Privacy and Data Protection Policy

Lojas Renner S.A. Privacy and Data Protection Policy

Last update: 08/27/2020 

The Privacy and Data Protection Policy of Lojas Renner S.A. (“Policy”), a publicly-held corporation, registered with CNPJ/ME (National Registry of Legal Entities) under No. 92.754.738/0001-62, headquartered in the city of Porto Alegre, State of Rio Grande do Sul, at Rua Joaquim Porto Villanova, 401, Bairro Jardim do Salso, CEP 91410-400 (“RENNER”), was created to demonstrate RENNER’s commitment to the security and privacy of the information collected about customers or users of services provided, both in online and offline environments, who are the holders of personal data (“Holder” or simply “you”). The Policy clarifies the general conditions for the collection, use, storage, and other forms of treatment and protection of personal data on RENNER’s websites, platforms, and applications (“Internet Applications”), under the Brazilian legislation currently in force regarding privacy and protection of personal data in Brazil, in particular Law No. 13.709/2018, as amended (General Law on Protection of Personal Data – “LGPD”). 

For the purposes of this Policy, RENNER is qualified as a Parent Company, and it is responsible for decisions regarding the processing of personal data. RENNER has appointed a Person in Charge to manage a communication channel with you. If you have any doubts related to the personal data processing activities under our responsibility, please send an email to privacidade_de_dados@lojasrenner.com.br, to the attention of Márcia Ellera Gomes Pacheco Starosta (“In charge”). 

By using our Internet Applications and physical stores or by signing the Consent Form, you express in a free, informed, unambiguous, express, and full manner your agreement with this Policy. We recommend careful reading.

PURPOSE OF PERSONAL DATA COLLECTION

When we know more about you, our goal is to always be able to offer the best service, including information and promotions that make sense to you. It is the way found by RENNER to always be close to you. We are committed to preserving the privacy and security of the data we collect, always respecting the highest ethical and legal principles.

Data collection is performed for the following purposes:

To guarantee the efficiency in the provision of our services;

Adapt the appearance, organization, and logistics of our stores, as well as the type and quantity of products offered by us to the Holders’ expectations and interests;

Adapt the appearance and content of our Internet Applications to the Holder’s preferences, in order to provide faster, more pleasant, personalized, and effective access;

Authenticate access to our Internet Applications;

Find adequate security for the services offered and means of identification in case of improper or illicit uses;

Solve doubts, problems and issue notifications related to the use of our Internet Applications;

Keep Holders informed about services, changes to the Terms of Use or Privacy and Data Protection Policy, updates, or improvements to our

Internet Applications, or about the status of their accounts and operations;

Keep in touch by phone, email, SMS, WhatsApp, notifications, or other means of communication;

Disclose promotional actions in our physical and virtual stores or other RENNER advertising initiatives, always providing the Holder with the means to unsubscribe from receiving emails, messages, notifications, and promotional calls (opt out);

Determine the effectiveness of our advertising;

Disclose promotional actions by partner companies, which declare to us that they adopt measures to protect privacy and security similar to those established in this Policy;

Ascertain statistical information and behavioral pattern (analytics);

Adopt measures to guarantee execution, protect our credit, as well as prevent fraud;

Evaluate the quality of service provided by our employees;

Cancel purchases, refund values or products exchange, observing the provisions of current legislation;

Comply with legal and regulatory obligations, and with contracts signed with Holders;

Regularly exercise RENNER’s rights.

PERSONAL DATA COLLECTED 

To fulfill the purposes set out in Clause 1 above, we may collect your personal data at our stores, at events held by us or in other physical environments, based on information:

That you provide us, spontaneously, when using our services, filling out registrations and forms or when answering questions from our employees, as well as participating in opinion polls or interviews;
About the number of Holders who visit our stores or participate in our events, as well as the time of the Holders staying in them.

Also, to fulfill the purposes set out in Clause 1 above, our Internet Applications may collect your personal data, based on information:
That you provide to us, spontaneously, by creating accounts or inserting references about yourself in any context in our Internet Applications;
About the way you browse and about the access records and general interactions in our Internet Applications, including information:

(i) About the device and the systems / browsers you use to access our Internet Applications, including the Internet protocol address (IP number);

(ii)  Liable to identify any use and interaction in the context of our Internet Applications, including your shopping habits and preferences in general, the products you have viewed or researched, the duration of your visits, and other interaction information with the pages, such as the use of the scroll bar, clicks, tabs and places where you navigated with the mouse;

(iii) Referring to the timing of each of your actions in our Internet Applications (date and time);

(iv) Referring to your geolocation;

(v)  Referring to the website accessed by you immediately before visiting our websites, platforms, and Internet applications.

Obtained through cookies, tags, and anonymous identifiers contained on our websites and in emails sent to you, used to monitor your interactions, such as when you received, opened, or clicked on a link in an email sent for us.

In compliance with the duty of transparency, RENNER clarifies that the treatment of personal data referred to in items (b) and (c) of this Clause 2.2. is based on our legitimate interest, to fulfill the purposes set out in Clause 1 above.

