Privacy Policy


Updated on 30,Jan,2024

This application is maintained and operated by Zillius Solutions.


By using our services, it's important to understand that we will collect and use your personal information in accordance with established privacy regulations:


The above-mentioned regulations define the rights of data subjects, the responsibilities of organizations processing personal data, and the data security and protection measures we have implemented.


Additionally, for the protection of personal data in the European Union, we include the Electronic Privacy Directive, which establishes rules for privacy and data protection in the context of electronic communications, covering areas such as cookies, direct marketing, spam, and privacy in electronic communication services.


Zillius Solutions, hereinafter referred to simply as Zillius, is the Data Controller responsible for processing the personal information collected through this application. Our company is duly registered under CNPJ no. 10,689,415/0001-78 and is committed to fully comply with the provisions of this Privacy Policy.


We value the security and privacy of your personal data and have adopted appropriate technical and organizational measures to protect your information against unauthorized access, loss, misuse, or disclosure. By using our services, you agree to the collection, use, and protection of your personal information as described in this Privacy Policy.


If you have any questions or need more information about the processing of your personal data, we recommend that you contact us through the support channels indicated in this document. We are here to help and provide additional clarification about our privacy practices and data processing.



Definitions


Confidentiality

According to the provisions of the legal regulations specified in this document, confidentiality ensures that the collected and processed information is accessible only to authorized individuals. This assurance aims to protect the privacy and integrity of users' personal data, preventing unauthorized access, misuse, or unauthorized disclosure of this information.


Integrity

Integrity ensures the accuracy and completeness of the collected information, as well as the methods used to process it. This principle aims to ensure that personal data is maintained accurately, updated, and complete throughout its lifecycle.


Accessibility

Following the guidelines of the aforementioned regulations, accessibility refers to the feasibility of accessing personal data on any device or location. We seek to adopt appropriate measures to ensure that data is available to authorized users whenever necessary, respecting legal requirements for security and privacy.


Personal Data

Personal data, according to relevant privacy legislations, encompasses information related to an identified or identifiable natural person. This includes, but is not limited to, information such as name, address, identification number, contact details, biometric information, and any other data that allows the direct or indirect identification of an individual.


Sensitive Personal Data

Sensitive personal data refers to information that reveals racial or ethnic origin, religious beliefs, political opinions, membership in unions or religious, philosophical, or political organizations, health or sexual life-related information, genetic or biometric data, when associated with an identified or identifiable natural person.


Third Party

A third party is a person or entity that does not directly participate in a specific contract, legal act, or business but, in addition to the involved parties, may have an interest or be affected by a legal process involving personal data. These third parties must act in accordance with the legal and contractual obligations of data protection established by the applicable privacy legislation.


Data Subject

According to legal definitions, the data subject is the natural person to whom personal data refers and who is the subject of processing. In other words, it is the individual whose personal information is being collected, stored, processed, or used in any way.


Processing

Data processing encompasses all operations performed with personal data, including collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation, information control, modification, communication, transfer, dissemination, or extraction. In summary, it refers to any activity involving personal data.


International Data Transfer

International data transfer refers to the transfer of personal data to a foreign country or international organization of which the data's country of origin is a member. This transfer is subject to specific regulations and requirements, aiming to ensure the adequate protection of personal data during its transfer and processing in a foreign territory.


Users

Users are all natural persons who use the requested service. These individuals can be website visitors, app users, company clients, or any other person interacting with the services and products offered by the organization. Protecting the privacy and rights of users is a fundamental concern in our privacy policy.



General Information


At Zillius, we have a strong commitment to transparency and respect for your privacy, in accordance with applicable privacy laws. Our role is to ensure the protection of your Personal Data, be transparent about the use of this data, and provide privacy and security when using our website and/or application.


We are committed to preserving your privacy and complying with established obligations. This document aims to clarify what information is collected from users on our application, how this data is handled and used in accordance with respective legislation, and the actions you can take regarding the use of this data.


In this regard, our Privacy Policy aims to inform our users how their information and data will be collected, used, shared, and stored through our website and services, in accordance with the legal bases established by respective legislations, and the actions you can take regarding its use, as provided in respective legislations.


To offer our services through this application and the security systems installed in the infrastructure, we collect various data and information, mainly aiming to increase your security and provide a better experience when using our services.


Zillius recognizes the importance of your privacy and, therefore, we take all possible measures to protect it, in accordance with legal provisions. Our Privacy Policy aims to inform our users how their information and data will be collected, used, shared, and stored through our website and services, in accordance with the legal bases established by respective legislations.


Acceptance of our Privacy Policy will occur during the registration of the user profile, from which you will begin to enjoy our services, even if free of charge. This indicates that you are aware and fully agree with how we will use your information and data, in accordance with the legal bases.


We take care of the protection of your personal data and, therefore, we provide this privacy policy, which contains important information about:


If you do not agree with the terms of our Privacy Policy, you will have restrictions on available functionalities. However, we ask you to inform us of your disagreement so that we can improve it in accordance with legal provisions.


