NOTICE

Privacy and Cookie Notice

We respect and care about the privacy and protection of the personal data of its users, so we treat the personal data of our users with due care, following the current legislation, in particular, the General Law for the Protection of Personal Data (LGPD).

This Privacy Notice explains in a clear and accessible way what personal data we collect and process when you use and access our services or browse our websites, what purposes we use your data, how it is used, your rights over that data and how you can exercise them.

1. DEFINITIONS

1.1. Anonymization: Use of reasonable technical means available at the time of Processing, through which data loses the possibility of direct or indirect association with an individual.

1.2. Cloud Computing: Or cloud computing, is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the objective of reducing costs and increasing the availability of sustained services.

1.3. Cookies: Small files sent by the Platform, saved on your devices, which store preferences and little other information, in order to customize your browsing according to your profile.

1.4. Data: Any information entered, processed or transmitted for the execution of services related to the use of our Platform.

1.5. Anonymized Data: Data relating to a data subject who cannot be identified, considering the use of reasonable technical means available at the time of its processing.

1.6. Personal Data: Data related to an identified or identifiable natural person.

1.7. Sensitive Personal Data: Personal data about racial or ethnic origin, religious belief, political opinion, membership in a union or organization of a religious, philosophical or political nature, data referring to health or sex life, genetic or biometric data, when linked to a natural person.

1.8. Solely automated decisions: These are decisions that affect a user that have been programmed to work automatically, without the need for human operation, based on automated processing of personal data.

1.9. Data Protection Officer (“DP O”): Person appointed by us to act as a communication channel between him/herself, you, the other personal data subjects and the National Data Protection Authority (“ANPD”).

1.10. Session ID: Identification of the session of users when access to the Platform is made.

1.11. IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies your devices on the Internet.

1.12. Link: Terminology for internet address.

1.13. Logs: Activity records of any users who use the Platform.

1.14. Plataforma: site https://www.checklistfacil.com/;

1.15. Holder: Natural person to whom the personal data that is the object of processing refers.

1.16. Processing: Any operation carried out with Personal Data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of informatio n, modification, communication, transfer, dissemination or extraction.

1.17. International Data Transfer: Transfer of personal data to a foreign country or international

2. CONTROLLER

2.1. When processing your data as set out in this notice, we act as a Controller:

2.1.1. Softplan S/A, headquartered in the city of Florianópolis, State of Santa Catarina, at Avenida Luiz Boiteux Piazza, 1302, Lote 87/89, Cachoeira do Bom Jesus, CEP: 88.056-000, registered with the CNPJ under No. 15.087.394/0001-34 (Softplan).

3. SPECIAL NOTES FOR CHILDREN AND ADOLESCENTS UNDER THE AGE OF 16

3.1. Please do not access or register in Our Environments if you are under the age of 16.

4. SPECIAL NOTES FOR LEGAL REPRESE NTATIVE S

4.1. Although we prohibit children and teens under the age of 16 from registering and accessing, parents should supervise their underage children’s online activities.

4.2. The activities of adolescents over 16 years of age and under 18 years of age must be assisted by parents or legal representatives.

5. ACKNOW LE DG ME NT OF AND AGREE ME NT TO THIS PRIVACY NOTICE

5.1. By browsing and using the features of our platform and environments, you confirm and declare that you have carefully read this Privacy and Cookie Notice and agree to the terms stipulated herein. Your agreement is free and express, and you also agree to the processing of your data under the conditions described below.

6. HOW DATA IS COLLECTED

6.1. During your navigation on our platform and environments, we may collect personal data in the following ways:

6.1.1. Through your browsing and interactions

6.1.1.1. We collect the Data that you voluntarily provide to us when you use our services, fill out registration forms, register user profiles, promotional entries, sweepstakes, contests, customer service requests, software and mobile application downloads, make comments, the pages and content you access, and other interactions on our website and environments;

6.1.2. Data collected automatically

6.1.2.1. We may collect some Data automatically, as described in the “Passive Data Collection” topic in this notice;

6.1.3. Data obtained from third parties

6.1.3.1. We collect Personal Data available in Public databases, social networks and also platforms that contain data voluntarily provided by you. In addition, we may receive your personal data from partners who have the legitimacy to share the data, always in accordance with this notice and applicable laws

7. WE WILL PROCESS YOUR DATA BASED ON THE FOLLOWING LEGAL HYPOTHESES, AS THE CASE MAY BE

7.1. Consent: When you actively consent to the processing of the data for a specific purpose. This consent can be revoked at any time.

