Lojas Renner S.A. Privacy and Data Protection Policy
Last update: 03/26/2024
The Privacy and Data Protection Policy of Lojas Renner S.A. (“Policy”), a limited liability company, registered with CNPJ/ME (National Registry of Legal Entities) under n° 92.754.738/0001-62, headquartered in the city of Porto Alegre, State of Rio Grande do Sul, at Rua Joaquim Porto Villanova, 401, Bairro Jardim do Salso, CEP 91410-400 (“RENNER”), was created to demonstrate RENNER’s commitment to the security, privacy and protection of the personal information collected about customers or users of services provided, both online and in person at our stores, who are the Data Subjects (“Data Subject” or simply “you”). The Policy clarifies the general conditions for the collection, use, storage, and other forms of processing and protection of personal data on RENNER’s websites, platforms, and applications (“Internet Applications”), under the Brazilian current legislation regarding privacy and protection of personal data in Brazil, in particular Law n° 13.709/2018, as amended (General Law on Protection of Personal Data – “LGPD”).
For the purposes of this Privacy and Personal Data Protection, RENNER is qualified as a Controller Company, responsible for decisions regarding the processing of personal data. RENNER has appointed a Data Protection Officer (“Encarregado”) to manage a communication channel with you. If you have any doubts related to the personal data processing activities under our responsibility, please send an email to privacidade_de_dados@lojasrenner.com.br, to the attention of Wagner dos Santos Barcelos (Encarregado). In his absence, due to unforeseeable circumstances or force majeure, the responsible for the matter on behalf of the Company is the Personal Data Protection Structure, which is part of the Legal Department.
We recommend careful reading of the terms of this Policy.
1.PURPOSE OF PERSONAL DATA COLLECTION
1.1. By learning more about you, our goal is to always be able to offer the best service, including information and promotions that make sense to you. It is the way found by RENNER to always be close to you. We are committed to preserve the privacy and security of the data we collect, always respecting the highest ethical and legal principles.
1.2 Data collection is performed for the following purposes:
a. To guarantee the efficiency providing our services;
b. Adapt the appearance, organization, and logistics of our stores, as well as the type and quantity of products offered by us to the Data Subjects expectations and interests;
c. Adapt the appearance and content of our Internet Applications to the Data Subjects preferences, to provide faster, pleasant, personalized, and effective access;
d. Authenticate access to our Internet Applications;
e. Find adequate security for the services offered and means of identification in case of improper or illicit uses;
f. Solve doubts, problems and issue notifications related to the use of our Internet Applications;
g. Keep Data Subjects informed about services, changes to the Terms of Use or Privacy and Data Protection Policy, updates or improvements to our Internet Applications, or about the status of your accounts and operations;
h. Keep in touch by phone, email, SMS, WhatsApp, notifications, or other means of communication;
i. Disclose promotional actions from our physical and virtual stores and marketing communications with information, tips, deals and personalized promotions or other RENNER advertising initiatives, always providing the Data Subject ways to unsubscribe from receiving emails, messages, notifications, and promotional calls (opt out);
j. Determine the effectiveness of our advertising and direct it to the Data Subject based on their profile and preferences in our products, as well as their purchasing habits in physical and virtual stores or using our cards in partner merchants;
k. Disclose promotional actions by partner companies and our group companies, which declare to us that they adopt measures to protect privacy, protection of personal data and security similar to those established in this Policy;
l. Ascertain statistical information and behavioral pattern (analytics);
m), including for advertising purposes, considering your purchase history, whether physical or virtual, your browsing on our Internet Applications and your interactions with our communications;
m. Adopt measures to guarantee payment, protect our credit, as well as prevent fraud;
n. Evaluate the quality of service provided by our employees;
o. Cancel purchases, refund values or products exchange, observing the provisions of current legislation;
p. Comply with legal and regulatory obligations, and with contracts with Data Subjects;
q. Regularly exercise RENNER’s rights.
2. PERSONAL DATA COLLECTED
To meet the purposes set out in Clause 1 above, the information we process about you may have been provided directly by You to RENNER, by third parties or even collected automatically through our Internet Applications:
2.1 Information provided directly by you
From the beginning of your interaction with us, you spontaneously provide us with information about yourself. For example, when using our services in physical or virtual stores, filling in registrations and forms, creating accounts on our Internet Applications, answering questions from our employees, taking part in opinion polls or interviews, as well as visiting or staying in our stores and events.