Who Should Use Our Application


Our application is exclusively intended for individuals over 18 (eighteen) years old. Therefore, children and adolescents should not use it. If there is suspicion that a user is under 18 (eighteen) years old, we ask you to contact us immediately through support@astribes.com or by reporting the profile directly through the app.


The goal is to ensure the protection of personal data for all individuals, including children and adolescents, and establish specific measures for the treatment of this information when it comes to users under the age of majority. We strictly comply with these laws and will take appropriate measures to ensure compliance with them.



Consent is the legal basis used to process your personal data according to relevant laws in Brazil and the European Union. These laws aim to protect your rights and ensure the privacy and security of your personal data.


According to relevant privacy laws, consent must be freely given and must be clear, specific, informed, and unambiguous by which you authorize Zillius to process your personal data. This means that you must be properly informed about the specific purpose for which your data will be used, as well as about the rights you have regarding this data. Consent can be withdrawn at any time through the Astribes app and may result in the deletion of the account, as the collected data is solely for the purpose of recommending users to each other.


It is important to highlight that the withdrawal of consent for data processing may imply the impossibility of the proper performance of some functionality or full access to the application that depends on the operation. For example, if a specific functionality requires the use of your personal data to provide a specific service, the withdrawal of consent may prevent access or use of that functionality. Such consequences will be informed in advance so that you can make an informed decision when withdrawing your consent.


By using Zillius services and providing your personal data, you are giving your consent for the company to process this data in accordance with the provisions of its Privacy Policy. However, you have the right to withdraw your consent at any time, provided you comply with the requirements established in these laws.


We ensure the protection of your personal data and obtain your consent transparently and in compliance with legal requirements.


Data We Collect and Reasons for Collection


We collect and use certain personal data from our users to provide and improve our services. The collection of this data occurs in accordance with the purposes described in this section.


Personal data expressly provided by the user

The collection and use of personal data by our services are based on the legal bases established by LGPD in Brazil and GDPR in the European Union.


Based on the terms of the mentioned Regulations, the following personal data is collected when you use our application: Name, Email, Phone, Documents, Photos, Messages, Birth Information, Physical, cultural, educational characteristics, Location, Musical Preferences, Relationship Preferences.


This data is collected at the following moments:

  • User registration;
  • Profile editing;
  • Interactions with other users;
  • Account validation;
  • Subscription acquisition;


Personal data provided by our users serves the following purposes: Enable the provision of our services, Enhance the user experience of the application, Personalize content and recommendations based on user preferences, Facilitate interaction and communication between users, Comply with applicable legal and regulatory obligations.


This information is collected to ensure that we can provide the services requested by you and to enhance your experience when using our application. The collection of this data occurs at the moments of user registration, profile editing, interactions with other users, account validation, and subscription acquisition.


It is important to emphasize that your rights as the data subject are protected. You have the right to access, rectify, delete, and obtain the portability of your personal data. Additionally, you can revoke your consent at any time when data processing is based on this legal basis.


Revoking consent may imply the impossibility of using certain features of the application that depend on this data. If there are such consequences, you will be informed in advance.


If you wish to obtain more information on how your personal data is collected, used, and protected, we will be available to provide additional details. Transparency and compliance with data protection laws are essential to us.


Personal data obtained in other ways

We collect the following personal data from our users:

  • Legal name;
  • Email address;
  • Musical preferences;
  • Photos from other social media profiles;
  • Playlists from other social media profiles;
  • IP address;
  • Location;
  • User device information;


These data are collected during registration, profile editing, and integration with other social networks. This collection is based on the legal bases provided in LGPD and GDPR, which establish the need for consent or the existence of a legitimate interest for the processing of personal data.


The data provided by users are collected to enhance the user experience, enabling a personalized environment and facilitating interactions with other users. Based on this information, we can offer personalized music recommendations, connect users with similar interests, and promote interactions among members of our community.


We emphasize that we have adopted appropriate technical and organizational security measures to protect this personal data against unauthorized access, misuse, or disclosure. Additionally, we commit not to share this information with third parties without the express consent of the user, unless required by law or authorized by the aforementioned legislations.


To exercise your rights regarding your personal data, such as access, rectification, deletion, or portability, please contact us through the channels indicated in this privacy policy.


If you do not agree with the collection and processing of this personal data as described in this policy, you will have restrictions on the available functionalities. If you have any questions or concerns about the privacy of your data, do not hesitate to contact us. We are here to help enhance your user experience and facilitate your interactions with other community members.


Sensitive Data

We respect the privacy and data protection of our users in compliance with current privacy regulations. Our application may collect the following sensitive data from users:

  • data about racial or ethnic origin
  • data about religious or philosophical beliefs
  • data about political opinions
  • data about membership in unions or organizations of a religious, philosophical, political, or union nature
  • data about membership in a religious organization
  • data about membership in a philosophical organization
  • data about membership in a political organization
  • genetic data
  • biometric data
  • data related to the user's health
  • data related to the affective life or sexual orientation of the user
  • data from personal documents, such as identity number, passport, or driver's license

This data is collected at the following moments:
  • User registration;
  • Profile editing;
  • Interactions with other users;
  • Account validation;
  • Subscription acquisition;

We emphasize that the collection and use of this sensitive personal data will only be carried out with the specific and highlighted consent of the data subjects, except in cases where Privacy Regulations allow the processing of this data based on other legal bases.


