Privacy Policy January 12, 2024 20:11 Updated Curupira S.A. (“Blip” or “Company”) was born to promote smarter contacts between brands and people. Through our solutions, we offer the next step in digital communication and services across the world’s leading messaging and voice assistant channels. Blip is passionate about connecting people with the organizations they choose and it is concerned about personal data privacy and protection for its customers, employees, partners, suppliers and all other personal data subjects. As such, it is committed to ensuring that these rights are respected, abiding by applicable laws, especially Brazilian Law No. 13.709/2018 (“General Law on Personal Data Protection” or “LGPD”). This Privacy Policy (“Policy”) aims to inform users of the Blip website and Blip platform and other data subjects about how their personal data will be processed when they access and use the Blip website and platform, and when they interact via Smart Contacts (Chatbots) created through Blip or when they interact with the Company in other media. If you have any questions about the content of this Policy, please contact our Data Protection Officer directly, by e-mail: privacy@take.net. How do we collect your personal data? When you access and use our website or our Blip platform, or interact with Blip in other ways, we may collect your personal data in different ways, such as those listed below: For the provision of information by you, when you fill out data to register on the Blip platform, to subscribe to our newsletter, to request more information about our solutions, to chat with the “Blip Smart Contact”, to participate in events promoted by the Company and other companies in the group or when you contact the Company directly by other means or communication channels, such as telephone, e-mail or messages on our social networks. Through automatic data collection, such as information about your device type, unique device identifier number, browser type, approximate geographic location, by means of your browser tools and other technologies such as cookies (see section 7 of this Policy). For receiving your personal data from recruitment firms, referrals or other persons who share your data with us for the purpose of enabling your participation in selection processes conducted by the Company. By receiving your personal data through our partners, companies in the group, service providers, suppliers or third parties, such as cases in which we have a business relationship with your employer, when we may receive your personal data to ensure our communication and confirm your identity as an employee of that company or for your registration on the Blip platform. We also receive your personal data from companies with which you have a business relationship and which use the chatbot services or other solutions provided by Blip. For which reasons do we collect your personal data? Blip processes your personal data for various purposes, according to your relationship with the Company and the way you interact with us. The main purposes for which we collect, process or otherwise handle your personal data include the following: For user registration. We will process your personal data required to register you as a user on the Blip platform in order to allow for creating and managing your account, whether linked to your employer or directly to you. For creating and using the Blip platform. We will process personal data to enable the functionality of features you use to create and use the chatbot, such as Builder, Contacts, Customer Service, Payments, among other features. To charge for use of the platform and other products/services. When you or your organization purchases one of the Blip platform plans (Standard, Business and Enterprise), we will process your personal data to enable the transaction and payment for our services. To answer your questions, compliments, complaints, suggestions, and to communicate with you. When you contact us, either through our website, by phone, e-mail, Help Center, Ideas, relationship and customer/consumer service websites or by any other means of communication, we will process your personal data in order to communicate with you, answering your questions, compliments, complaints or suggestions, as well as any message you may have sent us, including to report technical problems with the use of our website, Blip platform or any other solutions offered by Blip. To promote our activities. We will process your personal data in order to send you our newsletter, invitations to events held by the Company and/or with partner companies, as well as information about our services, surveys, studies, news, podcasts, videos, promotions, new solutions or any other content or material that we produce, in order to promote our activities. For marketing, sending information about our products or services. If you already have a business relationship or have already interacted with the Company previously, or have registered to receive Blip materials and information through the website, to download content or access to sponsored media, we may process your personal data for marketing and/or sending information about products or services provided by Blip. For contact with possible customers, leads and prospects. If you have filled out the form on our website to contact our Commercial team, provided your information via landing pages, or if we identify that you or your organization may be interested in our products or services, we will process your personal data to promote our activities and to contact you and share information about the solutions provided by Blip. To conduct satisfaction surveys. We may process your personal data to conduct satisfaction surveys, to identify whether the products or services we offer are being positively received and what can be changed for better usability and operability. To recruit new employees. When you send us your résumé by e-mail, social networks, instant messaging applications, etc., when we receive your résumé from third parties, or when we have an open selection process and are looking for professionals in the market, we will process your personal data for the purpose of recruiting new employees, contacting them and allowing them to participate in all stages of the respective selection