PRIVACY AND PERSONAL DATA PROTECTION POLICY
HURST CAPITAL S.A. ("HURST") and HURST SERVIÇOS DE INVESTIMENTO COLETIVO E SECURITIZAÇÃO S.A. ("HURST CROWDFUNDING" and, together with HURST, "GRUPO HURST") value and are committed to preserving the privacy, security and transparency in the processing of personal data of their employees, clients, partners and all other individuals with whom they have any relationship. As a result, this Data Privacy and Security Policy ("Policy") has been drawn up in accordance with the General Personal Data Protection Law - LGPD (Law No. 13,709/18) and the Brazilian Internet Civil Rights Framework (Law No. 12,965/14). In addition, this Policy may be updated as a result of any regulatory updates.
The Data Privacy and Security Policy defines the guidelines for the use, storage, processing and protection of personal information collected digitally and/or physically by GRUPO HURST, covering collection through various means of communication channels, such as the website, e-mail, WhatsApp, social networks and events. It is therefore highly recommended that employees, clients and other interested parties read this document carefully.
By using our services, employees, customers and other interested parties accept the collection of data and the use of their personal information in the ways provided for by the Brazilian legal system, in particular the General Law on the Protection of Personal Data - LGPD (Law No. 13,709/18). If you do not provide the necessary personal data, we may not be able to provide you with our products and/or services.
We clarify that this Policy applies when GRUPO HURST acts as the controller of the personal data of employees, clients and other interested parties.
As such, GRUPO HURST, in its role as data controller, is bound by the provisions of this Privacy Policy.
1. Definitions:
- Data subject: any natural/physical person to whom the personal data being processed refers.
- Personal Data: Any information that allows a natural/physical person to be identified or that can make them identifiable. For example, your name, social security number, e-mail address, telephone number, etc.
- Sensitive Personal Data: personal data related to racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, which will not be collected and processed without the express and specific consent of the data subject, under the terms of the General Law on the Protection of Personal Data - LGPD (Law No. 13,709/18).
- Processing of Personal Data: is any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
2. Collection and use of information:
Personal data may be collected as follows:
- Website and social networks: consumer-oriented and managed by GRUPO HURST itself, such as Facebook, Instagram and WhatsApp.
- E-mail: by providing your e-mail address, it may be used for registration purposes through which communications, announcements and offers regarding products and/or services similar to those previously purchased and promotions will take place.
- Registration forms: printed or digital forms, and similar forms, by which we request your personal data.
- Data from other sources: third-party social networks (such as Facebook and Google), market research (if the feedback is not anonymized), third-party data aggregators and partners.
The personal data obtained by GRUPO HURST are:
Personal registration data: basic data provided for contact and identification is collected, such as: full name, CPF or CNPJ, full address, telephone number, bank details and other information required in the registration.
Data relating to contact: when a sales or service contract is signed with GRUPO HURST, data relating to the performance of the contract may be collected and stored.
Consumption data: information that makes it possible to understand the user/customer's consumption profile and can be processed for the purposes of offering new products and/or services, marketing, updating response processes and improving customer service.
Payment data: When you submit your data to pay for products or services, we may collect information about the purchase and transaction, such as financial data, bank details, credit or debit card numbers, as well as identification details, which will be considered personal data and will also be processed in accordance with current legislation.
Data transferred from third parties: provided that the data processing requirements laid down in the Law are complied with.
Cookie data: the use of automatic technology that collects certain information about your actions. This includes information on links, pages or content accessed and viewing time, as well as similar statistics on interactions, such as response time to content, download errors and duration of visits to certain pages.
Market data and consumer feedback: Information shared voluntarily with GRUPO HURST about the experience of using our products and services, such as complaints, satisfaction surveys and requests for improvement.
Communication data: We may record and save all data provided in all communication with our team, whether by e-mail, messaging, telephone or any other means.
- Browsing data: the information technology ("IT") systems and software procedures used to operate the Site collect data during their normal operation (such as the date and time of access, the pages visited and the name of the Internet provider through which the user accesses the Internet, etc.), the transmission of which is implicit in the use of web communication protocols or is useful for the better management and optimization of the data transmission and e-mail system.