Our commitment is to treat this sensitive data with the highest level of security and confidentiality, following the principles established by data protection laws. Furthermore, we guarantee that this information will not be shared with third parties unless required by law or authorized by the mentioned regulations.


We highlight that the processing of sensitive personal data will occur exclusively for specific purposes mentioned in this privacy policy or duly informed to users through other means. The main purpose of collecting this data is to enhance the user experience and interactions with other users, following the established terms.


To exercise your rights regarding your sensitive personal data, such as access, rectification, deletion, or portability, please contact us through the channels provided in this privacy policy. We commit to providing the necessary information and taking appropriate measures to meet the requests of data subjects, in accordance with current laws.


If you do not agree with the collection and processing of your sensitive personal data, you will have restrictions on the available functionalities. We value transparency and the protection of your sensitive data and are available to clarify any doubts or concerns related to the privacy of your data.


Collection of Data Not Expressly Provided

In accordance with legal provisions, we inform that we may eventually collect other types of data not expressly provided in this Privacy Policy. This may occur with the user's consent or when the collection is based on another legal basis established by law.


We emphasize that, in any case, the collection of data and the resulting processing activities will be duly informed to the application users. We ensure transparency regarding the collection and processing of data, providing the necessary information for users to exercise their rights in accordance with applicable laws.


If there is the collection of data not expressly provided in this Privacy Policy, we assure that the principle of purpose will be respected, meaning the data will be used exclusively for the informed purposes and in accordance with the legal bases established by current legislation.



Information Received from Third Parties

We clarify that, in addition to the information you provide directly, we may receive information about you from third parties, following these guidelines:


Members: Users of our services may provide information about you when they interact with you or when they submit reports related to you. This information includes the identification of your profile and data related to your behavior or conduct in using the application. The sharing of this information is based on consent and the need for processing to fulfill the contract between the user and the application;


Third-Party Platforms: We inform that if you choose to share information with us through a third-party platform account, such as creating an account using a third-party platform profile or uploading information from other third-party platform accounts to our services, we may receive additional information about you. This information may include your social profile, interests, activities, and connections.


We further clarify that the collection and processing of this information are carried out based on your explicit consent and in accordance with the guidelines established by data protection regulations. These measures aim to ensure the adequate protection of your personal data, safeguarding your privacy rights, and complying with legal data protection requirements;


Partners: It is essential to highlight that we may receive information about you through our partners, especially when Astribes' ads are displayed on the services of these partners. In this situation, the sharing of information may occur as a result of the success of an advertising campaign.


The shared information may include personal data relevant to the display and measurement of these ads, such as advertising identifiers, demographic data, and target audience preferences. All data-sharing processes with our partners are carried out in strict compliance with legal requirements established by data protection regulations, ensuring the adequate protection of your personal information.


We recognize the importance of the privacy and security of your personal data, and we are committed to adopting the necessary technical and organizational measures to ensure the confidentiality, integrity, and availability of the information shared with our partners.


If you have specific questions about receiving information from third parties or if you wish to exercise your data protection rights, such as access, rectification, deletion, and objection, please contact us through the channels provided in this Privacy Policy.


Sharing of Personal Data with Third Parties


Protecting your privacy is of utmost importance to us, as established by current data protection regulations. Therefore, Zillius will not share, sell, or rent your personal data to third parties without your prior authorization.


However, it is important to note that we may share your personal data under certain circumstances, based on applicable legal or regulatory requirements. This includes compliance with legal, regulatory, or judicial obligations, as well as fulfilling orders or requests issued by competent public authorities.


We ensure that any sharing of personal data is done in accordance with the legal bases established by current legislation. This means that we will only share your personal data with third parties when there is a valid legal basis to do so, such as your explicit consent, compliance with a legal obligation, or the legitimate interests of our business.


Additionally, we will take all appropriate measures to ensure that third parties with whom we share your personal data also comply with the data protection obligations established by the mentioned regulations. This includes entering into contractual agreements that outline the responsibilities and obligations of the third party regarding the protection and security of your personal data.


We reiterate our commitment to preserving your privacy and ensuring that your personal data is treated securely and in compliance with applicable data protection laws.


How User Information Will Be Shared


Our main goal is to facilitate the connection between our users, allowing them to find people with similar interests and compatibilities. Therefore, your information may be shared with other users, providing relevant and enriching interactions. This sharing will occur subsequently and strictly as necessary to achieve this goal.


Occasionally, we may share some user information for advertising or marketing campaigns. We emphasize that any sharing will be done in accordance with the legal bases established in this document.


Additionally, there are other specific situations in which your data may be shared, as detailed below:

  • Legal Determination: In case of a legal determination, requirement, request, or court order, we may share your information with competent judicial, administrative, or governmental authorities, in strict compliance with the legal obligations imposed on us;
  • Corporate Transactions: In the event of corporate operations, such as merger, acquisition, or incorporation, your data may be automatically shared as part of that process. We commit to ensuring that such sharing is done in accordance with applicable data protection legal provisions;
  • Protection of Zillius' Rights: In situations of disputes or conflicts, including those of a judicial nature, we may share your information to protect the rights of Zillius. This sharing will be done when necessary and in compliance with current data protection laws;

It is important to emphasize that we will adopt adequate measures to ensure that any information sharing is done in accordance with legal provisions, aiming to protect your privacy and ensure the security of your personal data.