Still, in order to fulfill the purposes set out in Clause 1 above, we may receive your personal data from third parties, based on information obtained by:
Other companies belonging to the same economic group or controlled by RENNER;
External websites, social media, tools, or platforms made available by third parties;
Advertising, research or statistical analysis companies and behavioral standards (analytics);
Companies that organize databases;
Financial, payment, credit, and risk analysis institutions.

We do not collect, store, or otherwise intentionally treat excessive or unnecessary personal data for the provision of our services. As a result, we ask that you refrain from sharing sensitive personal data with us, such as those relating to your racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical, or political nature, health, or sex life, as well as genetic data.

RENNER has a variety of products for children and young people. However, we do not process data from Holders who are children without specific and highlighted consent given by at least one parent or legal guardian. The completion of registration in our physical stores, as well as in our Internet Applications, is conditional on proof that this consent has been given.

 RENNER has a variety of products for children and young people. However, we do not process data from Holders who are children without specific and highlighted consent given by at least one parent or legal guardian. The completion of registration in our physical stores, as well as in our Internet Applications, is conditional on proof that this consent has been given.

HOW DOES RENNER STORE AND OTHER WAYS TREAT AND PROTECT THIS PERSONAL DATA??

RENNER keeps personal data collected from Holders in a controlled and secure environment, in order to meet specific purposes, as set out in Clauses 1 and 2. Such data are excluded as soon as the purpose of their use by RENNER is reached, according to Clause 1 above. In the cases authorized by law, RENNER may keep stored and otherwise treat personal data in its domain.

The personal data collected is kept confidential, with strict access control, through authentication mechanisms. RENNER also maintains a detailed inventory of access to records and personal data, in an interoperable and structured format, containing the time, duration, employee identity, or designated responsible and the file accessed.

RENNER adopts security, technical and administrative measures to keep all the data stored in its inventory safe. Specifically concerning the data collected through our Internet Applications, they are stored, processed, and protected using the best practices of hosting, processing, backup, and encryption, according to their respective criticality.

In compliance with the legislation in force, our Internet Applications promote the safekeeping of their respective access records, in a controlled and secure environment, for a period of 06 (six) months. After this period, access records to Internet applications are automatically deleted.

Even so, the Holder must be aware that no Internet security system is guaranteed against unwanted intrusions, and RENNER’s commitment is limited to the adoption of recommended protective measures, according to the current state of the art.

Due to the structural characteristics of the Internet, it is possible that the data collected will be stored or otherwise treated on third-party servers, located in Brazil or abroad. It is possible that these countries do not have legislation on privacy and protection of personal data that guarantees an adequate and similar level of protection to that of Brazil. In all cases, our partners provide RENNER with contractual guarantees that they adopt technical and administrative security measures to protect their data.

BEING AWARE OF THAT, YOU CONSENT IN A FREE, INFORMED AND UNEQUISIBLE WAY THAT RENNER MAKES INTERNATIONAL DATA TRANSFERS, WHENEVER REPUTED NECESSARY.

 FINANCIAL OPERATIONS DATA

The data related to financial transactions are subject to additional security mechanisms aimed at their authenticity, confidentiality, and integrity. Technical resources such as digital certification and encryption are used in this regard. The information that transits through our online purchase-and-sale process is protected by HTTPS (usually, a closed padlock on the browser indicates that the connection is secure).

The Identification process (Login and Password) is mandatory in every online purchase process.

The payment card numbers (credit or debit) provided by the Holder are used exclusively to authorize the purchase and/or payment transactions, being encrypted and masked according to the best market practices.

RENNER complies with the PCI DSS (Payment Card Industry Data Security Standard), the standard of the brands (Visa, MasterCard, and others), which establishes the security model for the protection of the Holders’ credit and debit cards data, and which applies to both physical stores and online purchase-and-sale processes.

PERSONAL DATA SHARING

We only share data: a) with other companies belonging to the same economic group or controlled by RENNER; b) with the entities mentioned in item 2.3 above; c) in the cases provided for in this clause; or d) with the Holder prior consent.

RENNER may use third-party service providers, located in Brazil or abroad, for the data storage and processing, which will assume the condition of Operators under the terms of current legislation. In this case, these Operators will have committed, by contractual instrument, to treat personal data exclusively in accordance with our lawful instructions, in addition to treating them with confidentiality. These contracts will also establish the responsibility of these Operators for any damages caused due to the exercise of personal data processing activity.

RENNER may also share data with third parties upon a court order or at the request of the National Personal Data Protection Authority (ANPD), the Public Prosecutor’s Office, police, or administrative authority, or even if necessary to comply with any other law or government regulation.

