Aware of the importance of privacy and protection of personal data, CONCESSÃO SISTEMA RODOVIÁRIO PONTE SALVADOR ILHA DE ITAPARICA S.A. ("CPSI", "we", "our", "our" or "us"), with headquarters at Rua Frederico Simões, nº 2539, Caminho das Árvores, Edf. CEO Corporate, Torre Nova York, Room 1101, Salvador/BA, CEP 40.301-155, special purpose company (SPC), delegate of the Public Power, responsible for the execution of the Concession Agreement No. 001/2020-SEINFRA, has prepared this Privacy Policy ("Policy").
In the context of this Policy, CPSI is a controller of personal data ("Controller"), responsible for decisions regarding the processing of personal data, as provided for in Article 5, VI of Federal Law No. 13,709/2018 ("General Personal Data Protection Law" or "LGPD"). For this reason, the CPSI has several responsibilities, such as ensuring the security, privacy and protection of personal data, adopting effective measures capable of attesting compliance with standards on the subject, and guiding its employees and contractors who are in the position of operators regarding the practices to be adopted with regards to the protection of personal data.
The purpose of this Policy is to provide clear and precise information on how we handle the personal data you share with us, in accordance with article 9 of the LGPD. Our aim is to ensure that there is no doubt that we comply with current regulations.
This Policy applies to any processing of personal data carried out by CPSI to enable the exercise of its commercial activities and the hosting of the institutional website www.pontesalvadoritaparica.com.br/en-us and other linked applications.
The following methods may be used to collect personal data:
In addition to the methods described above, we may also collect your information through market research. CPSI ensures that your personal data will only be processed for legitimate, specific, explicit, and previously informed purposes.
In the situations described in item 2 of this Policy, we may collect the following categories of personal data:
In addition to the categories of data outlined in this Policy, please note that we may collect other information that is necessary to comply with legal, regulatory, or contractual obligations, to exercise our rights, to safeguard our or your legitimate interests, or to achieve any purpose permitted by applicable law.
The personal data that you provide to us or that we may collect, directly or indirectly, will be processed for the purposes indicated below, in accordance with applicable legislation. In general, we may use the collected data for the following purposes:
To ensure maximum privacy and security of your personal data, CPSI's institutional policy prohibits sharing personal data with third parties, except as provided for in this Policy. As permitted by current legislation, we may share and transfer your personal data in the following situations:
In addition to the hypotheses mentioned, CPSI may share your personal data in other situations where necessary, as long as applicable legislation authorizes or requires it.
It is important to note that any sharing or transfer mentioned in this Policy will be carried out in compliance with all best practices and personal data protection requirements provided for in applicable legislation and regulations.
The Concession for the Salvador-Ilha de Itaparica Highway System is held by two major Chinese groups, leaders in the construction and infrastructure industry, with a global presence in over 150 countries. As a result, your personal data may be processed in locations where our controllers operate or conduct business, within the bounds of current legislation.
Additionally, CPSI may store your personal data in a cloud system or similar technology that allows for the storage of large amounts of information on servers located both domestically and internationally. In such cases, we implement technical and contractual safeguards to ensure the security of information subject to cross-border transfer.
We want to clarify that we will only conduct international transfers of personal data that are strictly necessary and for specific and informed purposes. We will take all necessary precautions and safeguards required by law, including the adoption of standard clauses and/or global corporate standards as detailed in regulations.
Recognizing that our commercial activities and services may become unfeasible without international data flow, you acknowledge that your personal data may be processed outside your country of residence in accordance with this Policy and current legislation.
Your personal data will be processed until the purpose of the processing has been achieved or until the data is no longer necessary or relevant to achieving the specific purpose sought.
However, we may retain your personal data to comply with our legal or regulatory obligations, to protect us legally, or for the regular exercise of our rights in judicial, administrative, or arbitration proceedings, while observing legal and/or regulatory deadlines.
As explained in item 9 of this Policy, your personal data may be deleted, blocked, or anonymized upon your request, under the terms and limits set out in current privacy and data protection regulations. To do so, please contact us at [email protected]
To ensure the confidentiality of your personal data, CPSI, as the controller of the personal data mentioned in this Policy, implements all necessary technical and administrative security measures to protect against unauthorized access or accidental or unlawful situations of destruction, loss, alteration, communication, or any other form of inappropriate or unlawful processing.
Among the measures adopted, we emphasize controlling and tracking user access to our internal systems, including user and password requests and log records. We have also implemented software protections such as antivirus and firewalls, backup databases, and provided appropriate instructions to our employees.
However, even the most effective security measures cannot guarantee complete impenetrability. Therefore, we ask for your support in enhancing the protection of your personal data. Please avoid accessing suspicious websites and report any suspected security incidents to us.
CPSI is dedicated to safeguarding all your rights related to privacy and data protection, as outlined in legislation, including article 18 of the LGPD. These rights include confirmation, access, rectification, anonymization, blocking, or deletion of your personal data. Additionally, you have the right to request information about the public and private entities with whom we share your data, as well as the ability to revoke any previously provided consent and understand its consequences, if applicable.
To exercise these rights, in accordance with applicable legislation and regulations, please contact us at [email protected]
CPSI reserves the right to update or revise this Policy to reflect technological innovations, changes in the law and in our business practices, or as otherwise deemed necessary or appropriate. For this reason, we encourage you to visit this page periodically.
To clarify any doubts or submit suggestions, complaints, or requests related to privacy and data protection, please contact our Person in Charge of Personal Data Processing at[email protected]