How We Use User-Provided Information


The provided information will be used in accordance with the legal bases established by data privacy regulations to provide our services and enhance the user experience. Thus, we use the information to provide more security and to present users with content and/or ads that match their interests, respecting the principles of transparency, necessity, purpose, adequacy, minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

Below, we detail meticulously how the information provided by users will be used.


To Provide Our Services and Help Manage User Accounts

Our commitment is to assist users in creating and managing their accounts, providing user support services, and promptly responding to all requests and inquiries.


In this regard, we will:

  • Provide user support services: We are committed to delivering efficient and responsive user support services, aiming to address all user requests and inquiries in a timely and effective manner;
  • Inform about available services: We will keep users informed about all services available on the application, as well as any news and updates that may be released in the future for the benefit of all users;
  • Register and display user profiles in new features: With user consent, we may use the provided information to register and display their profiles in new features or functionalities of the application, aiming to enhance the user experience and facilitate interaction among users;
  • Administer user accounts: As part of the service provided, we will administer user accounts, ensuring the integrity and availability of data and facilitating access to new features that may be made available to users;

It is important to emphasize that in all these activities, we will comply with current legislation, respecting the rights and guarantees of users regarding the protection of their personal data.

Our Privacy Policy provides more comprehensive details on how these activities are carried out in compliance with respective legislations.


Enhance and Develop New Services and Experiences for Users

Our commitment is to constantly enhance and develop our services, providing users with new and excellent experiences. To achieve this, we will perform the following activities:


User analysis and understanding: To improve our services, we will analyze and understand the typical user behavior on our platform. This will allow us to enhance and adapt our services according to users' needs and preferences, ensuring more satisfactory experiences;


Development of new services and features: We value user suggestions and are committed to addressing them. Therefore, we will use these suggestions as a basis for refining and developing new services and features on our platform, aiming to provide an increasingly comprehensive and satisfactory experience;


Analysis of communication with the customer support team: To ensure the quality of services on our platform, we will provide and analyze communications between users and our customer support team. This analysis will help us identify possible improvements in service quality and optimize our support processes;


Conducting market studies and research: Based on user interactions on our platform, we will conduct market studies and research to understand user trends and preferences. This information will be used in an aggregated and anonymized form, ensuring user privacy, and will assist us in making strategic decisions for the continuous improvement of our services.


It is important to note that all these activities will be carried out in compliance with applicable data protection laws. Our Privacy Policy provides more details on how these activities are conducted in accordance with respective legislations and how we protect users' personal data.


To Connect You with Other Users

Our main goal is to connect you with other users who are compatible with your profile. To achieve this goal, we will perform the following activities:


Analysis of provided information: Based on the information provided by users, our main purpose is to analyze, recommend, and rank members compatible with each user's profile according to Astribes' proposal. This information will be used to enhance users' experience, facilitating connections with other members who share similar interests and characteristics.


Recommendation of compatible members: Based on the mentioned analysis, we will recommend community members who have profiles compatible with yours, allowing you to make relevant and meaningful connections. These recommendations will be made considering objective criteria and in a way that respects your privacy.


Ranking of members: In addition to recommendations, we may also rank members based on their compatibility with your profile, in accordance with the legal bases established by LGPD and GDPR. This ranking aims to facilitate the search and interaction with other users who may have a greater affinity with you, always respecting your preferences and privacy rights in accordance with applicable laws.


To Design Advertising and Marketing Campaigns

Based on the information provided by users, our goal is to design advertising and marketing campaigns to present and offer products and services that are relevant and interesting to users, respecting the principles of purpose, adequacy, and necessity of personal data processing.


Furthermore, we can execute and measure the effectiveness of advertising campaigns for our services, as well as marketing campaigns promoting Astribes, based on the legitimate interest of the controller, as provided in Article 6(f) of the GDPR and Article 7(IX) of LGPD. These activities are carried out to assess and optimize the performance of these campaigns, ensuring they are targeted to the appropriate audience without compromising users' privacy and rights.


We emphasize that all advertising and marketing activities are carried out in accordance with the legal bases established in this document, including the need to obtain users' consent when required. We have implemented appropriate security measures to protect the confidentiality and integrity of users' information during these processes.


To Prevent, Identify, and Eliminate Fraudulent and Unauthorized Activities

In order to prevent, identify, and eliminate fraudulent activities, as well as any unauthorized and unlawful activities, we use appropriate measures in accordance with the provisions of regulations. Additionally, we adopt procedures to identify and address suspected, ongoing, or presumed violations that go against the terms of use, which can be detected through the analysis of interactions between users and any received reports. These actions aim to prevent and ensure compliance with the mentioned data protection standards, ensuring the integrity of the platform.


By analyzing such suspicions, we seek to better understand the nature of these violations and devise counteractive measures that violate our terms of use, still in accordance with the obligations established by the applicable laws.