We inform you that this personal data will be processed manually and/or with the help of computerized and/or automated means.
3. Purpose and legal basis of processing:
The controller(GRUPO HURST) will process personal data to achieve specific purposes and only in the presence of a legal basis (or requirement for processing) provided for in the applicable legislation on privacy and protection of personal data.
When employees, clients, partners and other interested parties register and/or fill in the form offered by HURST, their data will be kept confidential and will only be used for the purpose for which they registered.
The processing of personal data for purposes not provided for in this Privacy Policy will only take place with prior notice to the user, so that the rights and obligations provided for herein remain applicable.
The table below shows the purposes of all the data collected and processed by HURST. See below:
| Personal Data | |
|---|---|
| Purpose | Legal basis |
| User and visitor well-being: improving the product and/or service offered, facilitating, speeding up and fulfilling the commitments established between the user and the company, improving the user experience and providing specific functionalities depending on the user's basic characteristics; | Legitimate interest |
| Improving the platform: understanding how the user uses the platform's services, to help with business and technical development; | Legitimate interest |
| Ads: display personalized ads to the user based on the data provided; | Legitimate interest |
| Commercial: the data is used to personalize the content offered and to subsidize the platform in order to improve the quality of its services; | Legitimate interest |
| User profile prediction: automated processing of personal data to evaluate use of the platform; | Legitimate interest |
| Registration data: to allow the user access to certain content on the platform, exclusively for registered users; | Consent |
| Contract data: to give the parties legal certainty and facilitate the conclusion of the deal; | Contract execution |
| Other. The processing of personal data for purposes not provided for in this Privacy Policy will only take place with prior notice to the user, so that the rights and obligations provided for herein remain applicable. | |
4. Sharing and processing of personal information:
GRUPO HURST may share any personal data collected with third parties. Sharing may be done to comply with legal, regulatory or tax requirements, as well as to fulfill the purposes mentioned above, and within the limits required and authorized by law:
With employees and collaborators of the HURST GROUP, being persons directly authorized for the treatment, or by companies of the group acting as independent controllers or as Treatment Agents.
With its clients and partners when necessary and/or appropriate for the provision of related services, including EQI Investimentos, observing the principles and guarantees established by the General Personal Data Protection Law - LGPD (Law No. 13,709/18), so that representatives of EQI Investimentos can contact them for the purposes of commercial relations.
With the companies and individuals contracted to carry out certain activities and services on behalf of the HURST GROUP.
With suppliers and partners to carry out the services contracted with GRUPO HURST.
For administrative purposes such as research, planning, service development, security and risk management.
In the continuous development of our business, there may be processes of acquisition and merger of companies, establishment of commercial partnerships, joint ventures and other similar businesses. In the event of one of these deals, the information collected from our customers may be transferred, but even in these situations the Privacy Policy will be maintained, so that the use of customers' personal data will be made exclusively under the terms set out herein.
When necessary as a result of a legal obligation, determination by a competent authority, or court decision.
In the event that your data is shared with third parties, all subjects mentioned in the above items must use the shared data in a consistent manner and in accordance with the purposes for which it was collected (or to which the user has previously consented), as determined in this Privacy Policy, as well as observing other website or country privacy statements, and all applicable privacy and data protection laws.
If data is shared, the third party will only receive the data necessary to provide the contracted services. It should be noted that our contracts are drawn up in compliance with the data protection rules of the Brazilian legal system. However, our partners have their own Privacy Policies, which may differ from this one.
When you are redirected to a third-party application or website, you will no longer be governed by this Privacy Policy or our platform's Terms of Service. We are not responsible for the privacy practices of other websites and encourage you to read their privacy statements.
No documents and/or personal information will be disclosed and/or shared, unless expressly authorized by its owner or by court order or by legal determination.
No documents and/or personal information will be sold. Furthermore, the personal information of users (referred to as Data Subjects) will not be disclosed individually to third parties, except as established herein or in accordance with the law and by court order.