 RIGHTS OF PERSONAL DATA HOLDERS

In the form and within the limits of the applicable legislation, as the holder of personal data, you can contact us to exercise certain rights, in order to request:

confirmation of the existence of treatment of your personal data;

access to your data;

correction of incomplete, inaccurate, or outdated data;

anonymizing, blocking, or deleting your data that is unnecessary, excessive, or treated in non-compliance with the provisions of the applicable legislation;

the portability of your data to another service or product provider, in accordance with ANPD regulations, observing commercial and industrial secrets;

the elimination of your personal data, except in the cases provided for in the applicable legislation;

information from public and private entities with which RENNER shared its data;

information about the possibility of you do not provide consent and the consequences of your refusal;

the revocation of your consent, when you have provided it, safeguarding the public interest that may justify the continuity of the treatment or the existence of another legal basis that authorizes; and

opposition to any treatment of personal data based on one of the hypotheses in which the consent is waived, since there has been non-compliance with the provisions of applicable law and safeguarding the public interest that may justify the continuity of the treatment.

Your application can be made free of charge through our website, available at www.lojasrenner.com.br/central-de-atendimento. We will analyze your request and serve you as soon as possible, considering the terms and conditions outlined in the applicable legislation. If it is not possible to respond immediately to your request, we will inform the factual or legal reasons that prevent us.

Specifically concerning the rights to confirm the existence of treatment and access to personal data, mentioned in items “a” and “b” of Clause 6.1 above, whenever possible, RENNER will assist them immediately, in a simplified format. When this is not possible, we will provide you with 15 (fifteen) days of receiving your application, a complete statement with the relevant information. You can choose whether to receive this information, electronically or in print.

RENNER is not responsible for the correction, veracity, authenticity, completeness, and updating of the data provided by the Holders, nor even for the eventual misuse of information published by them or for fraud resulting from the violation of personal passwords.

It is your exclusive responsibility to provide only correct, truthful, authentic, complete, and updated information, as well as to ensure the confidentiality of your password, when applicable, not disclosing it to third parties.

EDITING AND EXCLUSION OF CONTENTS

Our Internet Applications reserve the right to edit or even delete any content published by Holders that are not in compliance with the law, this Privacy and Data Protection Policy, or our Terms of Use.

This condition, however, does not constitute an obligation of RENNER, and, as a rule, requisitions for editing or removal must be under court order, request by the ANPD, the Public Prosecutor’s Office, police, or administrative authority.

COMMUNICATION POLICY

Our Internet Applications avoid sending unsolicited e-mails, restricting communications to matters that are relevant or of your specific interest.

When you buy online, we confirm your order by e-mail and we can also contact you through the means of communication informed in your registration, in order to confirm the operation performed on our website.

If you prefer to no longer receive our promotional information, such as special offers and sales events, you can request to unsubscribe through the unsubscribe link informed in the email or message received, or, on your registration page, unchecking the option that authorizes the sending of emails and promotional messages (opt out).

After unsubscribing, you can still receive security communications or related to online purchases that you have made.

  You should be aware that several fraudsters try to use famous brands to obtain personal information such as passwords and credit card details.

RENNER WILL NEVER REQUEST YOUR PASSWORD AND/OR CREDIT / DEBIT CARD DATA THROUGH E-MAIL OR TELEPHONE. IN CASE OF ANY OTHER SUSPECTED ATTITUDE, SEND YOUR DOUBT OR ALERT BY E-MAIL TO
PRIVACIDADE_DE_DADOS@LOJASRENNER.COM.BR.

LINKS TO OTHER SITES

Our websites, platforms, and Internet applications may contain links or frames from other websites. These links or frames aim to provide additional benefits to the content and services offered to the Holders.

We clarify that the inclusion of these links in our Internet Applications does not mean that RENNER is aware of, agrees with, or is responsible for the content of these links and frames. It is important to note that our goal is to only provide links or frames from reputable and reliable companies. However, RENNER is not responsible for the information, products, and services obtained by the Holders on the referred sites, nor for the commercial practices and privacy policies adopted by these companies, and cannot be held responsible for any losses and damages or loss of profits due to the use of these resources.

TERM AND CHANGES

Our Internet Applications, in whole or in each of its tabs and sections, can be closed, suspended, or interrupted unilaterally by RENNER, at any time and without the need for prior notice. In such cases, we will inform where the constant information, whose access is your right, will be made available following the legislation in force.

This Privacy and Data Protection Policy may also be updated or changed at any time, with changes being reported prominently in our Internet Applications.

APPLICABLE LAW AND JURISDICTION

Brazilian law applies to the interpretation of this Privacy and Data Protection Policy.

Any disputes related to this Policy should preferably be resolved in an out-of-court manner. Our supervisor is available to find a consensual solution. Please send an e-mail to
privacidade_de_dados@lojasrenner.com.br. If an amicable resolution is not possible, any disputes related to this Privacy and Data Protection Policy will be the exclusive jurisdiction of the Foro Central de Porto Alegre, RS, Brasil, excluding any other, however privileged it may be.

All content and information contained in Lojas Renner SA’s Internet Applications are protected by the laws that regulate copyrights, brands, and other distinctive signs, and their total or partial reproduction is not permitted.
Copyright © 2015 Lojas Renner S.A.