We commit to effectively implement all the rights determined in our Terms of Use, in compliance with the obligations provided by the relevant data protection legislations.


Furthermore, we commit to informing users who submit reports of the results of our actions regarding their reports, ensuring proper communication and transparency, as established by data protection laws.


To Meet Legal Requirements in Compliance with the Law

Zillius always acts in strict compliance with applicable legal provisions. We have implemented appropriate technical and organizational measures to ensure the security and protection of users' personal data, as required by the principles of minimization, purpose, adequacy, necessity, consent, and other principles established by data protection and privacy laws.


Our preventive and resolution actions aim to prevent any possible transgressions or legal non-compliance, as well as ensure the privacy and protection of users' rights. In case of identification of suspected, ongoing, or presumed violations that go against the terms of use, we conduct detailed analyses of interactions between users and consider any reports, taking appropriate measures in accordance with the obligations provided by the relevant legislations outlined in this document.


Additionally, we are committed to cooperating effectively with competent authorities, including law enforcement authorities, when necessary, to ensure compliance with data protection laws. This collaboration includes providing information and appropriate support for investigations related to possible data breaches or other infractions.


Our goal is to ensure that all activities conducted on our platform comply with current legislation, respecting the rights of users and protecting their personal data. To achieve this, we maintain a proactive stance in adopting security measures and continuously improving our processes to ensure compliance with the requirements related to the protection of personal data.


International Data Transfer


In certain circumstances, we may share your data with third parties located in foreign countries or having facilities in those countries.


Regarding international data transfers, it is important to note that even when we share your personal information with third parties located in foreign countries, your data will continue to be subject to data protection regulations.


This means that, regardless of the location of the involved third parties, we are committed to ensuring compliance with the requirements established by current data protection laws. This includes appropriate treatment, security, and protection of your personal data during international transfers.


For users residing in the European Economic Area (EEA) and subject to the General Data Protection Regulation (GDPR), please be informed that when we transfer your personal information to countries that do not have data protection laws considered adequate by the European Commission or another competent government body, we adopt specific measures to ensure the security and protection of your data during international transfers.


In these cases, we use the standard contractual clauses or other appropriate mechanisms. The standard contractual clauses are commitments established between our company and the third entities involved in the transfer of personal data. These clauses bind the involved companies, establishing safeguards to protect the privacy and security of the transferred personal data.


Thus, even in countries that do not have adequate data protection laws, we strive to ensure compliance with the best privacy and security practices. By adopting standard contractual clauses or other appropriate mechanisms, we seek to ensure that your personal information is treated securely and in compliance with applicable data protection requirements.


Our commitment is to take all reasonable measures to ensure cybersecurity and the protection of your data, in accordance with applicable legislative and regulatory requirements. By agreeing to this Privacy Policy, you also consent to the transfer of your personal data to foreign countries, as described in this document and for the purposes established.



Cookies and Similar Technologies


When you use our application, we may automatically collect your personal data through cookies or similar technologies. A cookie is a small file that can be stored on your device or browser, allowing us to recognize you and remember you.


If you wish to obtain more information about cookies, including details on how we use them and what options are available to you, we recommend checking our Cookie Policy.



Legal Bases for the Processing of Personal Data


Each operation of personal data processing requires a solid legal foundation, i.e., a legal basis that justifies and authorizes such processing, as established in the General Data Protection Law (LGPD) and the General Data Protection Regulation (GDPR).


On the platform, all our activities of personal data processing are based on appropriate legal bases, in total compliance with current legal provisions. These legal bases are defined and chosen according to the specific purpose of each operation and may include, but are not limited to: user consent, contract execution, compliance with legal obligations, protection of life, health protection, legitimate interests of the controller or third parties, and the regular exercise of rights in a judicial, administrative, or arbitration process.


Our policy is to ensure that all personal data processing activities are carried out in accordance with legal requirements, fully respecting the rights of users and protecting their personal data. To achieve this goal, we adopt adequate measures based on the legal bases provided in the LGPD and GDPR.


If the User needs additional information about the specific legal bases used in certain data processing operations, beyond those stated in this document, we provide contact channels for clarification. These channels can be found at the end of this Privacy Policy, and our team will be ready to provide the necessary clarifications.



Digital Services, Privacy, and Personal Data Protection


Below are the main Brazilian and European normative acts applicable to digital services, privacy, and personal data protection:


Brazil

Law No. 12,737, of November 30, 2012

Establishes criminal typification of computer crimes; amends Decree-Law No. 2,848, of December 7, 1940 - Criminal Code; and provides other measures


Law No. 12,965, of April 23, 2014 - Brazilian Civil Rights Framework for the Internet (Marco Civil da Internet)

Establishes principles, guarantees, rights, and duties for the use of the Internet in Brazil.


Law No. 13,709, of August 14, 2018

Deals with the processing of personal data, including in digital media, by a natural person or by a legal entity of public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person. (LGPD)


Constitutional Amendment No. 115, of February 10, 2022

Provides for the amendment of the Federal Constitution, including the protection of personal data among fundamental rights and guarantees, establishing the Union's exclusive competence to legislate on the protection and processing of personal data.


