
1.INTRODUCTION
Tractian and its affiliates (“we”, “our" or “us”) acknowledge the responsibility to treat any and all personal data ethically and securely, in compliance with Data Protection Laws and equivalents. Tractian’s Privacy Policy ("Policy") reflects our commitment to transparency in Personal Data Processing, aiming to protect Data Subjects’ rights and ensure that the collected data is used responsibly, for the benefit of innovation and operational efficiency.
By consenting to this Policy, the Holder agrees to the terms described herein, as well as to the Processing of Personal Data by Tractian, for the purposes described herein.
2.ABOUT US
We are a renowned company with expertise in predictive maintenance and asset monitoring solutions, leveraging intelligent sensors seamlessly integrated with our proprietary platform powered by Artificial Intelligence.
Tractian Inc., as the holding company, has the following subsidiaries:
•Tractian Technologies Inc. – Subsidiary located in Atlanta, Georgia, United States of America;
•Tractian Tecnologia Ltda. – Subsidiary located in São Paulo, Brazil;
•Tractian Tecnología Industrial S. de R.L. de C.V. – Subsidiary located in Mexico City, Mexico.
We operate globally with the commitment to provide cutting-edge technology to increase efficiency, safety, and maintenance predictability in industrial environments.
3.OBJECTIVE
This Policy aims to provide information on how we collect, use, store, share and protect the Personal Data that is processed by us in an objective and transparent manner, ensuring that our data processing practices are in line with legal requirements.
4.SCOPE
Tractian’s Privacy Policy applies to all individuals who have personal data processed by Tractian, whether by physical or digital means, covering all activities involving the Processing of Personal Data.
5.TERMS AND DEFINITIONS
To understand this Policy, we must consider the following definitions and terminologies:
- Anonymization: Process of rendering personal data anonymous (information does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable).
- Blocking: Temporary suspension of any Processing operation, by keeping the Personal Data or the Database.
- Brazilian General Law for the Protection of Personal Data (LGPD): Brazilian Law that legally regulates Personal Data Protection and Processing in Brazil, whether by digital or physical means. It aims to protect the fundamental rights of freedom and privacy and the free development of a natural person’s personality. The LGPD requires clear and transparent consent for the processing of personal data and grants individuals the right to access, correct and delete their personal information.
- Brazilian National Data Protection Authority (ANPD): Brazilian public body responsible for ensuring, implementing, and supervising compliance with the Brazilian General Data Protection Law (LGPD).
- California Consumer Privacy Act (CCPA): Californian Law of 2018 (CCPA) that gives consumers more control over the personal information that businesses collect about them.
- California Privacy Rights Act (CPRA): California State Law that strengthens consumer data privacy protections by expanding and amending the California Consumer Privacy Act (CCPA).
- California Privacy Protection Agency (CPPA): California State Agency, created by the California Privacy Rights Act (CPRA) to implement and enforce California privacy laws, including the California Consumer Privacy Act (CCPA).
- Closed Circuit Television (CCTV): Security system that uses cameras to monitor and record images of Tractian's physical environment / infrastructure.
- Consent: Freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- Controller: Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- Database: Structured set of data, established in one or several locations, in electronic or physical support.
- Data Protection Laws: Laws that regulate the processing of personal data, with the aim of protecting people's privacy and rights. Include, among others, LGPD, GDPR, LFPDPP, CPRA and CCPA.
- Data Protection Officer (DPO): A person designated by the Controller and Processor to act as a point of contact for the Controller, the Data Subjects and the Supervisory Authorities, ensuring compliance with data protection regulations, like the GDPR.
- Data Subject: Natural person to whom the personal data that is the object of Processing refers.
- Elimination: Deletion of data or a set of data stored in the Database, regardless of the procedure employed.
- Employees: People hired to join Tractian's staff, who can be interns, trainees, temporary workers and outsourced employees.
- European Data Protection Board (EDPB): Independent European body with legal personality. It ensures that the General Data Protection Regulation and the Law Enforcement Directive are applied consistently and ensures cooperation, including enforcement.
- General Data Protection Regulation (GDPR): European data protection regulation applicable in all member states to harmonize data privacy laws across Europe.
- International Data Transfer: Personal data transfers to a foreign country or international organization of which the country is a member.
- Mexican Federal Law for the Protection of Personal Data in the Possession of Private Individuals (LFPDPPP): Mexican law that regulates the Processing of personal data by private entities, establishing rules for their Processing, collection, use and storage.
- Mexican National Institute for Transparency, Access to Information and Protection of Personal Data (INAI): Mexican constitutional body that guarantees access to public information and protects the personal data of citizens held by the public and private sector through the Mexican Federal Law for the Protection of Personal Data in the Possession of Private Individuals (LFPDPPP).
