establishment of strict control over access to data by defining the responsibilities of the people who will have access and exclusive access privileges;

 

  1. Protection against unauthorized access using a double authentication mechanism for accessing data, password and keys; and

 

  1. Creation and maintenance of a detailed inventory of accesses containing the moment, duration, identity of the person responsible for access, and data accessed.

 

In addition to administrative, technical and physical measures to protect personal data against loss, theft, misuse, as well as against unauthorized access, disclosure, alteration and destruction, we have adopted specific policies and procedures for employees and/or third parties who have contact with the personal data listed here.

 

Any legally required disclosures about breaches of security, confidentiality or integrity of the data described in this Policy, notably of personal data, will be properly reported to you via email or made available ostensibly on MEREGE’s communication channels, to the extent that it is consistent with (i) legitimate law enforcement needs or (ii) any measures necessary to determine the scope of the breach and restore reasonable integrity of the data system.

 

HOWEVER, MEREGE CANNOT FULLY GUARANTEE THAT ALL INFORMATION TRANSFERRED ON THE PLATFORM AND/OR ITS SYSTEMS WILL NOT BE TARGETED FOR UNAUTHORIZED ACCESS ARISING FROM CRIMINAL CONDUCT.

 

YOU MUST ALSO TAKE APPROPRIATE MEASURES TO PROTECT YOURSELF AND KEEP, FOR EXAMPLE, YOUR DATA SECURE AND YOU ARE RESPONSIBLE FOR DATA TRANSMITTED VIA THE PLATFORM.

TERMINATION OF TREATMENT

MEREGE stores your personal data only for the time necessary to achieve the purposes presented here, observing the following criteria:

  • We retain your personal data for as long as we have a relationship with you;
  • We retain your personal data for as long as necessary to comply with a legal or regulatory obligation to which we are subject; and
  • We retain your personal data where it is advisable to safeguard or improve the legal position of MEREGE and/or third parties (eg in relation to litigation, regulatory investigations).

 

We may keep your personal data, in an anonymized form, that is, that it no longer refers to you personally, for statistical purposes, without a time limit, to the extent that we have a legitimate interest and legal possibility to do so.

YOUR RIGHTS AND HOW TO EXERCISE THEM

You, as the holder of personal data, have rights in relation to your data and the way in which it is treated.

Your rights, according to the LGPD and according to the specific legal basis adopted by the company to process your personal data:

 

Possibility of confirming the existence of processing of personal data and access to them in simple format

If you want to be sure whether or not we are processing your personal data, you have the right to question us and request, for example, access to the list of personal data we hold about you in our database.

 

Clear and complete statement with the origin of the data, treatment, criteria used and purposes of treatment

If the information provided when exercising the above right is not sufficient, you may request further information about the processing of personal data carried out by us.

 

Correction of incomplete, inaccurate or outdated personal data

If you identify that the data we hold about you is incomplete, inaccurate or out of date, you can ask us to change it. This is important so that your data is processed correctly to achieve the purpose of the various processing activities indicated here. For example, correcting your address may be essential for the correct delivery of a prize to you.

 

Anonymization, blocking or deletion of personal data

If you want us to stop processing your personal data because you believe that there is excessive treatment or that does not comply with the law, you can contact us to do so, at which time the justification for your request and the possibility of technique to serve you. It is also possible that you request the deletion of personal data processed with your consent and provided that there is no other legitimate purpose for its conservation, such as the existence of a legal or regulatory obligation to be met by MEREGE.

 

Portability of personal data to another service or product provider

If you wish, you can ask us to export your personal data so that another entity can process it. This does not necessarily mean that your data will be deleted from our database.

 

Revocation of Consent

For processing activities that are justified by your consent, you may withdraw your consent at any time. Please note, however, that this will not affect the lawfulness of processing prior to revoking your consent.

 

You also have the rights to (a) delete personal data when they are no longer necessary for the purposes for which they were collected, except in the case of necessary conservation authorized by applicable law; (b) receive information about the public and private entities with which MEREGE has shared your personal data; (c) receive information about the possibility of not giving consent and consequences of the appeal; (d) oppose the processing of personal data in the event of non-compliance with applicable legislation; and (e) file a claim with the ANPD.

 

You also have the right to request a review of a decision based on automated data processing.

 

To exercise any of the rights listed above, you must contact us via email at contato@merege.com.br. We may request specific information from you to confirm your identity and right of access, and to seek and provide the personal data we hold about you.

 

We will try to fulfill your order in the shortest possible time, but you should keep in mind that we will need some time to process and respond to all requests in the best possible way.

CHANGES TO THIS POLICY AND THIRD-PARTY POLICIES

From time to time, we may update this Policy. When we do, we will revise the “last updated” date. If there are material changes to this notice or to the way we handle your personal data, such as purpose, form and duration, controller identification and/or sharing possibilities, we will use reasonable efforts to notify you, highlighting, about the changes. We encourage you to periodically review this Policy to stay informed about how we protect your personal data.

 

WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES AND/OR CONTENT OF THIRD PARTIES, ACCESSIBLE, INCLUDING, VIA LINKS AVAILABLE ON THE PLATFORM. YOU SHOULD USE CAUTION AND REVIEW THE PRIVACY STATEMENTS OF THIRD-PARTY SERVICES, BY CONTACTING THE RESPONSIBLE THIRD PARTY DIRECTLY IF YOU HAVE ANY QUESTIONS.

CONTACT US

If you have any questions about this Policy, among others, about the data collected, processed and shared, or even about your rights, you can contact us via e-mail contato@merege.com.br. You can also get in direct contact with our Supervisor, Daniel Garambone Merege, using the channel daniel@merege.com.br.

CHANGE HISTORY

Edition

0

date

27.02.2022

CHANGE HISTORY

Creation

Approval

Daniel Merege - Chief Legal Office

Consulting & Commercial Representative Services

Call center

  • contato@merege.com.br
  • +55 (21) 98813-7707
  • +55 (21) 98764-0711
  • +55 (21) 3993-5880

Security and certifications

  • Secure website with encryption (SSL)
  • User protection program
  • GDPR law
  • Shielded against card theft and cloning
© All rights reserved to Merege Consulting & Commercial Representative Services – Developed by Manu.dev.
×