7.2. Legitimate interest: When we or partners have a legitimate interest in using your data, as provided for by law, respecting your fundamental rights and expectations.

7.3. Contract performance: When necessary to fulfill a contract or pre-contractual diligences, such as when subscribing to a service and we need to use your data to process your request and deliver the contracted product.

7.4. Compliance with legal or regulatory obligation: When necessary to comply with legal and regulatory obligations, such as responding to letters from competent authorities.

7.5. Regular exercise of rights: When necessary for us to exercise our rights in administrative, judicial and arbitration proceedings.

7.6. Credit protection: When necessary to prevent fraud and validate your identity, such as when subscribing to paid services.

8. CATEGORIES AND PURPOSES OF DATA COLLECTED

8.1. The Personal Data collected includes the following categories and is used for the purposes highlighted below:

What is collected?	What is it collected for?
Registration Data (online environment)
Full name	I. Identify and authenticate the person who is registering the company in the free trial; II. Comply with the obligations arising from the provision of the Platform to you; III. Expand their experience and promote activities linked to the use of the Platform; IV. Allow resumes to be sent in Work With Us; V. Allow contact through the Contact Us channel; VI. Expanding our relationship, informing you about innovations, features, content, news and other events that we consider relevant to you; VII. Enable you to access and use the Platform's features and functionalities; VIII.To guarantee the portability of the Registration Data to another Controller in the same field of activity, if so requested by you, complying with the obligation of article 18 of the General Personal Data Protection Law;
City, State and Country
Email
Contact Phones
Company Name
Digital Identity Data
Source IP Address and Logical Port	I. Enable access to restricted areas of the Platform; II. Comply with legal record keeping obligations established by the Brazilian Civil Rights Framework for the Internet - Law 12.965/2014; III. Security monitoring of the Platform for your and our security; IV. Quantify and qualify the accesses of the Platform.
Timestamps of each action you take
Which screens you accessed
Section ID
Cookies
Username

9. UPDATING AND VERACITY OF DATA

9.1. You are solely responsible for the accuracy, truthfulness or lack thereof in relation to the Data you provide or for its outdatedness. Please be aware that it is your responsibility to ensure accuracy or keep them up to date.

10. TECHNOLOGY WE USE

10.1. Location-Based Services

10.1.1. We may collect, use, and share (with our partners, service providers, and licensees) precise location data, including the real-time location of your device from a fixed or mobile location.

10.2. Analysis tools

10.2.1. We use analytics tools, such as Microsoft Clarity software and other third -party technologies, to collect non-personal information in the form of various usage and behavior metrics when using our website or services (referred to as “Websites and/or Services” in this Notice). These tools and technologies collect and analyze certain types of information, including cookies, IP addresses, device and system identifiers of the device that is accessing the website and software, referring and exit URLs, usage and behavior information on the website, feature usage statistics, usage and purchase history, device identifiers, and other similar information.

10.2.2. Third-party analytics companies that collect information on our Websites and/or Services and other online products and/or services may combine the information collected with other independent information from other websites and/or related online or mobile products and services, covering their activities across the entire network of websites, as well as online and/or mobile products and services. Many of these companies collect and use information in accordance with their own privacy policies.

10.2.3. In addition to the use of technologies as described herein, we may allow certain third -party companies to help us personalize advertisements that we believe may be of interest to you, based on your use of our Sites and/or Services, and to collect and use d ata about that use. For more information about this practice, please see the “Third-Party Advertising Technologies” section below.

10.2.4. You can opt out of the DoubleClick cookie by visiting Google’s advertising opt-out page or opt out of Google Analytics by visiting the Google Analytics and/or other collection tools opt-out page.