The personal data collected in this way are:
(i) Registration data, such as name and last name, date of birth, identification number and gender;
(ii) Contact details, such as telephone number and e-mail address;
(iii) Data relating to purchases made, such as financial data including date, transaction amount and payment method, and delivery data including address and zip code.
2.2 Information obtained automatically from our Internet Applications
In some situations, we may also collect Personal Data automatically through the devices you use to access our Internet Applications. For example: how you use and generally interact with us, your access logs and the devices and systems you use to access our Internet Applications. This information obtained automatically is based on our Legitimate Interest, for the purposes set out in Clause 1 above.
The personal data collected in this way is:
(i) Behavioral data, such as purchasing habits and preferences in general, the products you have viewed or searched for, the duration of your visits and other page interaction information, such as the use of the scroll bar, clicks, tabs and places where you have browsed with the mouse or through the application;
(ii) Data relating to the time of each action taken by you on our Internet Applications, such as date and time, geolocation, device, browser, the Internet protocol address (IP number) of the website accessed by you immediately before visiting our websites, Internet Applications.
(iii) Data obtained through cookies, tags and anonymous identifiers contained on our websites and in emails sent to you, such as interactions with our pages and communications, such as when you received, opened or clicked on a link in an email sent by us. You will find more information about the use of Cookies in Clause 3 of this Policy.
2.3 Information provided by third parties
In specific cases, we may also receive some of your Personal Data from third parties:
a) Other companies belonging to the same economic group as RENNER;
b) External websites, social networks, tools or platforms provided by third parties;
c) Advertising, research or statistical analysis companies and behavioral standards (analytics);
d) Companies that organize databases;
e) Financial, payment, credit, and risk analysis institutions.
The personal data collected in this way are:
(i) Behavioral data, such as preferences and interests based on purchase history and use of cards affiliated with institutions in RENNER’s economic group, such as store, date, transaction amount and payment method.
2.4. We do not collect, store or otherwise intentionally treat excessive or unnecessary personal data for the provision of our services. As a result, we ask that you refrain from sharing sensitive personal data with us, such as those relating to your racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical, or political nature, health, or sex life, as well as genetic data.
2.5. RENNER has a variety of products for children and young people. However, our Internet Applications are intended for users aged over 16 (sixteen). When processing the personal data of adolescents between the ages of sixteen (16) and eighteen (18), we consider the best interests of the adolescent.
3. COOKIES USAGE
A Cookie is a small file added to your mobile device or computer that allows you to activate the features and functionalities of our Internet Applications. For example, Cookies allow us to identify your device, enabling you to log in and out of your account securely. Cookies also allow us to share RENNER content easily, helping us to offer personalized content, ensuring that we target information in line with your browsing pattern, resulting in a delightful experience while you visit.
3.1. RENNER uses cookies and other similar technologies so that those who access the Internet Applications enjoy the best possible experience. Cookies can be used to recognize you when you access our Internet Applications, to store your preferences and to provide a more personalized experience according to your settings, making your interactions with RENNER faster and safer. We use Cookies such as:
Required and functional cookies: These are cookies that are strictly necessary to provide our services and for our Internet Applications to function properly, guaranteeing browsing security, the correct sizing of content and compliance with legal obligations by RENNER.
Marketing cookies: These are cookies used to target content and advertising according to your profile and preferences. They help you to see more relevant and interesting advertisements while browsing.
Analytical or performance cookies: These provide information about your browsing behavior and the use of our Internet Applications, such as the number of visits and how our Internet Applications are being used. The data collected is aggregated and our objective is to better understand our audience to offer more interesting content, services, and products to those who access our platforms.
3.2 If you wish to know which Cookies are installed on your device, or if you wish to delete or restrict them, use your browser settings. For more information, visit the browser developer’s website. Remember that if you block Cookies from being used by our Internet Applications, we cannot guarantee the correct functioning of all applications and you may not be able to access some services. Moreover, it is likely that some features and pages will not work properly.
