Privacy Policy

Effective January 29, 2021

INTRODUCTION
This Privacy Policy aims to demonstrate the commitment of WS Solutions, a private entity registered in the CNPJ under No. 29.220.197/0001-56, headquartered in the city of Campinas (SP), with the privacy, protection and treatment of data collected from its customers through the CESLA system.

This document was prepared in compliance with Federal Law No. 13,709/18 of August 14, 2018, referred to as the "General Data Protection Law" or "LGPD".

By using our Services, you understand that WS Solutions, as the data controller, will be responsible for the collection, storage and processing operations of the data as described in this Privacy Policy.

If you still have questions, complaints, or would like to communicate with WS Solutions on this subject, you can contact our team through the service channels or contact our manager (DPO) at [email protected].

1. GLOSSARY
To facilitate your reading and understanding of this Privacy Policy, the following is a summary of definitions of terms used recurrently throughout this document:

LGPD: The Law No. 13,709/2018 or General Data Protection Law, which provides for the processing of personal data of natural persons, regardless of the medium, by natural person or by legal entity of public or private law, in order to protect the fundamental rights of freedom and privacy and the free development of the personality of the natural person;
Personal data: information related to an identified or identifiable natural person, that is, that allows the direct identification of the individual;
Sensitive personal data: personal data concerning racial or ethnic origin, religious conviction, political opinion, membership of a labor union or of a religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data;
Anonymized data: data related to an individual that cannot be identified, considering the use of reasonable and available technical means at the time of its treatment;
Controller: a natural or legal person, governed by public or private law, who is responsible for making decisions regarding the processing of personal data;
DPO: person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD);
Processing of personal data: operations such as: collection, classification, production, transmission, distribution, storage, elimination, control, transfer or extraction with personal data.

2. COLLECTION OF PERSONAL DATA
The CESLA system, as a Safety & Emergency model software for Industry 4.0, collects personal data from the services it offers, listed below:

Cesla Site: Institutional page for presenting the CESLA solution, with a 'Contact' area for the final consumer;

Inspect: Solution with the objective of inspecting, auditing and managing non-conformities found in operational routines. It allows you to customize checklists, application frequencies, as well as visualize, in floor plans and/or georeferenced, the inspections carried out and their respective status;

EPS Management: Real-time management of mandatory documents, people, training, medical exams, and integrations of a company contracted for an activity. It also offers management of on-site integrations and e-learning;

APR/PTe: Preliminary Risk Analysis modeling, as well as an Electronic Work Permit and its sub-levels. The tool ensures that only employees or contractors enter a PTe when they are qualified. Allows signature on the mobile screen or by biometric collection;

LOTO (Lockout & Tagout): Creation of LOTO maps/trees of machines/processes or equipment. Registration of LOTO points with RFID technology and ensures both lockout and unlock, and zero energy testing;

Integrates: Allows to create the relevant trainings, content evaluations and reaction, enabling to manage the application of these contents in an e-learning way, generating QR Code for approved. It also allows applying the DDS (Daily Safety Dialogues), with the possibility of adding content, instructors, and signing attendance lists electronically;

Report: A solution that allows employees, when faced with a situation that generates a 'near miss' or a behavior deviation, to use a mobile device to report it to a moderator for the resolution of the deviation;

EPI Control: Control of deliveries of PPEs, EPCs and tools for all employees of the unit. Stock control, expiration of CA (Certificate of Approval), periodicity of change, with signature directly on the mobile screen.

PTREC: Management of confined spaces and restricted areas, as well as the risks associated with them. Enables the addition of data, photographs, lockout & tagout points, GHS, Hommel Diamond, ventilation calculations, definition of work and rescue equipment, basic life support procedures, visualization of all ECs and RAs in floor plan or georeferenced.

PAE-BCP: Solution for modeling the emergency response plan of the unit, creating the pre-plan to meet the mapped risk scenarios, modeling the ICS (Incident Command System), managing human and material resources mapped in the pre-plans. PAA (Area Abandonment Plan), allows you to map the meeting points and mainly manage the location of employees during an abandonment of the building's area;

PM Mobile: Integration between the MS Project tool (REGISTERED BRAND) and CESLA's APR/PTe module to have an adequate parameter between the programmed and the effect of the projects, applying programmed x executed HHT management, based on the PTEs emissions.

Each solution offered by the CESLA system collects only the Personal Data, Sensitive Personal Data and Anonymized Personal Data pertinent and necessary for the implementation and full operation of the system. The personal data processing operations are also performed according to the purpose of each solution, with the data storage time, backup routines, consent and other operations performed according to the particularities of each solution.

