Disclaimer

 GLOBAL PRIVACY POLICY –

This document aims to establish the rules for data processing that include, for example, the operations of collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination , evaluation or control of information, modification, communication, transfer, dissemination or extraction of data collected from USERS, in addition to recording their activities, in accordance with applicable laws. When the USER accepts this Privacy Policy, it grants its free and express agreement with the terms stipulated herein.

1. Glossary 

1.1. For the purposes of this document, the following definitions and descriptions should be considered for your better understanding:

Account: is the way in which the USER is represented when accessing certain restricted areas, exclusive features of the websites, applications and services offered by MakingArt, generally corresponding to a set of data that represents the USER (such as registration data) and other relevant data to ensure a more appropriate and complete relationship between the MakingArt Group and the USER (such as a record of activities carried out by the USER on the websites, applications and services offered by the Group MakingArt).

Cookies: small files or data packages sent by MakingArt to the USER’s device to identify it and collect information that will help MakingArt to improve the services provided to the USER.

Credentials: is the set of data that the USER uses to authenticate when accessing certain restricted areas and/or exclusive features of the websites, applications and services offered by MakingArt.

Generally, such data are login and password, but may include additional data to assist in the authentication process.

Data: set of Anonymized Data and Personal Data.

Anonymized Data: information that, alone or together with other Anonymized Data, does not allow the identification of a person, considering the use of reasonable technical means available at the time of its treatment. They can include gender, age and geolocation (such as the city you are in) and statistical data.

Personal Data: information relating to the identified or identifiable natural person. These may include, for example, name, address, email, telephone, debit/credit card number, IP address and geolocation data. Person in Charge or Data Protection Officer (DPO): person (individual or legal) appointed by MakingArt responsible for acting as a communication channel between MakingArt, the USER and government authorities in matters related to this Privacy Policy and the use, collection and Data processing by the MakingArt Group.

MakingArt Group: all subsidiary companies controlled by the MakingArt economic group, represented by the legal entity UNIVERSO ONLINE S.A. (CNPJ 01.109.184/0001-95). IP Address: Internet Protocol address associated with the device used by the USER. Each IP Address corresponds to an alphanumeric set that, together with other information, helps to uniquely identify the device that the USER is using to access the internet and, therefore, to access websites, applications and services offered by MakingArt.

Applicable Law: means the legislation applicable to the relationship between the MakingArt Group and the USER, which may vary depending on (i) the place where the services are provided; (ii) place of residence or residence of one of the Parties, including the USER; (iii) other factors mentioned in specific legislation.

MakingArt has representation in several countries, being subject, in addition to Brazilian legislation, to several other regulations, including the General Data Protection Regulation (GDPR), in English. Logs: records of USER activities carried out on the websites, applications and services provided by MakingArt.

Privacy Policy: collectively means this Global Privacy Policy – MakingArt and its attachments, as well as other documents expressly referenced in this Global Privacy Policy – MakingArt. USERS: people who access or interact with the features offered by the websites, applications and services offered by MakingArt. The USER must have the legal capacity to accept and consent to this Privacy Policy and other documents of the MakingArt Group.

If they do not have such capacity, the USER declares that they have previously obtained all the necessary authorizations to accept this Privacy Policy and other documents presented by the MakingArt Group. 2. Data Collection

We collect USER Data as the USER provides us, directly or indirectly, in accessing and using the websites, applications and services offered by MakingArt or by partners that have been duly authorized by MakingArt (and who follow the privacy guidelines of MakingArt Group data in accordance with this policy). We also explain what Cookies consist of and how the USER can manage them.

2.1. Data will be collected:

• when entered or voluntarily submitted by USERS on the websites, applications and services offered by MakingArt, such as creating an Account, browsing, interacting with content and acquiring services;
• when the USER submits Data from third parties to MakingArt (such as data from friends). MakingArt may use them in accordance with this Privacy Policy, the USER declaring that he has obtained the necessary consent and authorization from the third parties in question to submit this Data for knowledge and registration by MakingArt, keeping MakingArt harmless;
• when the Data is submitted automatically and without the need for any action on the part of USERS, such as through Cookies; or
• from partners who have obtained authorization to share them with MakingArt.