10.2.4.1. Google provides additional information about its Marketing Privacy Guidelines and restrictions.

10.2.5. In some cases, our use of your personal information may result in automated decisions being made (including profiling). Automated decisions mean that a decision about you is made automatically based on a computational determination (using software algorithms), without our human review. For example, we use automated decisions to deliver targeted advertising on our Services that may be of interest to you. You can opt out of receiving targeted advertising by clicking “Unsubscribe” at the bottom of the advertising email you receive.

11. WHO WE MAY SHARE YOUR DATA WITH

11.1. We may share your data with third parties and partners as necessary to achieve the purposes described in this Privacy Notice. Such sharing will follow the best information security practices in the market and will comply with applicable laws, including, but not limited to:

Automatically in case of corporate transactions, such as merger, acquisition and incorporation;
With competent judicial, administrative, regulatory or governmental authorities, whenever there is a legal determination, request, request or court order;
With business partners, such as companies that assist us in the analysis of resumes, recruitment and selection of people, requiring these partners to take the necessary technical measures to protect the information, according to item (Partner Services) of this notice;
With other companies in our economic group.

12. HOW WE USE COOKIES

12.1. Cookies are small text files placed on your devices, which once used on our website and environments, allow the collection of some information, including your data to meet the purposes of this Notice, recognize, track and store your interactions and preferences while browsing the internet.

12.2. The use of Cookies is common on any digital platform, so cookies are collected by us to improve your experience, both in terms of performance and usability, since the content available will be directed to your needs.

13. HOW THEY ARE STORED

13.1. Cookies allow the Platform to memorize information when you access them, the preferred language, the location and recurrence of sessions, and other variables that we consider relevant to make this experience much more efficient

13.2. Cookies may also be used to compile anonymous and aggregated statistics that allow us to understand how you use the Platform, as well as to improve its structures and content. We cannot identify you personally through this data.

13.3. Cookies perform a number of different jobs, such as allowing you to navigate between pages efficiently, remembering your preferences, and generally enhancing the user experience. They can also help ensure that the advertisements you see online are more relevant to you and your interests.

14. CATEGORIES OF COOKIES WE USE

14.1. There are the following categories of Cookies that may be used on the Platform:

14.1.1. Strictly necessary Cookies: These are Cookies that are necessary for the correct functioning of the Services, since they allow you to browse our environments and use the services subject to this Privacy Notice.

14.1.2. Session Cookies: These are temporary cookies that will remain on your device until you finish browsing;

14.1.3. Persistent Cookies: These are Cookies that remain on your device until it is deleted (the time that the Cookie will remain on your device depends on the duration of the “lifetime” of the specific Cookie and the settings of the browser used).

15. TYPES OF COOKIES USED

15.1. Performance Cookies: We collect cookies on our websites and/or Services to capture information about page visits (e.g., “performance cookies”). This information is anonymous and we only use it internally to provide the most effective content to our visitors. Cookie information is used to gauge page popularity, analyze traffic patterns on our Sites and/or Services, and guide the development of other improvements to our Sites and/or Services;

15.2. Targeting , performance and functionality cookies: In our email programs, we employ a number of tracking methods (e.g., “targeting, performance and functionality cookies”). We track access through a tracking pixel in the email – which means we track who opens our email messages and when you open our email messages; and we track “clicks” through encoded URLs – which means we track whether you click on the links contained in our email messages. This information is used internally only to help us deliver relevant messages and is not shared with third parties;