processes, such as interviews, group dynamics, practical or theoretical tests, among other activities inherent to the recruitment process, to evaluate the compatibility of your professional profile with the characteristics of the open position. To analyze the use of our platform. When you visit and browse our website or the Blip platform, we will process your personal data to understand aspects related to use of the website or platform, such as pages visited and duration of visits, the way you interact through Blip, the tools used most, among other aspects related to use of the platform, in order to improve the content provided to visitors, customers and data subjects. We will also process your personal data to identify the adherence rate of e-mails we send and interaction with the content we publish, in order to understand which of the materials we produce are being better received by our users. To ensure the security of our platforms. We will process your personal data to ensure the security of the Blip website and platform, evaluating unusual patterns in relation to its use, unexpected voluminous access requests, access attempts with invalid user ID and password, among other actions that may indicate a cyber attack or breach of confidentiality, integrity or availability of our systems. To comply with legal or regulatory obligations or court orders. When we need to comply with legal or regulatory obligations or court orders, we will process your personal data that is necessary for such purposes, including by sharing such data with public agencies and the Judiciary. To defend ourselves in judicial, administrative or arbitration proceedings. When necessary, we will process your personal data to defend our interests in legal, administrative or arbitration proceedings brought by you or a third party against us, or brought by us against you or a third party. To ensure the safety of our facilities and staff. If you come to our physical facilities, we will process your personal data to ensure the safety of our employees and our facilities, including the security of information we store, whether it is personal data, trade secrets or other corporate information. To ensure the protection of your health, the health of our employees and that of third parties. If you come to our physical facilities in person, we will process your personal data to ensure that you, our employees or third parties do not present any symptoms of an infectious disease (especially COVID-19) that could jeopardize everyone’s health. To evaluate new acquisitions. We will process your personal data when necessary in the process of evaluating new acquisitions of products, services, or shareholding stakes in other organizations, especially during the legal or tax due diligence process, during which we may have access to information about employees of the organizations we are evaluating as business partners or potential shareholding acquisitions. To investigate potential complaints. When you initiate or are involved in a report made through our Reporting Channel about conduct inconsistent with our corporate values or that violates applicable law, we may process your personal data to investigate the complaints made and, if you filed the complaint and choose to reveal your identity, to report back to you on the outcome of the process related to the complaints. For credit analysis. In cases where Blip sells products or services to you, we will process your personal data to assess your ability to meet your financial obligations and to protect our credit. For conducting meetings, videoconferences or conference calls. We will process your personal data for the purpose of conducting meetings, videoconferences or conference calls, including, depending on the medium used, your image and voice, as well as identification and e-mail correspondence data, for sending invitations and links to access meetings. To receive third-party indications. We will process your personal data when we receive indications from third parties about your potential interest, or potential interest from your organization, in hiring our products or services, allowing our subsequent contact with you to present our solutions. For internal audits. We will process your personal data as necessary to conduct internal audits of our platforms and systems, including in connection with financial, tax and accounting audits, audits of compliance with laws and regulations to which we are subject, audits of financial and risk controls, audits for the reorganization, sale, assignment or transfer of all or part of our assets, audits required by Government Authorities, or any other audits that are necessary or relevant for the proper development of our business. Which data do we collect? To achieve the purposes indicated above, we may process one or more of the following personal data, to the extent necessary for the respective purposes: User registration data. When you are a user of the Blip website or platform, we will process data such as your full name, e-mail address and telephone number to create your account and to receive our newsletter and marketing e-mails. For the Commercial team to contact you, we will process the data entered on the form, such as your full name, e-mail address, telephone number and position in your company. In order to process payment for one of the Blip platform plans, we will process your name, CPF (Tax ID), information on the organization you represent and contact information. Data on use and on the device. We will process data related to your use of the Blip website and platform, such as clicks, page scrolling, cursor scrolling and pages visited, geolocation, date and time of access, IP of your device, browser used, type of device, language preference, features used, registrations, etc. Data for the chatbot to function. We will process personal data for users who interact with the Smart Contacts present on the Blip platform, either on their own behalf or on behalf of our customers, for whom we act as Operator, such as full name, location, phone number, message content, personal data of associates who perform the service manually, such as full name, status and working hours; content of the chatbot’s pre-formatted messages and their replies; data for chatbot configuration, such as the chatbot