Privacy Policy

1. Purpose of this Policy

At ZBRA, we understand the fundamental importance of privacy for everyone. We are committed to protecting and respecting the privacy of your personal information in all interactions you may have with us.

Our policy is grounded in the ethical principles and values practiced by ZBRA, in compliance with the General Personal Data Protection Law (LGPD) – Law No. 13,709, of August 14, 2018, and the Brazilian Internet Civil Rights Framework – Law No. 12,965, of April 23, 2014. These laws outline the principles, guarantees, rights, and obligations for the use of the internet in Brazil.

To facilitate your understanding of this Privacy Policy, we recommend consulting the terms defined in the Terminology section.

2. Applicability

This Privacy Policy applies to all of our employees, suppliers, partners, and clients. Its purpose is to clarify the practices we adopt in the processing of your personal information, covering the collection and processing of such information through various channels, including but not limited to sales activities, events, as well as the processing of data of job applicants, current employees, partners, clients, and suppliers in the context of service delivery.

3. Scope of this Policy

This document applies to ZBRA and its controlled or affiliated companies, each of which is individually referred to herein as "Company."

The rules set forth in this document apply to all users who make use of ZBRA's information assets and technological assets.

4. Terminology

ANPD – National Data Protection Authority (Autoridade Nacional de Proteção de Dados) – Federal public administration body established pursuant to CHAPTER IX, Section I of the LGPD. The creation of multiple ANPDs for specific categories is foreseen. The ANPD of each sector will be the body responsible for overseeing and guiding the application of the LGPD for that sector, as well as for imposing administrative sanctions in the event of violations of the law.

Legal Basis for Processing – The processing of Personal Data is permitted by the LGPD in accordance with the legal bases provided therein, such as compliance with legal and/or regulatory obligations by ZBRA, fulfillment of established contracts, as well as the legitimate interests of ZBRA or through the consent of the Data Subject.

Consent – The free, informed, and unambiguous expression by which the Data Subject agrees to the processing of their Personal Data for a specific purpose.

Cookies – A common practice on almost all professional websites, cookies are small files downloaded to your computer to improve your experience. The ZBRA website uses essential cookies to provide you with the best possible experience and collects basic demographic data for website functionality and security. We will not use your data for marketing purposes except when previously disclosed and accepted by the data subject.

Personal Data – Any data relating to an identified or identifiable natural person, which requires protection under the LGPD.

Sensitive Personal Data – Personal data concerning racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical, or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person. Any biometric data of the Data Subject (fingerprint, facial recognition, iris, voice, retina, etc.) is also considered Sensitive Personal Data.

Data Subject Rights – Rights guaranteed to the Data Subject regarding access, correction, and deletion of their Personal Data.

Purpose – The objective or motivation behind the collection and processing of each piece of personal data. It refers to processing carried out for legitimate, specific, explicit, and informed purposes communicated to the Data Subject, without the possibility of subsequent processing in a manner incompatible with those purposes.

Legitimate Interest – When the collection of a group of Personal Data is carried out to comply with legislation, to provide services, and to conduct business.

LGPD – General Personal Data Protection Law – Law No. 13,709, of August 14, 2018.

Free Access – The Data Subject's right to access all information regarding the collection and processing of their Personal Data.

MAC Address – A MAC (Media Access Control) address is a unique physical address associated with communication interfaces used in network devices. The identifier is recorded in hardware by network card manufacturers and subsequently becomes part of equipment such as computers, routers, smartphones, tablets, network printers, and various other devices that use network communication.

Objection – The Data Subject's right to object to the collection or processing of their data. This right may be exercised in certain specific situations, particularly when it does not conflict with legitimate interest.

Retention Period – The period defined by ZBRA for the storage of Personal Data and its subsequent deletion.

Security – Refers to the use of measures to protect Personal Data from unauthorized access and from accidental and/or unlawful situations involving destruction, loss, alteration, unauthorized communication, or dissemination.

Data Subject – The natural person to whom the Personal Data being processed refers.

Data Processing – Any operation carried out with Personal Data, such as those involving: access, the ability to communicate with a device, storage media, network unit, memory, record, file, etc., for the purpose of receiving, providing, or deleting data.