2.2. The information that MakingArt collects may include, but are not limited to:

• name;
• Gender;
• CPF;
• email address;
• postal address;
• telephone number and recordings (if there is contact with the USER);
• date of birth;
• payment information;
• information about the device’s browser and operating system;
• IP address;
• clicked links and buttons;
• contact book; and 
• biometric data (such as, but not limited to, a photo of the face)

2.2.1. Other data collected by MakingArt are defined in item 7 of this Policy, separated by companies and, when applicable, groups of products/services.

2.3. MakingArt is not responsible for the veracity, untruthfulness or outdatedness of the information and Data provided by the USER, and the USER is responsible for providing them accurately and updating them. MakingArt may periodically request the USER to update the information provided and the Data provided.

2.4. MakingArt uses Cookies and anonymous identifiers to control audience, navigation, security and advertising, and the USER agrees to this use by accepting this Privacy Policy. Cookies used by MakingArt can be classified in different ways:

• Regarding validity:
  • a) Session: they are temporary and remain until the website or browser is closed. They can be used in e-commerce (for the USER to continue browsing and not lose what he put in the cart, for example), to analyze internet traffic patterns and to provide a better experience and contextualized content to USERS.
  • b) Permanent: persist even if the browser has been closed. They can be used to remember USERS’ login and password information, for example, or to ensure a better user experience between different sessions.
• Regarding ownership:
  • a) Own: they are owned by MakingArt, which has full control over Cookies.
  • b) Third parties: they are owned by third parties, but included in the USER’s device through the websites, applications and services offered by MakingArt.
• Regarding the purpose:
  • a) strictly necessary: ​​essential to allow the USER to use the websites, applications and services offered by MakingArt, which could not be properly offered without these Cookies. They are usually Session and Own.
  • b) performance: collect anonymous information about how USERS use and interact with the websites, applications and services offered by MakingArt, allowing to recognize their profiles and count visits and interactions. They are usually Own.
  • c) functionality: they allow MakingArt to remember choices made by USERS (such as login and location) and provide more personal experiences, in addition to allowing eventual customizations (when available). This information can be anonymized (turning into Anonymized Data) and does not track activities outside the websites, applications and services offered by MakingArt. They are generally Own and Permanent.
  • d) analytics and advertising: allow MakingArt Group advertisers to deliver more relevant ads and information to USERS. They are also used to limit the number of times the USER sees certain advertisements and measure the effectiveness of advertising campaigns. They remember certain preferences of USERS and are used to help trace their profiles in order to improve the USER experience. They are generally permanent and may be from Third Parties (such as Google Analytics, mentioned below).
  • e) social media: allow the USER to connect with social media, such as LinkedIn, Twitter, Facebook, Pinterest and Instagram. They are generally permanent and from Third Parties.
  • f) security: help MakingArt to monitor fraudulent activities and protect user data from unauthorized access. They are generally permanent and from Third Parties.

2.5. The USER may not accept Cookies to use the sites, applications and services offered by MakingArt, but in these situations MakingArt cannot guarantee the correct functioning of these sites, applications and services offered. Cookies can be accepted, deleted or rejected through the management tools of the browser used by the USER.

2.6. MakingArt uses Google Analytics and Google ReCaptcha for the collection and processing of Data, in accordance with Google policies available at https://www.google.com/intl/pt-BR/policies/privacy/partners/, https: //policies.google.com/privacy and https://policies.google.com/terms with which the USER fully agrees by accepting this Privacy Policy. Any uses made by Google or its partners of the USER Data collected through these tools will be the sole and exclusive responsibility of Google, with MakingArt being exempt from any liability resulting from such use.

2.7. MakingArt uses the TailDMP solution for audience segmentation, and the USER may opt-out at any time by accessing http://optout.t.tailtarget.com.