name, description, image, welcome messages and connection information, etc. Other information. We will process additional data that may be voluntarily entered by users in résumés or communications sent to the Company through the “Blip Smart Contact”, by e-mail, correspondence or any other means. With whom do we share your personal data? We may share your personal data with: Companies in our Economic Group. We may share your personal data with other companies in our economic group in order to improve our products or services and to gain efficiency in our business, such as in case of the use of single or integrated systems between companies of the same group. Our partners, service providers and suppliers. To carry out our business activities, we maintain relationships with and contract various partners, service providers and suppliers, which are essential to our business. Some of these partners and suppliers may need access to the personal data we collect in order to perform their functions as cloud hosting or e-mail communication solution providers, external recruiters, auditors, banks and affiliated companies, in which cases we will share your personal data with them. We perform an evaluation of all our partners and suppliers, requiring that personal data is processed in compliance with all applicable laws and ensuring information security in order to minimize any risks in data sharing. External Advisors. We may share your personal data with external advisors who provide services to us, including financial, accounting, legal or technical advisors, who need access to data to perform the activities for which they have been contracted. Government Authorities. We may share your personal data with any Government Authority that requests it, including labor or financial activity oversight entities, to comply with our legal or regulatory obligations. Judiciary. We may share your personal data with Judiciary agencies when necessary to comply with a court order, with our legal or regulatory obligations, or for the regular exercise of our rights. Police Authorities. We may share your personal data with police authorities or entities with police power, such as the Public Prosecutor’s Office, whenever we believe there is suspicion or confirmation of any illicit and criminal act, when necessary to protect our employees, our rights and our property, even when there is no legal or regulatory obligation requiring the sharing. With third parties interested in the combination or acquisition of our business. We may share your personal data with third parties interested in combining or acquiring our business, with which we are engaged in connection with potential merger, acquisition or incorporation transactions of the Company, its business units or its specific assets, either during the due diligence phase conducted by third parties on the Company’s business or at a later time, with its definitive transfer to the acquiring company or person, when applicable. In the event of any Company insolvency or reorganization proceedings, your personal data may also be shared with third parties that acquire our business or assets. With other users of the Help Center and Blip Ideas. If you send us requests through the Help Center or Blip Ideas, these publications will remain public and can be accessed by third-party users of the respective platforms. With third parties indicated by you. We may share your personal data with third parties that have been indicated by you, upon your request and based on your consent. What are the legal bases that authorize the processing of your personal data? All our personal data processing operations are always performed supported by a legal basis provided by applicable law, according to the particularities of each data processing activity. The legal hypotheses authorizing the processing of your personal data that we use to enable our processing activities include the following: Compliance with a legal or regulatory obligation. In certain situations, we process your personal data supported by the need to comply with a legal or regulatory obligation, such as when we keep records of your access to our website or to our applications, pursuant to article 15 of Law No. 12.965/2014 (“Civil Framework of the Internet”). Contract execution. When you decide to use the Blip platform, we establish a contractual relationship with you based on your acceptance of the Blip platform Terms of Use, and in the case of paid plans, based on your signing the Blip Agreement to make features available. In such cases, we will process your personal data that are necessary for execution of the contract, such as your full name, e-mail address and telephone number, in order to link your registration to the platform. Regular exercise of rights. We may process your personal data when necessary to enable the regular exercise of our rights in contracts, or in administrative, judicial or arbitration proceedings, such as, for example, the indication of your registration data in a lawsuit filed by you against the Company. Protection of life or physical integrity. We will process your personal data when necessary to protect life or physical safety of you or others, such as, for example, when measuring your temperature before allowing you to enter one of our physical facilities, to ensure that you do not show signs of infection by infectious diseases that could contaminate our employees or third parties. Credit protection. We will process your personal data when necessary for our credit protection, such as, for example, in cases where it is necessary to verify your ability to pay for the products or services offered by Blip. Legitimate interest. We will process your personal data when we have a legitimate interest in the processing, except when your fundamental rights and freedoms prevail, for example when we promote our activities by sending e-mails to our customers. Assurance of fraud prevention and security for the data subject. We will process your personal data when necessary to guarantee fraud prevention and security of the data subject, in registration identification and authentication processes in electronic systems. Consent. When we have no other legal basis permitting the processing of your personal data, we may process your personal data on the basis