European Union

Regulation (EU) 2016/679 - General Data Protection Regulation (GDPR):


Establishes rules regarding the processing, protection, and free movement of personal data of individuals in the European Union.



ePrivacy Directive (Directive 2002/58/EC):


Addresses privacy issues in electronic communication services, including the use of cookies and other tracking technologies.


User Rights


The application user, i.e., the data subject, has rights ensured by the specified regulations. These rights include access to personal data, correction of incorrect information, the right to delete data processed based on consent (except when necessary or processed inappropriately), and the right to receive information about the non-mandatory nature of consent and its consequences.


It is important to note that the data subject does not have an absolute right to delete data when processing is based on legal grounds other than consent, unless the data is considered unnecessary, excessive, or processed in non-compliance with applicable law. In such cases, the data subject has the right to request the deletion or blocking of this information.


Additionally, these legislations grant the data subject the right to access their personal data, correct them, request data portability, and obtain information about the processing of their data.


To exercise these rights or obtain more information, please contact us through the channels provided in our Privacy Policy.


What are the user's rights in this document?

Zillius ensures its users/customers the rights of the data subject established in Data Protection Regulations. Thus, the user has the following rights, which are free and can be exercised at any time:


Right to confirmation and access by the data subject: The user has the right to confirm whether their personal data is being processed and to access it. This includes the right to receive information about the purpose of the processing, the categories of data involved, and the recipients of the data.


The data controller must be able to prove that the data subject has given their consent to the processing, where applicable. Additionally, the user has the right to request a copy of their personal data undergoing processing. These rights are essential to ensure transparency and the user's ability to exercise control over their personal data.


Right to rectification: The user has the right to request the rectification or correction of any inaccurate or incomplete personal data stored and processed. If incorrect or missing information is identified, the user can request the update of their data, ensuring that it is accurate and up-to-date. This right covers not only the correction of errors but also the completion of incomplete information.


Right to limit the processing of data: The user has the right to request the limitation of the processing of their personal data in certain circumstances. This includes situations where the accuracy of the data is contested, when the processing is considered unlawful, when the controller no longer needs the data, and when the data is unnecessary, excessive, or processed in violation of the provisions established in current legislation. In these circumstances, the user may request anonymization, blocking, or deletion of the data, thus ensuring the protection of their privacy and compliance with applicable data protection laws.


Right to object: The user has the right to object to the processing of their personal data based on reasons related to their specific situation. The user can exercise their objection when there are legitimate and justified reasons for doing so. The purpose of this right is to ensure that the user can control the use of their personal data and protect their privacy in accordance with the standards established in applicable legislation.


Right to Data Portability: The user has the right to receive their personal data provided to the controller in a structured, commonly used, and machine-readable format. This prerogative allows the user to transmit this data to another controller without any hindrance, including alternative service or product providers. According to legal standards, this right is guaranteed to promote freedom of choice and control over the user's personal data. It is important to note that this right applies only to data provided by the user or generated from their interaction with the controller, provided the processing is based on the user's consent.


Right to Erasure or Deletion of Data ("Right to be Forgotten"): The user has the right to request the deletion of their personal data, also known as the "right to be forgotten." This right allows the user to request the removal of their data when there are no legal grounds for its retention, such as compliance with legal obligations or the regular exercise of rights in a judicial process. Legal standards regarding data protection guarantee this right, aiming to give the user control over their personal data and privacy. It is important to note that, in some cases, data may need to be retained for legal reasons, but whenever possible, deletion will be carried out following the standards established by applicable legislation.


Right to Information: The user has the right to be informed about the processing of their personal data, including information about the purposes of processing, the categories of data involved, the recipients of the data, public and private entities with which the controller has shared data, as well as the possibility of not giving consent and the consequences of refusal. Additionally, the user has the right to receive additional information, such as the legal basis for processing, data retention periods, rights of rectification, erasure, and restriction of processing, and the right to file a complaint with a supervisory authority.


Right to Withdraw Consent and Applicable Conditions: The user has the right to withdraw their consent at any time, if the processing of personal data is based on that consent. The withdrawal of consent will not affect the legality of processing carried out based on previous consent.


These rights are essential to ensure transparency, control, and protection of the user's personal data in the context of Zillius' dating application, in compliance with applicable laws.


How the Data Subject Can Exercise Their Rights

The data subject of the personal data processed by us has the right to exercise their data protection rights. To facilitate this process, we provide a direct contact channel with our Data Protection Officer, the designated professional responsible for handling privacy and data protection issues. The information to contact the Data Protection Officer is available in the How to Contact Us section of this Privacy Policy.


To exercise their rights, data subjects can contact our Data Protection Officer through the email provided in this document. We are available to promptly respond to all requests related to the data subject's rights.


It is important to note that, to ensure the correct identification of the data subject in question, we may request documents or other information to assist in verifying their identity. This measure aims to protect the privacy and security of the data subject's personal data, as well as ensuring compliance with applicable legal obligations.


If it is necessary to request documents or proof to verify the identity of the data subject, we will inform in advance about this requirement. All information provided will be treated with due confidentiality and in accordance with the security standards established by current legislation.