2.8. MakingArt will also record the activities carried out by the USER on the websites, applications and services provided by MakingArt, creating logs that may include, but are not limited to:

• USER’s IP address; Actions performed by the USER on the websites, applications and services provided by MakingArt;
• Addresses of the pages and screens accessed by the USER on the websites, applications and services provided by MakingArt;
• Dates and times of each USER action on the websites, applications and services provided by MakingArt, in addition to the access they make to the pages and screens and the tools and functionalities they use;
• Information about the device used by the USER, operating system version, browser, among other installed applications and software;
• Session and User ID, when available;
• USER connection type, such as Wi-Fi or cellular networks (EDGE, 3G and 4G, for example);
• Geolocation.

2.9. Other technologies may be used to obtain USER navigation data. However, they will always respect the terms of this Privacy Policy and the USER’s options regarding its collection and storage, and the USER will be informed in advance in case of any changes.

If other Data than those listed above are collected, the USER will be informed in advance. The information collected by MakingArt may be combined with information collected by other sources (including third-party partners) or from other technologies.

3. Use of Data

The Data may only be accessed by companies of the MakingArt Group, partners, subcontractors and authorities. However, if the USER accesses features or websites of partners, it will be subject to the practices and policies of those partners. We also list the uses we will make of the Data collected from USERS.

3.1. Data collected from USERS may be used for the following purposes:

• Identification, authentication and authorization;
• Respond properly to requests and questions, as well as provide support to USERS;
• Keep up-to-date records for contact purposes by telephone, electronic mail, SMS, direct mail or other means of communication;
• Improve the use and interactive experience while browsing the websites, applications and services provided by MakingArt;
• Carry out statistics, studies, research, project planning and surveys relevant to the USER’s activities and behaviors when using the websites, applications and services provided by MakingArt, performing such operations anonymously with Anonymized Data;
• Promote the services of MakingArt and its partners, in addition to informing about news, features, content, news and other relevant information for maintaining the relationship with MakingArt;
• To protect MakingArt from rights and obligations related to the use of the websites, applications and services provided by MakingArt;
• Collaborate and/or comply with a court order or request by an administrative authority, as well as meet obligations to preventively report certain activities to competent authorities;
• Proceed with payment requests made by USERS; Send newsletters and emails that the USER expressly agreed to receive;
• Manage risk and detect, prevent and/or remediate fraud or other potentially illegal or prohibited activities, in addition to violations of applicable policies or terms of use;
• Share payment information between the companies of MakingArt, in order to facilitate the experience of USERS when using the websites, applications and services offered by MakingArt;
• and Consult the Data in private and public bureaus to verify that they are correct, update them or request additional data.

3.2. The use, access and sharing of the database formed under the terms of this Privacy Policy will be made within the limits and purposes of the MakingArt Group’s activities, and may be provided and made available for access and/or consultation to the companies that are part of the MakingArt Group in addition to of business partners, suppliers, service providers, subcontractors, authorities or third parties in general, provided that the provisions of this Privacy Policy, Applicable Legislation or by court order are complied with.

USER sensitive data, such as personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person, will be shared exclusively with the consent of the USER.

3.2.1. USERS’ Data may be shared with entities located outside the USER’s country of residence (such as countries in the European Economic Area, South America or North America). In such cases, the processing, treatment, use and sharing of the Data will be done in accordance with the Applicable Legislation and this Privacy Policy.

In particular, when Data originating from the European Economic Area is transferred to countries that have not been recognized by the competent authorities as offering an adequate level of protection, the MakingArt Group will ensure the use of the appropriate tools and measures (such as the Standard Contractual Clauses of the European Commission).

3.2.2. MakingArt undertakes to protect the financial and banking secrecy of its customers and USERS by not sharing this information with companies with which the USER has not agreed. The USER acknowledges that MakingArt is obliged to comply with a series of legal obligations as a result of the Applicable Legislation related to the identity of its customers and the origin of the funds it operates.