of your free, unambiguous and informed consent, which may be revoked at any time, easily and free of charge. For more details about the legal basis used for specific personal data processing carried out by us, please contact our Data Protection Officer at privacy@take.net. For how long are your data processed? Blip is committed to processing your personal data only for the period necessary to achieve the specific purposes of each type of processing, retaining data for the shortest period possible, taking into account all existing legal and regulatory obligations and the need to defend the Company’s interests in legal, administrative or arbitration proceedings. In this sense, retention periods are defined by the Company according to the specific characteristics of each type of processing, including the purposes for which the processing is carried out, existing legal or regulatory obligations, among other criteria relevant to this definition. For more information about specific retention periods, please contact our Data Protection Officer at privacy@take.net. Cookies Cookies are text or image files made available on our website and stored on devices used by the Users who access them, for operation, performance and browsing optimization. These cookies may also be used to evaluate performance metrics, enable the site to function properly and be more secure, provide a better user experience, understand how the site works and where it needs improvement and to gather information about user behavior. There are several types of cookies. On our website, we use the following cookies: Strictly necessary cookies. These are essential to the functioning of our website, to ensure its security and proper performance, without which it would not function properly. Preferential cookies. These store information about your preferences, such as your language and region, allowing for a better browsing experience on the site. Analytics cookies. These collect information about your behavior while browsing our site, such as which pages are visited, how long you visit and which pages are accessed infrequently, in order to allow us to improve the quality of the site. An example of the cookies we use are those provided by Google Analytics, which help us understand how users interact with our platform, to then find opportunities to evolve our services. If you want to manage your cookie preferences, you can configure your browser or device to remove them. However, by taking this action, you should be aware that some features may not work properly and your experience with Blip may not be as personalized, compromising the usability of the platform. Each browser provides its own way to configure cookies. By accessing the respective websites, you will be subject to the privacy policies of other companies, which may not be consistent with or similar to the terms of this Policy. To learn more about how to manage and delete cookies from your browser, please visit: How to remove cookies in Google Chrome How to remove cookies in Mozilla Firefox How to remove cookies in Internet Explorer How to remove cookies in Safari What are your rights as a personal data subject? You have a number of rights in relation to your personal data and Blip is committed to fully respecting them as a Processing Agent. The rights available to you include the following: Confirmation of existing processing. To question whether we process your personal data, confirming the existence or absence of such processing. Access to data. To request a copy of your personal data processed by us, by secure, suitable electronic means or in printed form, according to your preference. Rectification. To request the correction of your personal data that are incomplete, inaccurate or outdated. Anonymization, blocking or deletion. To request the anonymization, blocking or deletion of your personal data in cases where unnecessary, excessive or unlawful data processing is performed. Portability. To request the portability of your personal data to other content platforms, in the form of regulation issued by the National Data Protection Authority, observing Take’s trade and industrial secrets, if any. Information about sharing. To request information about the public and private entities with which we share your personal data. Information about the possibility of denying your consent. To receive information about the possibility of not providing your consent, when consent is the applicable legal basis for processing personal data, with indication of the consequences of such a refusal. Revocation of consent. To revoke your consent easily and free of charge by simply communicating your decision to the Blip Data Protection Officer or in other possible formats made available by the Company exclusively for this purpose. It is important for you to know that revocation of consent does not invalidate or render unlawful personal data processing activities that have been carried out prior to the date of revocation. Opposition to processing. To oppose the processing, indicating your reasons for doing so, in cases where consent is not the legal basis applicable to the processing of your personal data and when there is any non-compliance with the General Data Protection Law (LGPD). Blip will assess whether or not your objection is justified and Blip the necessary steps to suspend processing or inform you of the grounds on which it understands that the processing is lawful and permitted. Complaint. To file a complaint regarding the processing of your personal data by Blip before the National Data Protection Authority. However, we hope that before you do this, you will give us the opportunity to respond to any questions or complaints you may have directly. Our Data Protection Officer is available to answer any questions and assist you in processing any complaints. Deletion of data processed with consent. To request the deletion of your data, in cases where your consent is the legal basis for a particular processing activity, with the exception of possibilities for us to continue storing the data when necessary for compliance with a legal or regulatory obligation, or for the defense of our interests in judicial, administrative or arbitration proceedings. Request for Data Access or Deletion and how to exercise the rights of personal