We ensure that the rights of data subjects are respected, and their requests are handled transparently and effectively. We will be available to clarify any doubts and provide necessary support during the exercise of their rights.


How Long Will Your Personal Data Be Stored

Personal data collected by Astribes will be used and stored for the time necessary to provide the service or achieve the purposes listed in this Privacy Policy, considering the rights of data subjects and controllers, in accordance with applicable laws.


In general, data will be retained for the duration of the contractual relationship between the user and Astribes. After the storage period for personal data expires, they will be deleted from our databases or anonymized, except for the cases legally provided for in Article 16 of LGPD and Article 17 of GDPR, which guarantee the right to deletion and erasure of personal data, provided that legal requirements are met, namely:


  • • Compliance with a legal or regulatory obligation by the controller: Personal data may be kept by the controller for the time necessary to comply with legal or regulatory obligations established in both LGPD and GDPR;
  • • Study by a research organization, ensuring, whenever possible, the anonymization of personal data: In cases where personal data is used for research purposes by a research organization, the anonymization of data will be ensured, whenever possible, to protect individuals' privacy;
  • • Transfer to a third party, respecting the data processing requirements set out in regulations: Personal data may be transferred to third parties, provided that the new controller respects the data processing requirements established in current legislation. This transfer must be made in accordance with data protection principles and ensuring compliance with the laws; or
  • • Exclusive use by the controller, prohibited access by third parties, and provided that the data is anonymized: Personal data will be used exclusively by the controller, with access by third parties prohibited, provided that the data is properly anonymized. Anonymizing data is an important measure to protect individuals' privacy and ensure compliance with legal provisions.

That is, personal information about users that is essential for compliance with legal, judicial, and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be retained, despite the deletion of other data.


The storage of data collected by Astribes reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions to ensure the confidentiality, integrity, and inviolability of your data. In addition, we also have security measures appropriate to the risks and access control to stored information.


Thus, if the user chooses to stop using the services offered by Astribes, they can close their account, making their profile invisible to other users.


We emphasize that if the user's profile remains inactive for a period of 3 years, Astribes will automatically close the user's account, without prior notice. Upon completion of the closure, the information provided by the user will be deleted in accordance with this Privacy Policy. Therefore, personal information will be deleted according to the terms below.


Personal data we collect will be stored and used for the following periods:


Initially, to protect the security of all users, for users who choose to discontinue the use of our services, we will preserve their personal information for a period of 3 (three) months after the account is closed, limited to 01 (one) year after its deletion. Such information should be kept in case there is a need for investigation, in the face of possible reports of illicit conduct. The retention of information aims to ensure legitimate interest and establish defenses against third parties who may become victims.


Upon the expiration of the aforementioned period, user data will be deleted; however, we will keep only limited information for compliance with legal determinations, as specified in the terms below:

  • We will keep limited information and data for a period of 5 (five) years, counted from the closure or permanent deletion of the user's account, for the possible fulfillment of legal obligations under Article 16 of the General Data Protection Law (LGPD) and Article 17 of the General Data Protection Regulation (GDPR). This information will be kept to enforce our right of defense against any legal actions that may be filed, in accordance with the requirements established in both LGPD and GDPR.
  • According to Article 17 of the GDPR, the right to erasure, also known as the "right to be forgotten," allows data subjects to request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, when the data subject withdraws consent for processing, when there is opposition to processing, when the data has been processed unlawfully, or when there is a legal obligation to erase the data.
  • However, both the LGPD and GDPR provide reservations to this right to erasure, as mentioned earlier in the paragraph. These reservations relate to legal or regulatory obligations that may require data retention, compliance with a legal obligation by the controller, research studies by research organizations (ensuring anonymization whenever possible), data transfer to third parties (provided data processing requirements are respected), or exclusive use by the controller (prohibited access by third parties and with data anonymization).
  • Additionally, we will keep financial transactions related to the user only for the period relevant to any transaction disputes requested by the user.

Thus, the periods mentioned are not longer than strictly necessary, meeting the purposes and legal justifications for data processing.


It is worth mentioning that, if there is any legal or regulatory justification, data may continue to be stored even if the purpose for which they were collected or processed has been exhausted.


Once the processing is completed, observing the provisions of this section, the data will be deleted or anonymized.


Thus, our privacy policy seeks to reconcile the right to erasure with the legal reservations provided in the current Data Protection Regulations, ensuring compliance with both legislations and protecting the rights of data subjects.


Data Security Measures


To keep your personal information secure, we use physical, electronic, and managerial tools designed to protect your privacy.


We apply these measures considering the nature of the collected personal data, the context, and the purpose of the processing, as well as the risks that potential breaches could pose to the rights and freedoms of data subjects.


Among the measures we adopt, we highlight the following:


Restricted Access
  • • Only authorized personnel have access to the collected personal data, following the definitions of "controller" or "data controller" established by the data protection regulations outlined in this document.
  • • Access to your personal data is granted only after committing to confidentiality. This access is exclusively given to individuals who have committed to confidentiality, ensuring the protection and privacy of the information you entrust to us. This way, we ensure that only authorized individuals committed to confidentiality have access to your data, reinforcing the security and integrity of your personal information.