5. International data transfer:
Some of the third parties with whom we share your data may be located or have facilities located in foreign countries, in any case, your personal data will be subject to the General Data Protection Law - LGPD (Law No. 13,709/18) and other Brazilian data protection legislation.
In this sense, in order to guarantee and comply with legislative requirements, GRUPO HURST undertakes to adopt efficient cyber security and data protection standards.
6. Data storage:
The personal data of employees, clients, partners and all other individuals who have any link with GRUPO HURST are stored in digital and/or physical form for the period necessary to provide the service or fulfill the purposes set out in this document, in accordance with the provisions of item I of article 15 of the General Personal Data Protection Law - LGPD (Law No. 13,709/18).
The data will be deleted when they are no longer useful for the purposes for which they were collected, or when the user requests their deletion, except in the event of the need to comply with a legal or regulatory obligation, in accordance with the General Personal Data Protection Law - LGPD (Law No. 13,709/18).
processing in the cases provided for in Article 16 of the General Personal Data Protection Law (LGPD) (Law No. 13,709/18), namely:
For compliance with legal or regulatory obligations by the controller;
For study by a research organization, the anonymization of personal data is guaranteed whenever possible;
For transfer to a third party, provided that the data processing requirements set out in this Law are complied with; and/or
For the exclusive use of the controller, with no access by third parties, and provided that the data is anonymized.
7. Security of stored data
All data provided by employees, clients, partners and other individuals linked to GRUPO HURST will be treated confidentially and only for specific purposes. To keep personal information secure, we use physical, electronic (our servers) and managerial tools, oriented in accordance with our security policies and standards to protect your privacy.
These tools are applied taking into account the nature of the personal data collected, the context, the purpose of the processing and the risks that possible violations would generate for the rights and freedoms of the holder of the data collected and processed.
Among the measures we have adopted, we highlight the following:
Only authorized persons have access to the personal data of employees, clients, partners and all other individuals who have any link with the HURST GROUP;
Access to personal data is only granted after a confidentiality commitment has been made; and
Personal data is stored in a secure and reliable environment.
GRUPO HURST is committed to adopting the best measures to avoid security incidents. However, it should be noted that no transmission of information is totally secure and risk-free, and is susceptible to technical failures, viruses or similar actions. It is possible that, despite all our security protocols, problems may occur that are the sole fault of third parties, such as cyber attacks by hackers, or due to the negligence or recklessness of the user/customer themselves.
In the event of a security incident that may generate significant risk or damage to the holders of personal data, GRUPO HURST undertakes to guarantee full efforts to remedy the consequences of the event. In addition, we will notify those affected and the National Data Protection Authority of the incident, in accordance with the provisions of the General Data Protection Law - LGPD (Law No. 13,709/18).
8. Cookies or browsing data
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by the platform to the user's/customer's or visitor's computer and web browser and stores information related to browsing.
This information is related to access data, such as location and time of access, and is stored by the user's/customer's or visitor's browser or device so that the platform's server can read it later, in order to personalize the platform's services and improve the user experience.
For all collection of personal data, GRUPO HURST will always adhere to the following rules:
Only information essential to the services offered will be collected;
If we need to collect other personal data, we will take care to collect your authorization to do so;
Any authorization collected will be accompanied by the appropriate level of information;
The personal data collected will only be used to fulfill the purposes informed by the data subjects.
By accessing our website and consenting to the use of cookies, the Data Subject declares that they are aware of and accept the use of a system for collecting browsing data, i.e. they consent to the use of cookies on their device.
GRUPO HURST uses the following cookies:
The persistent cookie remains on the user's and visitor's hard disk after the browser is closed and will be used by the browser on subsequent visits to the site. Persistent cookies can be removed by following your browser's instructions.
The session cookie is temporary and disappears after the browser is closed. It is possible to reset your web browser to refuse all cookies, but some features of the platform may not work properly if the ability to accept cookies is disabled.