data subjects All of these rights can be exercised by you at any time, free of charge, except if charging a fee is allowed according to legislation or regulation in force, and Blip is committed to using its best efforts to meet your requests in a transparent and fast way. If you wish to request the deletion of personal data, or exercise any other rights as a data subject, simply contact us through the following channel: privacy@take.net. To ensure that your rights are being exercised by you or your duly constituted legal representative, Blip may request necessary information or proof of identity in order to prevent fraud and ensure your privacy, so that your personal data is not shared with those who are not authorized to do so. We will respond to your requests within a reasonable period, in accordance with applicable law, bearing in mind that we may only respond to some requests after receiving the aforementioned confirmations. In certain cases, such as when your request is particularly complex or when we receive a high volume of requests at the same time, our response may not be as fast as we would like it to be. In these situations, we will keep you informed and updated about the progress of your request. In situations where we act as Personal Data Operator, contracted by companies with which you have a relationship, it is the obligation of the respective companies to respond to your requests to exercise the rights set forth above. In the event that you send your request to Blip, we will indicate who is the Controller of your Personal Data for that processing activity and forward your request to that organization. Considering that in these cases we only perform processing activities at the behest of the respective Controllers, we will be prevented from complying with your requests without the express authorization of the respective Controllers. Information Security Blip adopts technical and organizational measures based on good market practices to protect your personal data against unauthorized access or unlawful or accidental situations of destruction, loss, alteration, communication or any other form of inappropriate processing. Your data are stored in a secure operating environment that is not accessible to the public. The measures we adopt to protect your personal data include: access controls, monitoring of access to local networks and remote connections via VPN, user authentication, antivirus, firewall, keeping backup copies, periodic system tests and scans, encryption of data in transit and at rest, among others. We maintain administrative, technical and physical safeguards to support the protection of personal information you share with us. These actions are associated with the effort to prevent security incidents, such as loss, misuse and unauthorized access, disclosure, alteration, destruction or any counter-attacks perpetrated by malicious people, which can be highly sophisticated and innovative, with techniques and methods unknown until then, even by the best information security tools. We know that no Internet transmission is 100% secure, so the security of your data also depends on you taking reasonable measures when using your devices and software. It is important that you protect data such as your e-mail address and password used for authentication on the Blip platform. We can thus prevent other people from accessing your services. The security of your data also depends on you taking reasonable measures when using your devices and software. If you identify or become aware of anything that could jeopardize the security of your personal data, or any possible vulnerability in our website or systems, please contact us. Third-Party Websites Our website may provide links to third-party websites. These websites, in turn, have their own privacy policies, which may not be compatible with this Policy. We recommend that you review the respective privacy policies of these third parties to learn about their personal data protection practices. Blip is not responsible for the data protection practices of third party websites, nor for their content, which is in no way validated, ratified or endorsed by Blip. How to contact us If you have any questions about this Policy or about the way your personal data is processed by Blip, or if you want to contribute with complaints, suggestions or comments about our personal data processing practices, please do not hesitate to contact us by e-mail at: privacy@take.net. We have a duly appointed Data Protection Officer who is ready to answer all your questions or complaints, as the contact point for your communication with Blip regarding the processing of your personal data. Our Data Protection Officer can be contacted directly at the following channel: Marcelo Lopes – privacy@take.net Details on the Agent Responsible for Processing Personal Data Curupira S.A, a corporation enrolled in the National Corporate Taxpayer Registry (CNPJ/ME) under No. 04.413.729/0001-40, headquartered at Rua Sergipe, 1440 - Andar 9, Sala 109 Andar 10, bairro Savassi, Belo Horizonte, Minas Gerais, CEP 30130-174, is responsible for the Personal Data processing defined herein, as defined in the Brazilian General Law on Personal Data Protection. Updates As we are always striving to improve our services, this Privacy Policy may be changed and updated over time to better reflect our personal data processing practices and to make our operations more secure and transparent. When material changes are made, we will post a notice on the home page of our websites so that you can quickly identify the existence of an updated version of this Policy. For personal data processing activities we perform that may be based on your consent, if changes to this Privacy Policy result in material changes to our personal data processing practices, we will ask for your consent again based on the updated terms of this Policy. We recommend that you check this Policy periodically to familiarize yourself with any changes. For more information, visit the discussion on the subject in our community or the videos on our channel. 😃 Related articles Blip Terms of Use and Privacy Public Information Security Bulletin Activation of Additional Numbers on Blip - WhatsApp Embedded SignUp Open Sea Data Handling - YouTube Data Extractor (Access to data)