In this way, MakingArt is authorized to request, and the USER obliged to provide, additional documents and information, including to carry out know-your-customer procedures and prevention of money laundering. The information obtained by MakingArt in response to the questions raised will be treated as confidential information.

MakingArt is authorized to share data required by the Applicable Legislation with the competent authorities and with third parties who need to have access to the Data to prepare/validate reports on the activities of MakingArt under said legislation.

3.2.3. The USER is responsible for the confidentiality, use and all acts in the use of the Credentials (such as, but not limited to, login, password and authentication token). If the USER identifies or suspects that a third party has access to his password, he must change it directly in the systems or services. The sharing of Credentials resulting from the action of the USER constitutes a violation of this Privacy Policy. 

3.3. The USER is already aware that MakingArt may

• anonymize Personal Data, making it Anonymized Data;
• the enrichment of its database, adding information from other legitimate sources – including those from databases of other companies of the MakingArt Group;
• processing of Personal Data based on the legitimate interest of the MakingArt Group, as provided for in the Applicable Law. The USER expresses express consent to such activities by agreeing to the terms of this Privacy Policy.

3.3.1. The USER acknowledges and agrees that MakingArt may use the Data to profile the USER, in order to improve its services or comply with Applicable Law, including, but not limited to, know-your-customer obligations. The USER’s profile will be shared exclusively under the terms of this Privacy Policy or Applicable Law.

3.4. Internally, the Data will only be accessed by professionals duly authorized by the MakingArt Group, respecting the principles of purpose, adequacy and necessity, among others provided for in the Applicable Legislation, for the purposes of the MakingArt Group, in addition to the commitment to confidentiality and preservation of privacy under the terms of this Privacy Policy.

3.5. Anonymized Data may be collected, processed, stored, used, transferred and disclosed for any purpose, regardless of USER authorization.

3.6. MakingArt has business partners that can offer services through features or sites accessed from the sites, applications and services provided by MakingArt. The Data provided by the USER to these partners will be the responsibility of the partners, thus being subject to their own practices of obtaining and using Data, without any burden to the MakingArt Group in relation to such Data.

3.7. MakingArt values ​​the security and inviolability of the USER’s Credentials. For this reason, it constantly searches and monitors the internet in its various layers in order to identify, collect and process for validation purposes (authentication tests) logins and passwords potentially belonging to USERS that have been improperly published on the internet by third parties.

3.7.1. If, through authentication tests, MakingArt finds that the USER’s Credentials have been compromised (made accessible to third parties), MakingArt – for security reasons and in order to prevent inappropriate access by third parties to the USER’s Account and Data – will preventively block USER Credentials. If there are any doubts – including how to unlock the Credentials – the USER can consult the terms of use on the websites, applications and services provided by MakingArt, or contact MakingArt’s call center.

4. Data Storage

The Data collected is stored in a secure location. At any time, the USER may request the display, correction or deletion of their Data. Except in specific cases, we may keep the Data collected for legal compliance, auditing and preservation of rights, for the period necessary to fulfill these responsibilities.

4.1. The Data collected will be stored in a secure and controlled environment. However, considering that no security system is infallible, MakingArt disclaims any liability for any damages and/or losses resulting from failures, viruses or intrusions into the database of websites, applications and services offered by MakingArt, except in cases where there is intent or negligence. However, if MakingArt identifies that any of these situations have occurred, it will notify the affected USERS, informing them that their Data has been breached and indicating that they adopt the appropriate measures.

4.2. The Data obtained from the USER may be stored on the MakingArt Group’s own server or on a third party hired for this purpose, whether located in Brazil or abroad, and may also be stored using cloud computing technology and/or others that may arise in the future, always aiming at improving and perfecting the activities of the MakingArt Group. MakingArt will ensure that third parties that eventually maintain the servers on which the Data are stored maintain security and control standards in accordance with applicable legal standards.