3. CONSENT
All processing operations of personal data in the CESLA system are made from the consent, understood as the free, informed and unambiguous manifestation by which the user / client authorizes WS Solutions to treat the data as controller of CESLA, provided by the client contracting the solution. Thus, in line with the LGPD, data will only be collected, processed and stored upon prior express consent of the person responsible for hiring the solution. The consent will be obtained from the exposure of the purposes and data that will be collected by each CESLA solution hired by the customer, evidencing the commitment to transparency with the system contractors. At any time and at no cost, the client may revoke its consent, however aware that the revocation of consent for the treatment of data may imply the impossibility of the proper performance of any system functionality that depends on the operation. Such consequences will be informed in advance. For the CESLA EPS Management module, it is important to note that WS Solutions is not responsible for the collection of direct consent of employees of third-party contractors and subcontractors who have their data collected. As with the other modules, WS Solutions will be the data controller through the CESLA system and makes explicit in this document that the consent of the data subjects (employees of companies, contractors or subcontractors) must be assigned to the contractors of this specific module. WS Solutions ensures the rights of the holders, as well as uses advanced practices of data processing operations to maintain the suitability and security of the system as well as the information stored.

4. STORAGE OF PERSONAL DATA
WS Solutions will use Personal Data for as long as necessary to achieve the purposes of the contracted solutions, taking into account the rights of data subjects and controllers involved. WS Solutions employs technical protection measures and solutions to ensure the confidentiality, integrity and tamper-proof data collected and processed. Among the measures adopted, we highlight:

Only authorized persons have access to the personal data, and access is only granted after a commitment to confidentiality;

WS Solutions is committed to adopting the best postures to avoid security incidents. However, it is possible that despite all the security protocols implemented, problems may occur that are exclusively the fault of third parties, such as cyber attacks by hackers, or due to the negligence or imprudence of the user/client.

Personal data is stored in a safe and reliable environment, with appropriate encryption;

In case of security incidents that may generate risk or damage relevant to users / customers, WS Solutions is committed to officially notify those affected and the National Data Protection Authority about the occurrence and make available its Officer (DPO) for any clarification on the incident.

5. SHARING DATA WITH THIRD PARTIES
WS Solutions, in view of the preservation and integrity of data collected by CESLA system, will only share personal data with authorized third parties, which have the purpose of:

Assist in the operationalization of the CESLA system;

Promote IT technical maintenance;

Provide technological tools and technical infrastructure integrated with CESLA solutions.

They receive the data only to the extent necessary to provide the contracted services. However, partners have their own Privacy Policies, which may differ from this one.

In addition, there are also other instances in which your data may be shared, which are:

Legal determination, request, requisition or court order, with competent judicial, administrative or governmental authorities;

In case of corporate movements (commercial operation), such as merger, acquisition, and incorporation, automatically;

Protection of WS Solutions' rights in any type of conflict, including legal ones.

6. INTERNATIONAL DATA TRANSFER
WS Solutions shares data with third parties who may be located or have facilities located in foreign countries. In such conditions, personal data will in any case be subject to the LGPD. Thus, WS Solutions is committed to always adopting efficient cybersecurity and data protection standards in the best efforts to ensure and comply with legislative requirements.

By agreeing to this Privacy Policy, you agree to this sharing, which will occur in accordance with the purposes described in this policy.

7. USER RIGHTS
In compliance with the LGPD, WS Solutions ensures the following rights to the holder of the collected data:

The confirmation of the existence of treatment, in a clear and complete format;

Access to the data, and can request it in a legible copy in printed form or by electronic means;

The correction of incomplete, inaccurate or outdated data;

The anonymization, blocking or deletion of data that is unnecessary, excessive or processed in non-compliance with the LGPD;

The portability of data to another service or product provider, upon express request, in accordance with the ANPD regulations;

Request deletion of Personal Data collected and used based on your consent, with exceptions provided in the LGPD. However, WS Solutions may need to retain certain information for recordkeeping purposes, to complete transactions or to comply with legal obligations;

Withdraw your consent by disallowing the processing of your data in accordance with the LGPD. However, WS Solutions may need to retain certain information for record keeping purposes, to complete transactions or to comply with legal obligations;

Automated decision review.

To exercise their rights, the customer/user of CESLA should use the channels provided at the end of this Policy

8. CHANGES TO THIS POLICY
WS Solutions reserves the right to modify this Privacy Policy at any time, mainly due to the adequacy of any changes made in the CESLA system. It is recommended frequent access to this document so that the user / customer is always aware of the policy updated and implemented.

9. CONTACT
For questions or complaints regarding our use of your personal information or our Privacy Policy, please contact us by e-mail at [email protected] or by telephone at 0800.002.3752.

If the request is submitted by a person who is not a user/customer of the CESLA system, without providing proof that the request is legitimately made on their behalf, the request will be rejected. Please note that any identifying information provided by WS Solutions will only be processed in accordance with applicable laws.