Secure Storage
  • • Personal data is stored in secure and reputable environments, using appropriate infrastructure to protect them against unauthorized access, destruction, loss, misplacement, or improper alteration.
  • • These measures are adopted in compliance with the security obligations established by legal terms.

Technical and Organizational Measures
  • • We implement effective technical and organizational measures to ensure the security of personal data.
  • • These measures consider the nature of the data, the context and purpose of the processing, as well as the standards currently used in the market by companies similar to ours.
  • • Thus, we seek to protect data against threats such as unauthorized access, destruction, loss, misplacement, or improper alteration.

In addition to the mentioned measures, we also adopt other security management methods, such as:

  • • Secure storage of user data in a controlled environment that complies with security standards established by applicable laws;
  • • Restriction of access to user data, ensuring that only authorized personnel responsible for processing have access to the information;
  • • Use of SSL (Secure Socket Layer) certificate to encrypt data transmission between users' devices and our servers, providing secure and protected communication;
  • • Recording and monitoring of data access activities, maintaining a record of all interactions and relevant events related to the collected and processed personal data;
  • • Use of advanced defensive and preventive security techniques, such as encryption, load balancing servers, environment segregation, Firewalls, WAFs (Web Application Firewalls), among others, to mitigate potential risks and ensure data integrity.

We would like to emphasize that, although we implement all possible measures to prevent security incidents, it is important to recognize that there are situations beyond our complete control. This includes actions by third parties, such as hacker attacks or malicious behaviors of individuals. We also acknowledge that, in certain circumstances, the security of your data may depend on your own actions, i.e., the user's decision to share them with third parties. In these exceptional situations, where we cannot exercise direct control, we are not responsible for security incidents that may occur.


In the event of any security incident that may pose a relevant risk or damage to your personal data, we are committed to promptly communicate to both the affected parties and the competent data protection authorities.


Furthermore, in compliance with the GDPR (Article 33), we will also inform the competent data protection authority required by the European Union, which is the supervisory authority for data protection in each member country. It is important to note that each country has its own data protection authority responsible for overseeing compliance with data protection laws and preserving the privacy of individuals within its jurisdiction.


We are fully compliant with the regulations established by these laws and dedicated to ensuring the constant protection and privacy of the personal data you share with us.


Complaint to a supervisory authority


In case of any dissatisfaction or violation of the rights of personal data subjects, they have the right to file a complaint with the competent authorities. This recourse option does not exclude other administrative or judicial avenues available to protect the rights of data subjects.


Changes to this policy


The current version of this Privacy Policy was last updated on: January 15, 2023.


We reserve the right to modify these rules at any time, especially to adapt them to any changes made to our application, whether by providing new features, deleting, or modifying existing ones.


Whenever there is a modification, our users will be notified of the changes, following the provisions of applicable data protection laws.


By using our services and providing your personal data after such modifications, you consent to the changes made and agree to comply with the updated rules of our Privacy Policy.


Responsibility


Zillius foresees the responsibility of the agents involved in data processing processes, in compliance with relevant legislation and other applicable provisions.


It is our duty to keep this Privacy Policy up to date, observing its provisions and ensuring compliance with relevant legislation.


Additionally, we also commit to seeking technically and organizationally secure conditions capable of protecting the entire data processing process.


If competent authorities, in accordance with relevant legislation, require the adoption of measures regarding the data processing carried out by Astribes, we commit to following them.


Disclaimer


As mentioned in relevant sections, Zillius adopts high security standards to prevent incidents. However, it is important to note that there is no entirely risk-free online page. Thus, Zillius is not responsible for:

  • Any consequences resulting from the negligence, recklessness, or incompetence of users regarding their individual data. Zillius guarantees and is responsible only for the security of data processing processes, according to the definitions established by Data Protection Regulations, and for the fulfillment of the purposes described in this document. We emphasize that the responsibility for the confidentiality of access data lies with the user.
  • Malicious actions by third parties, such as hacker attacks, except in the case of proven culpable or deliberate conduct by Zillius. According to legal standards, there is an obligation to implement appropriate security measures to protect personal data against unauthorized access and security incidents.
  • In the case of security incidents that may pose a relevant risk or damage to you or any of our users/clients, Zillius is committed to communicating to the affected parties and the competent Data Protection authorities required in each regulation about the incident and to comply with the necessary measures to mitigate the impacts.
  • The inaccuracy of information entered by the user/client in the records necessary for the use of Zillius services, as well as any consequences arising from false or maliciously entered information, are the sole responsibility of the user/client. Data Protection Regulations establish the principle of data quality, requiring the truthfulness and updating of the information provided.

Zillius reiterates that it assumes no responsibility for message exchanges and the content of such messages. It is important to emphasize that the company is not responsible for such interactions, as this is the exclusive responsibility of the user.


How to Contact Us


Zillius provides the following means for you to contact us to clarify any doubts about this Privacy Policy or the personal data we process, in accordance with legal provisions:


Contact our Data Protection Officer (DPO), responsible for ensuring compliance with data protection legislation, by email: support@astribes.com. If you wish to exercise your rights as a data subject, please contact us using the same email mentioned above. We are available to address your requests and provide necessary information regarding privacy and data protection.