AutoDoc Tecnologia has the responsibility and commitment to treat information security as a priority, giving its customers and users transparency about the treatment of personal data that travel on our platforms.

In this Policy, we will present how your information is sent or collected by our solutions and what are the responsibilities of each agent in relation to data security and privacy. At the end, we will detail what are the purposes for the collection of personal data, explaining how they are protected, processed and managed.

We emphasize that the requirements of
the General Law on Protection of Personal Data (LGPD) have been implemented and are being observed.
Roles and responsibilities
When does AutoDoc act as a data controller?
When does AutoDoc play the role of data operator?
Communication channel
Roles and responsibilities

There are three agents that participate in the life cycle of personal data:

Owner
Natural person who has personal data registered or collected by our platforms;

Controller
Person who enters, controls or maintains personal data;

Operator
Person who performs the processing of personal data on behalf of the Controller.
Communication channel

Out of respect for the owners, AutoDoc has a specific channel for communication related to your personal data and the clarification of any doubts. In this channel, upon request, we will inform you of the holders' personal data on our platforms. In the same environment, holders can also revoke prior consent, demand data extraction for service portability or even request the definitive exclusion. In the AutoDoc Customer Portal , use the “Data Privacy” section to interact with us.
DATA PRIVACY POLICY
When does AutoDoc act as a data controller?

For monitoring and traceability of users' actions, improving solutions or delivering new functions, AutoDoc solutions automatically collect some personal data. Are they:







IP adress;

Geolocation coordinates (mobile applications);

Browser and operating system information.
When does AutoDoc play the role of data operator?

AutoDoc solutions are provided through the SaaS (Software as a Service) model. We provide access accounts for customers to enter the personal data of their users and employees, for the sole purpose of managing work processes. The customer chooses and inserts the personal data to be used. AutoDoc's responsibility, in this context, is to ensure good information security practices in data processing. Thus, with regard to data privacy, we apply consent management, encryption in transit / rest, anonymization, authentication / authorization, monitoring and traceability.

We collect and process personal data in the following scenarios:

User Control

To control users who access the applications, we work with the following data:

Name: for clear identification of who the user is. This data can also appear in specific reports, in order to identify the person responsible for actions taken in the solutions;

E-mail: for triggering transactional e-mails, referring to alerts linked to the user's own interests. Another purpose of the collection is to trigger marketing emails about AutoDoc products, which are equipped with an option to interrupt receipt, in respect to the user.
Employee Control

AutoDoc has solutions that, in themselves, are based on the use of data from customers' employees. The purposes are access control and effective works, management of legal / tax documentation and training control. In addition, the data is inserted into the application interfaces and is available in reports directed to those responsible for these processes.

The data used are:

Name

Date of Birth

Photo

RG

CPF

PIS

Other personal documents required by the contractor



When does AutoDoc play the role of data operator?

AutoDoc solutions are provided through the SaaS (Software as a Service) model. We provide access accounts for customers to enter the personal data of their users and employees, for the sole purpose of managing work processes. The customer chooses and inserts the personal data to be used. AutoDoc's responsibility, in this context, is to ensure good information security practices in data processing. Thus, with regard to data privacy, we apply consent management, encryption in transit / rest, anonymization, authentication / authorization, monitoring and traceability.

We collect and process personal data in the following scenarios:


User Control

To control users who access the applications, we work with the following data:

Name: for clear identification of who the user is. This data can also appear in specific reports, in order to identify the person responsible for actions taken in the solutions;

E-mail: for triggering transactional e-mails, referring to alerts linked to the user's own interests. Another purpose of the collection is to trigger marketing emails about AutoDoc products, which are equipped with an option to interrupt receipt, in respect to the user.
Employee Control

AutoDoc has solutions that, in themselves, are based on the use of data from customers' employees. The purposes are access control and effective works, management of legal / tax documentation and training control. In addition, the data is inserted into the application interfaces and is available in reports directed to those responsible for these processes.

The data used are:





Visitor Control

The AutoDoc GD4 platform has the function of registering visitors who access clients' works. The purpose stems from the legal requirement to identify all people who access the works, in view of the possible verification of responsibility in these environments. The following data is stored:

Name

Date of Birth

Photo

RG

CPF

PIS

Other personal documents required by the contractor
Full name

RG

Foto