- Our Channels: Website, portals, applications, systems and physical units.
- Opt-in: Manifestation of the Data Subject in voluntarily expressing their Consent to receive specific communication or authorization for the Processing of personal data.
- Opt-out: The opposite of Opt-in, i.e. the revocation of a previously made Consent.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Privacy Governance Program: Framework that demonstrates the integrity and commitment of the Controller or the Processor through the adoption of internal processes, principles, guidelines and policies that ensure compliance with rules and good practices related to the protection of personal data.
- Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Processor: Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Purpose: Reason for which the Processing of the Holder's Personal Data is carried out.
- Security Incident involving Personal Data: Any confirmed or suspected event that affects the security of Personal Data, such as unauthorized access, loss, alteration, leakage, or inappropriate or unlawful Processing.
- Sensitive Personal Data: Personal Data about racial or ethnic origin, religious conviction, political opinion, union membership or religious, philosophical or political organization, data related to health or sex life, genetic or biometric data, when linked to a natural person.
- Shared Use of Data: Communication, dissemination, international transfer, interconnection of personal data or shared processing of personal databases by public bodies and entities in compliance with their legal competences, or between private entities, reciprocally, with specific authorization, for one or more modalities of processing permitted by these public entities, or between private entities.
- Supervisory Authorities: Public bodies responsible for ensuring, implementing and supervising compliance with Data Protection Laws. Include, among others, ANPD, INAI, CEPD and CPPA.
- Website: Virtual address of an individual or legal entity, composed of a set of electronic pages.
6.DATA PROCESSING
For the purpose of delivering our solutions with efficiency innovation, while developing contractual relationships, the processing of Personal Data is necessary to guarantee you a safe and personalized experience.
The personal data we may collect varies according to your interaction with us and will only be collected if essential for carrying out the Processing activity, always being used to fulfill only the Purposes informed to you.
When applicable, we will ask for authorization or notify you of the collection of new data, accompanied by due justification. Among the Data that may be collected, there are:
Personal Data Processed | Form of Collection and Purpose of Processing |
---|---|
Identification and Contact Data: | Full name, e-mail, telephone number, passport number, CURP number (Single Clef of Población Registration), among others. Personal data provided directly by you, third parties or companies that interact with us on Our Channels. We process this data so that we can provide service and support to you, comply with legal and contractual obligations and the exercise of our rights, enable our business relationship, answer questions or provide information to you and enable marketing actions. |
Financial Data: | Salary, credit history, among others. Data collected directly from you or from public databases for recruitment and selection of candidates suitable for our job vacancies and to identify legal risks. |
Browsing Data: | IP, geographic location, among others. Personal data collected automatically via Cookies, similar technologies or if you access our facilities and use our Wi-Fi or wired internet network, for the purpose of improving your browsing experience on Our Digital Channels and customizing your browsing experience according to your habits and preferences. |
Recruitment and Selection Data: | Professional experience, academic background, among others. Personal data provided directly by you when you register for any of our job vacancies or that Tractian collects from public databases, made available by authorities (such as the Federal Revenue Service, for example), or even data made public by you on Websites or social networks, always respecting your privacy and with the sole purpose of evaluating your application and managing the selection process to ensure your suitability for the vacancy for which you are applied, in addition to considering their participation in other future opportunities. |
Sensitive Data: | Facial Biometrics, PCD report, ethnicity, political affiliation, among others. All Sensitive Personal Data will be collected by us upon your knowledge and, where applicable, your Consent. In this way, we collect such data directly from you to ensure the security of our facilities and compliance with legal and tax obligations. |
6.1.DATA PROCESSING OF CHILDREN AND ADOLESCENTS
The Processing of Personal Data of children and adolescents will only be carried out with specific and detached consent from one of the parents or legal guardian.
6.2.DATA PROCESSING OF THE ELDERLY
Tractian recognizes the special protection due to the personal data of elderly people.
When we process personal data of data subjects aged 60 or over, we will adopt additional precautions, including accessible language, clear information about the purposes of the use of the data, as well as mechanisms to support the exercise of their rights.
Whenever possible, we will prioritize service channels that ensure the complete clarification of doubts, as well as conscious and informed decision-making.
We reinforce that the personal data of the elderly will be treated with the same security, confidentiality and responsibility applied to other holders, with redoubled attention to the principles of necessity, adequacy and transparency.
7.DATA STORAGE AND RETENTION
The data processed by Tractian will be stored throughout the time needed to meet the purposes for which they were collected or to comply with legal and regulatory requirements. At the end of the data retention period or when requested by the Data Subject, they will be deleted or anonymized irreversibly, ensuring that it is no longer possible to identify them.