15.3. We use the following cookies during your browsing:

Cookie	Validity	Purpose
__hssc	30 minutes	HubSpot Track and store information about a user's interaction with the Checklist Fácil website. It is intended to provide a personalized experience to website visitors
__hssrc	1 year
__hstc	6 months
hubspotutk	6 months
messagesUtk	6 months
_clck	1 year	Microsoft Clarity Track and store information about a user's interaction with the Checklist Fácil website. It is intended to provide a personalized experience to website visitors
_clsk	1 year
_fbp	3 months
_ga	1 year and 1 month	Google Analytics collect information about how visitors interact with our website. It is used to track and report data about website traffic, such as the number of visitors, pages visited, and traffic source
_ga_68FP3MXMJL	1 year and 1 month
_gat_UA-60146407-2	1 minute
_gid	1 day
_ga_CBTMK6NJSF	1 year and 1 month
_ga_LSZR85T3J2	1 year and 1 month
pbid	6 months
_gcl_au	3 months	Google Adsense Improve advertising.
_uetsid	1 day	Bing Ads collect information about how visitors interact with our website. It is used to track and report data about website traffic, such as the number of visitors, pages visited, and traffic source
_uetvid	1 year and 1 month
pys_first_visit	7 days	PixelYourSite
pys_landing_page	7 days
pys_session_limit	1 hour
pys_start_session	1 year
last_pys_landing_page	7 days
last_pysTrafficSource	7 days
__utmzz	6 months	WP Engine
__utmzzses	1 year	WP Engine
PHPSESSID	1 year	PHP
_hjAbsoluteSessionInProgress	30 minutes	Hotjar track the behavior of users on the Checklist Fácil site to provide analytics and insights into how visitors interact with our site
_hjFirstSeen	30 minutes
_hjIncludedInSessionSam-ple_2242825	1 minute
_hjSession_2242825	30 minutes
_hjSessionUser_2242825	1 year
AdoptVisitorId	2 months	Adopt transparently informs website users what data is collected and manages all up-to-date consents as required under the LGPD
AMP_TOKEN	30 seconds	Google AMP Optimizes online browsing on mobile devices.
Path	1 year	WordPress Assists an internal plugin of the site in defining the language to be displayed.

16. CONTROLLING AND DELETING COOKIES

16.1. You can change the settings to block the use of Cookies or to alert you when a Cookie is being sent to your device. Please refer to your browser’s instructions. If you use different devices to access the Platform (e.g., computer, smartphone, tablet, etc.) you must ensure that each browser on each device is adjusted to meet your preferences regarding Cookies.

16.2. Disabling the Cookies used may impact the experience on the Platform, for example, you may not be able to visit certain areas of a page from us or you may not receive personalized information when you visit a page.

16.3. In order for you to be able to manage your preferences regarding Cookies in a simple and intuitive way from your browser, you can use one of the links below:

17. PRECAUTIONS YOU SHOULD TAKE TO PROTECT YOUR PERSONAL DATA

17.1. Password care

17.1.1. You are also responsible for the confidentiality of your Personal Data and should always be aware that sharing passwords and access data violates this notice and may compromise the security of your Data.

17.2. Precautions you should take

17.2.1. It is very important that you protect your Data from unauthorized access to your computer, account, or password, and make sure that you always click “sign out” when you end your browsing on a shared computer. It is also very important for you to know that we will never send you electronic messages requesting confirmation of data or attachments that may be executed (extensions: .exe, .com, among others) or even links to eventual downloads.

18. HOW WE KEEP YOUR PERSONAL DATA SECURE

18.1. We adopt strict security controls to protect your data, following the best market practices and technical and regulatory standards. Our measures include physical and logical protection of assets, encrypted communications, access management, secure software development, and internal compliance policies and programs that ensure security throughout the lifecycle of our services. These controls are constantly reviewed to address new threats on the Internet. Although it is not possible to guarantee thetotal inviolability of our services, we have teams prepared to detect and respond promptly to any event or incident that compromises the security of your data or our services.

18.2. Internally, the Personal Data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to the business objectives, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Notice.

19. EXTERNAL LINKS

19.1. When you use the Platform, you may be led, via link to other portals or environments, which may collect your information and have their own Data Processing Policy.

19.2. It will be up to you to read the Privacy and Data Processing Policies of such portals or environments outside our Platform, and it is your responsibility to accept or reject it. We are not responsible for the Privacy and Data Processing Policies of third p arties or for the content of any websites, content or services linked to environments other than those of the Platform.