5. Personal Data

5.1. What Is Collected and How It Is Collected

Depending on the type of Data Subject (applicants, employees, suppliers, partners, and clients) and how they interact with ZBRA, various personal data are collected, categorized as follows:

Name: full name (first name, middle name, last name);
Personal characteristics: age, gender, date of birth, nationality, place of birth, marital status, number of children, photograph, ethnic origin;
Parentage: full name of father and full name of mother;
Legal identification documents: CPF, RG, CNH, CTPS, PIS/PASEP, Passport;
Residential information: home address, home phone number, personal email, personal mobile phone, social media;
Education: diplomas and academic qualifications, academic history;
Professional information: occupation or position, business address, business phone, business email, business mobile phone, employee ID, pre-employment medical examination, periodic medical examination, termination medical examination, employment history;
Financial information: banking details (bank number, branch, and account), household income;
Minors and adolescents: full name, age, gender, address, declaration of emancipation;
Health data: health insurance beneficiary number, medical diagnosis, medical treatment, medical reimbursements;
Personal computer and mobile device information: MAC address, device make and model;
Legal information: corporate shareholding, legal proceedings;
Other: video conference recordings.

Personal Data is collected when provided by the Data Subject themselves or by third parties — in the case of clients, suppliers, and partners — regarding their employees, for the purpose of delivering our services to them.

Our services are not intended for children or adolescents, whose Personal Data will only be collected to fulfill legal or regulatory obligations, subject to the applicable legal requirements for such processing.

5.2. Purpose of Processing

ZBRA may process the collected Personal Data for the following purposes:

Hiring of new employees;
Carrying out customer relationship and support activities;
Sale of products and/or services;
Execution of contractual activities with clients and service providers, including financial obligations related to the products and/or services acquired;
Responding to requests from clients, former clients, leads, and prospects;
Improvement of the products and services offered;
Compliance with determinations from competent authorities;
Compliance with legal proceedings when required;
Notification of the status and any changes to our products and services;
Conducting internal operations (financial, accounting, labor-related, among others), troubleshooting, data analysis, data integration and consolidation;
Registration and control of visitors on Company premises;
Risk management and the detection, prevention, and/or remediation of fraud or other potentially illegal or prohibited activities, as well as violations of applicable policies, contracts, or terms of use;
Compliance with legal or regulatory obligations, or as required in legal proceedings by any law enforcement or government authority;
Conducting forensic investigations;
Issuing diagnostic reports, audits, and information technology analyses.

The processing of Personal Data will cease:

When the purpose for which the personal data was collected has been achieved, or the collected Personal Data is no longer necessary;
When the Data Subject requests the deletion of their data, subject to applicable legislation;
When there is a legal determination to that effect.

5.3. Retention Period

Data and information will be stored:

For the period required by law and/or to fulfill a legal or regulatory obligation;
Until the termination of Personal Data processing, as described above;
In accordance with the guidelines of the Information Security Policy.

The deletion of data and information, when required, will be:

Carried out in compliance with all applicable legislation;
Performed in a manner that eliminates all evidence and existing copies;
Executed using established physical or electronic deletion procedures.

5.4. Sharing

Data and information may be shared with:

Service providers, to operate and execute the contracted services, who will be made aware of and will assume responsibilities and commitments regarding the privacy of Personal Data as agreed in specific contractual clauses;
Banking institutions, exclusively for the execution of contractual or employment-related transactions;
Regulatory bodies, judicial or administrative authorities, with whom we may share personal information to provide competent authorities with all information requested in relation to the Data Subject for the investigation of suspected violations of the law, or to address any other suspected breach of our policies and contracts.

For cases not covered above in which the sharing of Personal Data is required, the Data Subject will be asked for express authorization (consent) through the sending of a notification containing information about the sharing.

5.5. Data Subject Rights

Data Subjects are entitled, under applicable legislation, to the following rights:

Confirmation of the existence of Personal Data processing;
Confirmation of which Personal Data ZBRA holds about them;
Request for the correction of incomplete, inaccurate, or outdated data;
Deletion of data when it has been processed based on the Data Subject's consent, or when the data is unnecessary, excessive, or processed in non-compliance with applicable legislation;
Request for information about possible shared use of data.

For security reasons, requests to exercise these rights may require additional data or information to confirm the identity and authenticity of the Data Subject.

Data Subjects may contact ZBRA by email at dpo@zbra.dev.

5.6. How We Protect Your Personal Data

ZBRA takes seriously the security of the information it collects. We have therefore implemented technology and security policies and procedures designed to reduce the risk of accidental destruction or loss, as well as unauthorized disclosure or access to such information, proportionate to the nature of the data concerned. Personal information collected through our platform is stored in a structured environment, subject to and aligned with ZBRA's information security policies and procedures.

6. Changes to this Policy

Whenever ZBRA changes the ways and objectives by which Personal Data is collected and processed, this policy will be updated.

ZBRA reserves the right to make changes to its practices and to this Privacy Policy at any time, and therefore we ask that this policy be periodically reviewed.

7. Contact

To ask questions about our privacy practices or to submit a request, please contact us by email at dpo@zbra.dev.