To define how long Tractian will retain your data, some criteria will be considered, for example if it is necessary for:
• Legal, tax or contractual obligations that require retention;
• Investigation or legal disputes; and
• Maintaining accurate business and financial records.
8.PERSONAL DATA SHARING
Tractian is responsible for its database and committed to use it solely for purposes related to its operations. When the sharing of personal data is necessary, it will be done based on clear criteria, always respecting this Privacy Policy and data protection laws.
Internally, the Personal Data processed is accessed only by duly authorized Employees, respecting the principles of Data Protection Laws, in addition to the commitment to confidentiality and preservation of privacy under the terms of this Privacy Policy.
Tractian may share personal data with:
•Partners, service providers and suppliers who support Tractian in activities such as data analysis, legal and accounting support, audits, information security, among others.
•Public authorities, when there is a legal or regulatory requirement, such as in administrative or judicial proceedings.
•Anti-Fraud Companies, to protect and defend the Company’s rights, the Data Subjects and any other natural or legal person involved, against fraudulent or malicious activity, to enforce Tractian's Terms and Conditions, or to cooperate with relevant enforcement agencies.
•Other companies in the Tractian Group, including its units in Brazil and branches in the USA and Mexico, when this is necessary to optimize our internal processes, comply with legal obligations or facilitate strategic operations, such as mergers or restructurings.
We emphasize that Tractian does not sell or sell Personal Data under any circumstances.
9.INTERNATIONAL DATA TRANSFERS
The sharing of Personal Data may be carried out with entities located outside your country of residence, such as North and South America regions in the case of sharing the Data with Tractian’s units located in Brazil, the USA and Mexico. In these scenarios, the Processing will be carried out in accordance with the applicable Data Protection Laws and this Policy.
It is also possible that your personal data may be transferred outside of Brazil when we use technologies and services from suppliers and service providers, for example, for the purpose of storing the Database in cloud services, through responsibilities guaranteed in formal agreements.
10.YOUR RIGHTS AS A DATA SUBJECT AND HOW TO EXERCISE THEM
Depending on the jurisdiction of your place of residence, you have certain rights in relation to your Personal Data, which may include the right to:
•Confirmation of the existence of Processing of your Personal Data;
•Access to your Personal Data that we process;
•Correction of incomplete, inaccurate, or outdated Personal Data;
•Anonymization, Blocking, or Deletion of Personal Data;
•Portability of Personal Data to another service or product provider, upon express request, in accordance with the regulations of the Supervisory Authority, observing our commercial and industrial secrets;
•Deletion of Personal Data processed with the Consent of the Holder;
•Information on the public and private entities with which we carry out the Shared Use of Data;
•Information about the possibility of not providing Consent and about the consequences of refusal;
•Revocation of the Consent given for the Processing of your Data;
•Automated decision review used exclusively for purposes such as defining your personal, professional, consumer and credit profile or aspects of your personality.
The rights of the Data Subjects provided for in the Data Protection Laws and in this Policy may be exercised upon express request by the Data Subject or legal representative, and may be made through the e-mail [email protected].
The User is aware, through this Policy, that any requests for the deletion of Data essential for the management of their registration with Tractian, when applicable, will result in the termination of their contractual/business relationship.
The fulfillment of requests made by the Data Subject will be carried out within the period established in the Data Protection Law applicable to the jurisdiction of their place of residence. In the event of the need to extend the service period, Tractian will inform and present to the Data Subject the due factors justifying the extension.
Furthermore, it is necessary that the Data Subject provides correct and up to date information. Tractian is not responsible for the accuracy, truthfulness or the lack of these factors in the information provided.
Finally, the Data Subject must be aware that their request may be legally rejected, either for formal or legal reasons (such as the request for the deletion of data which the maintenance may be necessary for the fulfillment of a legal or regulatory obligation, execution of contracts or other legal purposes, upon substantiated justification of which are the obligations are; and/or exclusive use of Tractian, access by third parties is prohibited, and provided that the data is anonymized), being certain that, in the event that it is impossible to comply with these requests, the Data Subject will be presented with reasonable justifications.
11.SECURITY OF PERSONAL DATA
The Personal Data under Tractian’s control will be stored in accordance with the strictest security standards adopted by the market, which includes for example the following measures:
•Protection against unauthorized access;
•Restricted access by persons to the place where Personal Data is stored;
•Adoption of procedures with Employees, service providers and suppliers who carry out the processing of personal data in order to commit to maintaining the absolute confidentiality of the information, adopting the best practices for handling this data, as determined in corporate policies and procedures;
•Encryption of the Tractian’s database;
•Use of one-time password (OTP) or two-factor authentication (2FA) to access some of our systems;
•Adoption of a Privacy Governance Program applied to its activities and governance structure, constantly updated.