4.3. Through the service tools available on the websites, applications and services offered by the MakingArt Group, the USER (may be subject to proving its identity) is provided:

• request access to the Data, including its display, rectification with the correction of incomplete, inaccurate or outdated data or elimination/deletion of Personal Data concerning you;
• request the elimination/deletion of all your Personal Data collected and recorded by MakingArt, provided that the contract between the USER and MakingArt has ended, the Account canceled and the minimum legal term for the purposes of legal obligations of MakingArt has elapsed ;
• revoke consent for the future collection, treatment, use and processing of Personal Data concerning you or restrict the processing of Personal Data. This will not affect the legality of the treatment and processing of Personal Data carried out before the revocation, based on your consent or the legitimate interest of MakingArt. The revocation of consent may prevent the USER from fully using or even make the use of the websites, applications and services offered by MakingArt unfeasible; request the portability of your Data;
• request that MakingArt no longer use Personal Data for marketing purposes.

4.3.1. Although the USER has requested the deletion of their data and revoked their consent, in some specific cases the MakingArt Group may be subject to Laws and regulations that make it impossible to delete/revoke the Data.

4.3.2. The USER’s Personal Data will also be deleted when they are no longer needed, except in the event of legal or contractual justification for their maintenance (for example, to comply with any legal obligation to retain data or need to preserve them to preserve legitimate rights and interests of one of the parties involved in the contract).

4.4. The USERS’ privacy settings and the products and resources that the USER uses influence the USER Data that will be obtained by MakingArt.

4.5. The MakingArt Group may, for purposes of auditing and preservation of rights, retain the USER Data registration history, with the MakingArt Group having the power to permanently exclude them at its convenience or in cases where law or regulatory rule requires.

MakingArt may also keep the Anonymized Data and anonymized version of the Data for statistical and study purposes, even after the USER requests its deletion or after the legal storage period has expired.

5. General Provisions:

We may update this document at any time. So, check it out often. If we outsource any activity, we will ensure that the contracted companies comply with all provisions of this document.

5.1. The content of this Privacy Policy may be updated or modified at any time, according to the purpose or convenience of the MakingArt Group, such as for legal adequacy and compliance with a law or rule that has equivalent legal force, the USER being responsible for checking it always to access the websites, applications or services offered by MakingArt.

5.1.1. In the event of updates to this document, MakingArt will notify the USER through the tools available on the websites, applications and services provided by MakingArt and/or means of contact provided by the USER. The USER will be bound by the new terms of this document from the delivery of the notification about the updates.

5.2. The person in charge/DPO is [email protected]. The USER may contact this address to clarify any doubts regarding the provisions contained in this Privacy Policy.

5.3. If you consider that MakingArt has violated any legal provision or this Privacy Policy, the USER has the right to file a complaint with the appropriate supervisory authority, in addition to contacting MakingArt directly.

5.4. If outsourced companies process any Data collected by MakingArt, they must comply with the conditions stipulated herein and the Information Security standards of MakingArt, obligatorily.

5.5. If any provision of this Privacy Policy is considered illegal or illegitimate by the authority of the location where the USER resides or of its internet connection, the other conditions will remain in full force and effect.

6. Applicable Law and Jurisdiction

In any lawsuits, Brazilian law and the jurisdiction of the city of São Paulo apply, except for specific exceptions by the Applicable Law (such as the USER’s domicile).

6.1. This Privacy Policy will be interpreted in accordance with Brazilian legislation, in the Portuguese language, and the forum of the city of São Paulo will be elected to settle any dispute or controversy involving this document, except for the specific exception of personal, territorial or functional competence by the Applicable Legislation.

7. Specific conditions The following are specific conditions applicable to certain companies/products/services of the MakingArt Group, identified in each section. If the USER contracts with any of the companies or uses one or more of the products/services described below, the following conditions will apply in addition to what is established in the Privacy Policy. 7.1. Investment and Financing Platform 

7.1.1. If the USER uses the online platform for the provision of investment and financing services offered by companies of the MakingArt Group (“Investment and Financing Platform”), the following complementary conditions will apply.