4. HOW DOES RENNER STORE AND OTHER WAYS TREAT AND PROTECT THIS PERSONAL DATA?
4.1. RENNER keeps personal data collected from Data Subjects in a controlled and secure environment, to meet specific purposes, as set out in Clauses 1 and 2. In the cases authorized by law, RENNER may keep stored and otherwise treat personal data in its domain.
4.2. The personal data collected is kept confidential, with strict access control, through authentication mechanisms. RENNER also maintains a detailed inventory of access to records and personal data, in an interoperable and structured format, containing the time, duration, employee identity, or designated responsible and the file accessed.
4.3. RENNER adopts security, technical and administrative security measures to keep all the data stored in its inventory safe. Specifically concerning the data collected through our Internet Applications, they are stored, processed, and protected using the best practices of hosting, processing, backup, and encryption, according to their respective criticality.
4.4. In compliance with the current legislation, our Internet Applications promote the safekeeping of their respective access records, in a controlled and secure environment, for a period of 06 (six) months. After this period, access records to Internet applications are automatically deleted.
4.5. Even so, the Data Subject must be aware that no Internet security system is guaranteed against unwanted intrusions, and RENNER’s commitment is limited to the adoption of recommended protective measures, according to the current state of the art.
4.6. Due to the structural characteristics of the Internet, it is possible that the data collected will be stored or otherwise treated on third party servers, located in Brazil or abroad. When your personal data is transferred outside Brazil by RENNER, we will take appropriate measures to ensure adequate protection of your personal data in accordance with the requirements of applicable data protection laws, including by entering into appropriate data transfer agreements with third parties where necessary.
5. FINANCIAL OPERATIONS DATA
5.1. The data related to financial transactions are subject to additional security mechanisms aimed at their authenticity, confidentiality, and integrity. Technical resources such as digital certification and encryption are used in this regard. The information that travels through our online purchase-and-sale process is protected by HTTPS (usually, a closed padlock on the browser indicates that the connection is secure).
5.2. The Identification process (Login and Password) is mandatory in every online purchase process.
5.3. The payment card numbers (credit or debit) provided by the Data Subject are used exclusively to authorize the purchase and/or payment transactions, being encrypted and masked according to the best market practices.
6. PERSONAL DATA SHARING
6.1. We only share data: a) with other companies economic group of RENNER; b) with the entities mentioned in item 2.3 above; c) in the cases provided in this clause; or d) with the Data Subject prior consent.
6.2. RENNER may use third party service providers, located in Brazil or abroad, for the data storage and processing, which will assume the condition of processor under the terms of current legislation. In this case, these processors will have committed, by contractual instrument, to treat personal data exclusively in accordance with our lawful instructions, in addition to treating them with confidentiality. These contracts will also establish the responsibility of these processors for any damages caused due to the exercise of personal data processing activity.
6.3. RENNER may also share data with third parties upon a court order or at the request of the National Personal Data Protection Authority (“ANPD”), the Public Prosecutor’s Office, police, or administrative authority, or even if necessary to comply with any other law or government regulation.
7. RIGHTS OF PERSONAL DATA SUBJECTS
7.1. In the form and within the limits of the applicable current legislation, as the Data Subject, you can contact us to exercise certain rights, in order to request:
a. confirmation of the processing of your personal data;
b. access to your data;
c. correction of incomplete, inaccurate, or outdated data;
d. anonymizing, blocking, or deleting your data that is unnecessary, excessive, or treated in non-compliance with the provisions of the applicable legislation;
e. the portability of your data to another service or product provider, in accordance with ANPD regulations, observing commercial and industrial secrets;
f. the elimination of your personal data, except in the cases provided for in the applicable legislation;
g. information from public and private entities with which RENNER shared its data;
h. information about the possibility of you not providing consent and the consequences of this refusal;
i. withdraw your consent, when you have provided it, safeguarding the public interest that may justify the continuity of the processing or the existence of another legal basis that authorizes;
j. opposition to any processing of personal data based on one of the hypotheses in which the consent is waived, since there has been non-compliance with the provisions of applicable law and safeguarding the public interest that may justify the continuity of the processing; and
k. the review of decisions taken on the sole basis of automated processing of personal data that affect your interests.