In any case, in the remote event of the identification of a Security Incident with Personal Data that may cause damage to the privacy of the Data Subject's Personal Data processed by us, we will inform the Supervisory Authority and the Data Subjects involved, within a period established by the competent body, always ensuring due transparency to the Data Subject.
12.LINKS TO THIRD-PARTY WEBSITES
Our Digital Channels may contain links to other third-party Websites that have their own Data Processing Policy and any type of Data Processing related to the services of these third parties will be responsible for the proper maintenance of the Data.
We emphasize that Tractian is not responsible for the Privacy Policy used by these third parties and we recommend that you carefully read the applicable terms and policies when accessing external websites, since the processing of personal data in these environments is carried out under the sole responsibility of the respective third parties.
13.COOKIES AND SIMILAR TECHNOLOGIES
When you visit our Sites, we use Cookies and similar technologies to collect information, improve your experience on Our Channels, understand how you interact with our content, personalize services, and provide you with more relevant communications.
The information collected may relate to you, your preferences, or your device, and is primarily used to make the Site work as you expect and to offer you a more personalized web experience.
However, you can choose not to allow certain types of Cookies, which may impact your experience on the Site and the services we can offer, with the exception of strictly necessary Cookies, which you cannot opt in to as they are necessary to ensure the proper functioning of our Site, such as displaying the Cookie banner, remember your settings, log in to your account, redirect you when you log out, among others.
To learn more and to manage the Cookies that Tractian uses, please click on 'Your Privacy Choices' in the bottom right corner of our website.
At any time, you may revoke your consent to the use of cookies by accessing your privacy choices on our Site or your preferred browser settings. However, we warn you that, depending on the configurations you have made, certain features of our website may not work optimally, as well as information security aspects.
14.DIGITAL COMMUNICATIONS
Tractian may use your contacts to send content, information materials, invitations to events, news about our products and services, as well as promotional and institutional communications.
These communications are mainly directed to contacts who have shown interest in our solutions, whether through registrations on our website, filling out forms in campaigns (including ads on platforms such as Google Ads, Meta Ads, LinkedIn Ads), participating in events or interacting with our commercial team.
If you wish to stop receiving this type of communication, you can unsubscribe at any time by clicking on the unsubscribe link (Opt-out) present at the bottom of our emails to be forwarded to the cancellation process or by opening a request via email [email protected].
15.OUR DATA PROTECTION OFFICER (DPO)
Tractian has designated Grant Thornton Corporate Consultores de Negócios Ltda ("Grant Thornton”) as Data Protection Officer (DPO), represented by Alline Ribeiro Benfatti Vaz, with Alessandro Gratão Marques as Substitute Representative.
Our DPO is available to receive Data Subjects’ requests on the exercise of rights, answer Data Subjects’ questions and receive suggestions or comments related to this Privacy Policy and Tractian's Privacy Governance Program through the e-mail: [email protected].
16.REFERENCES USED IN THIS POLICY
•General Law for the Protection of Personal Data (LGPD) - Law No. 13.709/2018;
•Civil Rights Framework for the Internet – Law No. 12,965/2014;
•Consumer Protection Code (CDC) – Law No. 8,078/1990;
•Resolutions of the National Data Protection Authority (ANPD);
•Constitution of the Federative Republic of Brazil;
•General Data Protection Regulation (GDPR);
•Federal Law for the Protection of Personal Data in the Possession of Private Individuals (LFPDPPP);
•California Consumer Privacy Act (CCPA) and;
•California Privacy Rights Act (CPRA).
17.GENERAL PROVISIONS OF THIS POLICY
This policy is bound by Tractian's Terms of Use, and will be interpreted in accordance with Brazilian law, in the Portuguese language, and the Central Court of the District of São Paulo/SP will be elected to settle any dispute, question or doubt that may arise, with express waiver of any other, however privileged it may be.
If any provision of this Privacy Policy is found to be illegal or illegitimate by a public authority, the remaining conditions will remain in full force and effect.
The User acknowledges that all communication made by e-mail (to the addresses informed by him), SMS, instant communication applications or any other digital and virtual form are also valid as documentary evidence, being effective and sufficient for the disclosure of any matter that refers to the services provided by Tractian , as well as the conditions of their provision, except for the expressly different provisions set forth in this Privacy Policy.
18.UPDATES TO THIS POLICY
This Privacy Policy may, at any time and at Tractian's sole discretion, be updated in order to improve transparency with the Data Subjects, as well as to comply with legal, regulatory or administrative obligations.
Tractian advises the Data Subject to periodically review this Policy to stay up to date on how their data is being treated.
If the User does not accept and agree with this Privacy Policy, including any amendments, he/she should not use Our Channels, services and products.