7.1.2. When using the Investment and Financing Platform, the USER may be asked to submit additional documents and information, including for the purposes of credit analysis, as well as for carrying out know-your-customer and money laundering prevention procedures.

The information obtained by MakingArt will be treated as confidential information, pursuant to Complementary Law No. 105 of January 10, 2001, which provides for the confidentiality of financial institution operations.

7.1.3. In the event that the MakingArt Group suspects that false information has been provided by the USER, third parties may be contacted in order to investigate the possibility of fraud; they will have access to the information provided for the sole purpose of verifying the occurrence or not of possible fraud.

7.1.4. MakingArt may transfer Data obtained to other market agents, such as financial institutions, which will be necessary, solely and exclusively, in carrying out activities related to the Investment and Financing Platform.

7.1.5. In addition to the purposes described in the Privacy Policy, MakingArt or third-party service providers are authorized to use the information provided by USERS for the following purposes:

• verification of the USER’s identity;
• prevent the occurrence of financial crimes and money laundering; identify possible fraud;
• carry out credit analysis;
• manage the Investment and Financing Platform;
• make the access page of the Investment and Financing Platform available to its users and identify the services of their interests;
• carry out regulatory controls required by applicable legislation/regulation;
• keep any third parties possibly interested in and/or related to the desired operation informed;
• ensure the execution of the desired operation.

7.1.6. MakingArt has physical, electronic and procedural protection resources for the Investment and Financing Platform, which meet national and international legal standards for the protection of personal information, such as access authentication mechanisms with double authentication systems, ensuring the individualization of the person responsible for handling the records, detailed inventory of accesses to the Investment and Financing Platform and use of records management solutions using techniques that guarantee data inviolability.

7.2. Payment Management Service

7.2.1. If the USER uses the “PagBank” payment management service, the following additional conditions will apply.

7.2.2. If the USER authorizes, MakingArt may access the information present in the USER’s e-mail boxes to manage bank slips.

7.2.3. Any access by MakingArt to USERS’ email boxes:

• It will only occur with the prior and express authorization of the USER, which may be granted and revoked at any time using tools available in the USER’s email;
• it will be done in an automated way, without the involvement of any human element;
• will only be restricted to emails related to bank slips, for the functionality offered by MakingArt that allows the USER to manage their accounts payable, as well as facilitate their payment using the services/products of MakingArt;
• it depends on the USER’s e-mail provider having functionality that allows authorized access by MakingArt. At no time will MakingArt ask the USER to provide his/her e-mail access credentials.

7.2.4. The use of information received by the Gmail APIs by MakingArt is in compliance with Google’s Limited Use Requirements (https://developers.google.com/terms/api-services-user-data-policy).

7.2.4.1. MakingArt will only use access to read Gmail message bodies (including attachments), metadata, headers and settings to allow the user to manage consumer accounts and will not transfer this Gmail data to third parties unless that it is necessary to provide and improve these features, comply with applicable law, or be part of a merger, acquisition or asset sale.

7.2.4.2. MakingArt will not use this Gmail data to serve ads.

7.2.4.3. MakingArt will not allow humans to read this data unless we have your affirmative agreement for specific messages, which is necessary for security purposes, such as investigating abuse, complying with applicable law, or for the internal operations of MakingArt’s solutions. and even then only when the data has been aggregated and anonymized.

7.3. MakingArt

 7.3.1. MakingArt Cloud/Host 

7.3.1.1. If the USER uses virtual computing resources and services to create and use a processing environment, data storage and provision of internet access (“MakingArt Cloud”), the following complementary conditions will apply.

7.3.1.2. The Data may be stored on several servers simultaneously, for reasons of redundancy and information security. These servers may be located in different regions or even countries. The USER agrees that MakingArt may freely determine in which locations the Data will be stored. Upon the USER’s request, MakingArt will inform where the data is stored at the time of the request