The data subject may, at any time and at no cost, change permissions, block or refuse cookies. However, revoking consent for certain cookies may make it impossible for some features of the platform to function properly.
9. Consent
Once the data subject has given their consent, the personal data will be processed accordingly.
Consent is the free, informed and unequivocal expression by which the data subject authorizes GRUPO HURST to process personal data.
Therefore, in line with the General Data Protection Law - LGPD (Law No. 13,709/18), personal data will only be collected, processed and stored with prior express consent.
Consent will also be obtained specifically for each purpose, demonstrating GRUPO HURST 's commitment to transparency and good faith towards its employees, clients, partners, etc., in compliance with the relevant legislative regulations.
By using GRUPO HURST 's services and providing personal data, the data subject is aware of and consents to the provisions of this Privacy Policy, as well as knowing their rights and how to exercise them.
Once registered, the data subject may review and change their registration information at any time.
It should be noted that at any time and at no cost, the holder of the personal data may revoke the consent given to GRUPO HURST.
10. Rights of the Data Subject
GRUPO HURST guarantees the rights provided for in article 18 of the General Data Protection Law - LGPD (Law No. 13,709/18). Thus, the holder of personal data may, free of charge and at any time:
Confirm the existence of data processing, either in a simplified form or in a clear and complete format.
Access your data, being able to request it in a legible copy in printed form or by electronic, secure and suitable means.
Correct your data by requesting that it be edited, corrected or updated.
Limit your data when unnecessary, excessive or processed in breach of the law through anonymization, blocking or deletion.
Request the portability of your data, through a registration data report that GRUPO HURST processes about you.
Delete your data processed with your consent, except in the cases provided for by law.
Revoke your consent, deauthorizing the processing of your data.
Inform yourself about the possibility of not giving your consent and the consequences of not doing so.
11. Enforcement of the rights of the Data Subject
In order to exercise the rights provided for in the General Personal Data Protection Law - LGPD (Law No. 13.709/18), the holder of the personal data should contact GRUPO HURST via the following e-mail address:
- E-mail: investidor@hurst.capital
In order to ensure that you are correctly identified as the owner of your personal data, we may ask you for documents or other evidence to prove your identity. In this case, you will be informed in advance.
The customer/user guarantees and is responsible for the truthfulness, accuracy, validity and authenticity of the information they provide in order to purchase our products or services. GRUPO HURST accepts no liability whatsoever in the event of false data being entered or if any inaccuracies are detected.
12. Changes to this Privacy Policy
The current version of the Privacy Policy was last updated on 08/03/2023.
We reserve the right to modify this Privacy Policy at any time, mainly in order to adapt it to any changes made to our website or in the legislative sphere. If we make any material changes to this policy, we will notify you.
Any changes will come into force as soon as they are published on our website.
13. Responsibility
GRUPO HURST provides for the responsibility of agents who act in data processing processes, in accordance with articles 42 to 45 of the General Data Protection Law - LGPD (Law No. 13,709/18).
GRUPO HURST is responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument.
GRUPO HURST undertakes to keep this Privacy Policy up to date, observing its provisions and ensuring compliance with it.
In addition, it undertakes to seek technical and organizational conditions that are certainly capable of protecting the entire data processing process. In addition, if the National Data Protection Authority (ANPD) requires the adoption of measures in relation to the data processing carried out by GRUPO HURST, we undertake to follow them.
14. Mediation and Choice of Court
In order to resolve any disputes arising from this instrument, Brazilian law shall apply in full. Any disputes shall be submitted to the courts of the district in which the company's head office is located.
- If you have any questions, please contact us through our communication channel available for requests from data subjects (e-mail investidor@hurst.capital).
By accepting, the owner of the personal data, declares that they are aware of and agree with the terms of this policy.
Sincerely,
HURST CAPITAL S.A.
CNPJ/MF: 29.765.165/0001-36
HURST SERVIÇOS DE INVESTIMENTO COLETIVO E SECURITIZAÇÃO S.A.
CNPJ/MF: 23.768.978/0001-01