BASE39 ("BASE39") is a fintech that conducts online technology platform activities through a set of APIs and a whitelabel interface that facilitates customer access to products and services offered by financial institutions and accredited bank correspondents on the platform.
This Personal Data Usage Privacy Policy ("Policy") clearly establishes our commitment to creating a safe and pleasant online experience for visitors to our website ("Users"), as well as describes how BASE39 collects, processes, handles, uses, and shares Personal Data provided by Users.
The Policy applies to (i) BASE39 clients; (ii) website Users; (ii) Users of the BASE39 Platform; (iii) visitors, natural persons accessing our systems and website, either on their own or through legal entities.
References in these terms and conditions to "we" and "our" mean a reference to BASE39. References to "systems" or "BASE39 Platform", or "website" mean a reference to a service provided by our systems or any other online services provided by us and all data managed, displayed, or transmitted from such services. References to "you" and "your" mean a reference to a user of the Digital Platform of BASE39.
It is very important that you read and understand these rules, as well as other rules that may be applicable, including, but not limited to, Law No. 13.709/2018 ("General Data Protection Law" or "LGPD"), its subsequent amendments, and other applicable legislation.
If you do not agree with the terms of this Policy, we recommend that you do not use our services and products.
Terms and Definitions
Personal Data: is any information related to an identified or identifiable natural person (Law 13.709/2018, Art. 5);
Sensitive Personal Data: is personal data related to racial or ethnic origin, religious conviction, political opinion, union membership or membership in religious, philosophical, or political organizations, data related to health or sex life, genetic or biometric data, when linked to a natural person (Law 13.709/2018, Art. 5);
Processing: is any operation performed with Personal Data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.
Consent: is the free, informed, and unequivocal manifestation by which the data subject agrees to the Processing of their Personal Data for a predetermined purpose.
Controller: is the natural or legal person, public or private, who makes decisions regarding the Processing of Personal Data, in this case, the Partner Company responsible for collecting, inserting, and processing the data of its employees on the BASE39 Platform.
Operator: is the natural or legal person, public or private, who performs the Processing of Personal Data on behalf of the Controller and in accordance with the Processing decisions made by the Controller. In the Processing activities of Personal Data, BASE39 acts as Operator.
Processing Agents: is the Controller and the Operator, together.
Data Subject: is the natural person to whom the Personal Data being processed refers, in this case, all those whose Personal Data is processed by BASE39.
User: all those who use the Platform and/or the website of BASE39.
Partner Company: legal entity that, through its legal representatives, hires the platform of BASE39.
BASE39 Platform: software developed in web or mobile applications and exclusively owned by BASE39 intended to provide a Credit Infrastructure environment.
Rights of the Data Subjects
Without prejudice to other rights stated in this Policy and in the LGPD, we inform you that you have the right at any time and upon request:
Confirm and access your Personal Data: You can request information on how your Personal Data is being processed and what Personal Data is stored with us.
Correction and/or update of your data: You may request the alteration of your incomplete, inaccurate, or outdated Personal Data.
Blocking, anonymization, or deletion of your data: You may request the blocking of your Personal Data, temporarily suspending processing, or the deletion of data, except when referring to (i) irreversible anonymized data; and (ii) Personal Data necessary for BASE39 and/or third parties involved in providing services for judicial, arbitral, or administrative defense, as well as for compliance with legal and/or regulatory obligations.
Portability of your Personal Data: You may request your Personal Data in a structured format for transfer to another company.
Information about sharing: You have the right to know who the public and private entities are with whom we share your Personal Data. If you have any questions or want more details, you have the right to request this information from us via our responsible department email.
Information about the possibility of refusing consent: Your consent must be free and informed. Therefore, whenever asked for your consent, you may refuse it.
Revocation of consent and opposition: You have the right to withdraw permission for the use of Personal Data concerning activities that depend on your consent.
Complaint: You may file any complaint regarding the Processing of your Personal Data that is non-compliant with the LGPD.
When you send us any request described above, we will redirect your request to the Partner Company, which as the Controller of your Personal Data must take the necessary measures as established by the LGPD.
What data is processed on the BASE39 platform?
The activities conducted by BASE39 imply the sharing of Personal Data collected by the Partner Company on the BASE39 Platform. Thus, when accessing and providing your personal information and/or registering on the BASE39 Platform, the following information may be collected ("Data"):
Registration data: name, date of birth, age, ID, CPF and/or other identification documents (for example, driver's license), photo, residential and commercial address, phone numbers, email, profession, occupation, marital status, PEP – politically exposed person, among others.
Sensitive Personal Data: biometric data, including facial and/or fingerprint data, gender, nationality, birthplace, or other sensitive personal data, according to applicable legislation.
Financial and transaction data: salary, bank details, details about requested loans, granted loans, among others.
Data related to financial situation: we may access data regarding your financial or credit situation, such as income, assets, delinquency, positive registration data, including detailed positive registration data or data from the Central Bank's Credit Information System, according to applicable legislation.