20. PARTNE R SERVICES

20.1. We have business partners who may occasionally offer services through features or websites that can be accessed from Our Environments. The Data provided by you to these partners will be the responsibility of these partners and is therefore subject to their own data collection and use practices.

21. PROCE SS ING BY THIRD PARTIES UNDER OUR GUIDE LINES

21.1. If third-party companies carry out the Processing of any Personal Data under our guidelines, they will comply with the conditions stipulated herein and the information security standards, mandatorily.

21.2. To optimize and improve communication, when we send you an email, it may receive a notification when they are opened, as long as this possibility is available. It is important for you to be aware that emails are only sent by the domains: @checklist.com.br, @checklistfacil.com.

22. HOW YOUR PERSONAL DATA AND ACTIVITY LOG ARE STORED

22.1. The Personal Data collected and activity logs are stored in a secure and controlled environment for a minimum period of time as follows the table below:

STORAGE PERIOD	LEGAL BASIS
As long as the relationship lasts and there is no request for erasure or revocation of consent	Art. 9, item II, of the General Data Protection Law Personal
6 months for Digital Identification Data	Art. 15 of the Marco Civil da Internet

22.2. Longer storage periods: For auditing, security, fraud control, compliance with legal, judicial or administrative obligations and preservation of rights, we may keep the registration history of your Data for a longer period in the cases that the law or regulatory standard so establishes or for the preservation of rights.

22.3. Data Transfer: The Data collected may be stored on servers located in Brazil or in another country where we use storage services, and we undertake to adopt the necessary measures to ensure the protection of this data.

22.4. The Data may be stored in a resource or server environment in the cloud (cloud computing), which may require a transfer and/or processing of this Data outside Brazil.

23. WHAT YOUR RIGHTS ARE AND HOW TO EXERCISE THEM

23.1. We follow the guidelines established by the LGPD, and are committed to ensuring that you can exercise your rights in relation to your data through the Privacy Portal, which are:

Receive clear and complete information about the processing of your data, including data sharing situations.
Request access to your data and/or confirmation of the existence of data processing.
Request the correction of inaccurate, incomplete, or outdated data.
Request the anonymization, blocking or deletion of data that is unnecessary, excessive or processed in violation of the law, in specific circumstances.
Request the deletion of the data processed with your prior consent.
Request information about the public and private entities with which we share your data.
Request information about the possibility of not providing consent and the consequences of refusal.
Oppose the processing of data carried out based on one of the hypotheses of waiver of consent provided for by law.
Revoke consent at any time, when the data is processed on the basis of this authorization.
Request review of automated decisions that may affect your interests.

23.2. If you withdraw your consent for purposes that are fundamental to the regular functioning of the Platform, the Platform’s functionalities may be unavailable to you.

23.3. At the end of the maintenance period and the legal need, the Personal Data will be deleted using secure disposal methods, or used in an anonymized form for statistical purposes.

23.4. For security purposes, additional identity validations may be carried out to comply with your rights, such as confirming information and presenting documents required for this purpose.

24. CHANGE OF CONTE NT AND UPDATE

24.1. This Notice is subject to constant improvement and improvement, reserving the right to modify it at any time, according to the purpose or need, such as for adequacy and legal compliance with a provision of law or rule that has equivalent legal force, and it is up to you to verify it whenever you access the Platform. If updates occur to this document and that eventually require a new collection of consent, you will be notified through the contact channels you inform.

25. ANONY MIZED DATA

25.1. In addition to following the guidelines in this Privacy Notice, we also collect and process your data in an anonymized form, which means that there is no personal identification associated. It is important to note that, according to the LGPD, anonymized data, as it cannot identify the holder, is outside the scope of application of this law.

26. HOW TO CONTACT US

26.1. If you have any questions about this Notice, please contact us by e-mail: protecaodedados@softplan.com.br, to make requests about the processing of your personal data, please contact us through the Privacy Portal.

27. SOFTPLAN DATA PROTECTION OFFICERS

27.1. Softplan’s Personal Data Protection Officer is: Luiz Augusto Guimarães Espinola. Privacy Notice Last Modified Date: 01/07/2024