7.2. Your application can be made free of charge through our website, available at:
www.lojasrenner.com.br/privacidade_protecao_dados_pessoais/pagina-inicial . We will analyze your request and serve you as soon as possible, considering the terms and conditions outlined in the applicable legislation. If it is not possible to respond immediately to your request, we will inform the factual or legal reasons that prevent us. Other information and/or documents may be requested in order to confirm your identity or the accuracy of your information.
7.3. Specifically concerning the rights to confirm the existence of processing and access to personal data, mentioned in items “a” and “b” of Clause 7.1 above, whenever possible, RENNER will assist them immediately, in a simplified format. When this is not possible, we will provide you with 15 (fifteen) days of receiving your application, a complete statement with the relevant information. You can choose whether to receive this information, electronically or in print.
7.4. RENNER is not responsible for the correction, veracity, authenticity, completeness, and updating of the data provided by the Data Subject, nor even for the eventual misuse of information published by them or for fraud resulting from the violation of personal passwords.
7.5. It is your exclusive responsibility to provide only correct, truthful, authentic, complete, and updated information, as well as to ensure the confidentiality of your password, when applicable, not disclosing it to third parties.
8. EDITING AND EXCLUSION OF CONTENTS
8.1. Our Internet Applications reserve the right to edit or even delete any content published by Data Subjects that are not in compliance with the law, this Privacy and Data Protection Policy, or our Terms of Use.
8.2. This condition, however, does not constitute an obligation of RENNER, and, as a rule, requisitions for editing or removal must be under court order, request by the ANPD, the Public Prosecutor’s Office, police, or administrative authority.
9. COMMUNICATION POLICY
9.1. Our Internet Applications avoid sending unsolicited e-mails, restricting communications to matters that are relevant or that we consider to be of specific interest to you.
9.2. When you buy online, we confirm your order by e-mail and we can also contact you through the means of communication informed in your registration, in order to confirm the operation performed on our website or App.
9.3. We may send you promotional information about our products, such as special offers and sales events. If you prefer to no longer receive advertising communications from us, you can request to unsubscribe through the unsubscribe link informed in the email or message received, or, on your registration page, unchecking the option that authorizes the sending of e-mails and promotional messages (opt out).
9.4. After unsubscribing, you can still receive security communications or related to online purchases that you have made.
9.5. You should be aware that several fraudsters try to use famous brands to obtain personal information such as passwords and credit card details. RENNER WILL NEVER REQUEST YOUR PASSWORD AND/OR CREDIT / DEBIT CARD DATA THROUGH EMAIL OR TELEPHONE. IN CASE OF ANY OTHER SUSPECTED ATTITUDE, SEND YOUR DOUBT OR ALERT BY E-MAIL TO privacidade_de_dados@lojasrenner.com.br .
10. LINKS TO OTHER SITES
10.1. Our Internet Applications may contain links or frames from other websites. These links or frames aim to provide additional benefits to the content and services offered to the Data Subjects.
10.2. We clarify that the inclusion of these links in our Internet Applications does not mean that RENNER is aware of, agrees with, or is responsible for the content of these links and frames. It is important to note that our goal is to only provide links or frames from reputable and reliable companies. However, RENNER is not responsible for the information, products, and services obtained by the Data Subjects on the referred sites, nor for the commercial practices and privacy policies adopted by these companies and cannot be held responsible for any losses and damages or loss of profits due to the use of these resources.
11. TERM AND CHANGES
11.1. Our Internet Applications, in whole or in each of its tabs and sections, can be closed, suspended, or interrupted unilaterally by RENNER, at any time and without the need for prior notice. In such cases, we will inform where the constant information, whose access is your right, will be made available following the current legislation.
11.2. This Privacy and Data Protection Policy may also be updated or changed at any time, with changes being reported prominently in our Internet Applications.
12. CONTACT
12.1 If you have any questions about the content of this Policy, our Encarregado will be happy to answer them. Please send us an e-mail to privacidade_de_dados@lojasrenner.com.br .
13. APPLICABLE LAW AND JURISDICTION
13.1. Brazilian law applies to the interpretation of this Privacy and Data Protection Policy.
13.2. All content and information contained in RENNER’s Internet Applications is protected by the laws governing copyright, trademarks and other distinguishing markings, and may not be reproduced in whole or in part.