Technical data: include IP address, your login data, browser type and version, time zone settings and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the website.
Profile data: include your username, email, and password, messages exchanged with BASE39's Digital Platform via email or push notifications in the app; comments and any other information available in the discussion groups and social networks of the BASE39 Digital Platform; information regarding the requested services and activities performed on the BASE39 Digital Platform;
Usage data: include information on how you use the website, products, and services;
Marketing and Communication data: include your preferences for receiving our marketing contacts and those from third parties as well as your communication preferences.
The Data may be provided directly by you, collected as a result of the provision of services or the provision of products by the Partner Company to you, or may be provided by Borrowers, Affiliated Companies, or legitimate external sources, such as strategic partners, financial system institutions, credit bureaus, public bodies, correspondents, and companies or organizations with which BASE39 or you have a direct or indirect relationship or some type of link. We may also obtain Personal Data and other information from public sources and/or publicly accessible sources, such as the Internet, media, social networks, and public records and from other sources, as allowed by applicable legislation.
Responsibilities of BASE39 as Operator
BASE39, as the Operator, undertakes, regarding the Processing activities of Personal Data carried out in the context of the BASE39 Platform, to:
Ensure the confidentiality of the Partner Company's Personal Data; and Process the Personal Data in accordance with all the LGPD and according to the Partner Company's instructions, except in cases where Processing is necessary for compliance with legal or regulatory obligations to which BASE39 is subject, or for carrying out BASE39's commercial activities, provided that it is in accordance with the LGPD. Ensure the confidentiality of the Partner Company's Personal Data; and Process the Personal Data in accordance with all the LGPD and according to the Partner Company's instructions, except in cases where Processing is necessary for compliance with legal or regulatory obligations to which BASE39 is subject, or for carrying out BASE39's commercial activities, provided that it is in accordance with the LGPD.
Whom may the data be shared with?
BASE39 will only share your information when expressly requested by the Partner Company or if necessary or relevant for compliance with legal or regulatory obligations, always respecting applicable data protection and privacy laws and aiming to maintain the confidentiality of your information.
The sharing of Data has a strict security mechanism, respecting all information security rules stated in this Policy.
Below are examples of sharing situations:
With strategic partners, including for offering, contracting, and using their products and services, or developed together or that may provide a benefit to you; With companies in the same economic group, to execute the activities subject to the contracts entered into; With financial institutions, funding, insurers for the development of our activities; With regulatory bodies, other public entities, financial system institutions, and third parties, including for compliance and execution of legal, regulatory, and contractual obligations and to protect and exercise regular rights; For compliance with requests, inquiries, and decisions from judicial, administrative, or arbitral authorities; For identification, prevention, and investigation of possible violations or illegal acts (including fraud and money laundering); To prevent risks, fraud, and ensure safety, including utilizing your biometrics (facial, fingerprint, or other) in identification and/or authentication processes in electronic systems of either BASE39 or third parties, who are also Personal Data Controllers; With credit bureaus, including in accordance with the provisions of applicable legislation, such as for compliance with positive registration legislation, in cases of delinquency, among others.
We note that in situations where your consent is required, we will request your "agreement" in due course.
Data Storage
BASE39 informs that the Data collected and processed, in whole or in part, may occasionally be subject to international transfer, for instance, for storage in cloud computing servers located outside Brazil, always as authorized by the Partner Companies and in ways permitted by the LGPD. In case of international transfer, all guidelines set by applicable legislation will be observed, as well as the best practices of information security and privacy will be adopted to ensure the integrity and confidentiality of your Data.
Data Retention Period
The period for which BASE39 maintains the Data depends on the purpose and nature of the data processing, as well as the guidelines provided by the Partner Companies.
Thus, BASE39 ensures that your Data will be processed for the period necessary to comply with legal, regulatory, and contractual obligations, to continue providing and improving our products and services, to manage risks, to exercise regular rights in administrative, judicial, and arbitral processes, and for other purposes provided for in this Policy.
Information Security
At BASE39, we are committed to following the most effective security practices and measures, ensuring that access is controlled and Data is secure and protected.
To protect your Personal Data and provide a secure environment, good information security practices, such as user authentication, access control, data and transaction content anonymization, intrusion prevention and detection, unauthorized access prevention, information leak prevention, periodic vulnerability detection testing, protection against malware, and monitoring activities.
In addition to the protections that BASE39 applies, it is recommended that you have secure behavior, identifying and avoiding situations that may threaten the security of your Data and our products and services. If you identify anything that compromises the security of your Data, it is essential that you contact the Partner Company or us directly via the email feedback@base39.com.br.
Questions about our policy?
If you have any questions or comments regarding this Policy, you may contact us at any time by sending an email to feedback@base39.com.br.
Updates and Changes to the Policy
This Policy may be modified at any time from time to time, with the latest version always available on our website and platform. Changes will apply from the moment they are made available.
If you do not agree with any changes or provisions of our Policy, we recommend that you immediately stop using any products and/or services provided by BASE39.
We recommend that you check this Policy regularly to be aware of any changes.