We appreciate the opportunity to interact with you on the Internet and are committed to protecting and safeguarding your privacy.
Last updated on December 6, 2024
Introducción
This privacy and data protection policy establishes the criteria by which Fazenda Amway Nutrilite do Brasil Ltda, hereinafter referred to as NUTRILITE / NUTRIBOTANICA – a trademark registered by the Corporation, which was created to differentiate intercompany sales from sales to other customers, will collect, access, process, store, use, protect, share and otherwise treat the personal data provided by all (users) and with other data subjects who share their personal data with Nutrilite.
Ensuring the privacy and security of the information of data subjects is extremely important to NUTRILITE / NUTRIBOTANICA, so this document provides each data subject with adequate transparency regarding their data.
Therefore, this document aims to objectively present the characteristics and hypotheses for processing the personal data of the respective data subjects. Nutrilite / Nutribotanica informs that this policy may be adjusted at any time, without prior notice. Therefore, it is important to check its terms regularly.
Scope
This policy applies to all data subjects who use our digital platforms, our services and all others who share their personal data (sensitive or not, digitally or otherwise) with NUTRILITE / NUTRIBOTANICA, including, but not limited to: employees (active and licensed), job applicants, interns, former employees, dependents, beneficiaries, consultants, temporary workers, service providers and contractors of our suppliers, business partners, communities, public agents, among others.
Purpose
Promoting the privacy and protection of data subjects is one of NUTRILITE / NUTRIBOTANICA’s main concerns. To protect this, we use, whenever possible, appropriate technical and organizational measures to protect your personal data against unauthorized or illegal processing and against accidental loss, destruction or damage thereof.
Applicable Legislation
This policy shall be interpreted in accordance with Brazilian legislation, especially, but not limited to, Law No. 13,709/2018 (General Personal Data Protection Law “LGPD”); Law No. 12,965/2014 (Internet Civil Rights Framework), without prejudice to compliance with other applicable legislation.
Security Measures
Although no organization can guarantee perfect security, NUTRILITE / NUTRIBOTANICA adopts appropriate administrative, technical and physical security measures to ensure that personal data is kept confidential and secure. Measures taken in operating environments: personal data is stored in operating environments that use technical and administrative security measures to prevent any type of unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination.
Controller
In the relationship established with you, Fazenda Amway Nutrilite do Brasil Ltda, headquartered at Sitio Jaburu – Zona Rural, Ubajara-CE, CEP 62.350-000, registered with the CNPJ under no. 02.308.405/0001-44 – hereinafter referred to as NUTRILITE and/or NUTRIBOTANICA – a trademark registered by the Corporation, which was created to differentiate intercompany sales from sales to other customers, is the controller of your personal data. For the purposes of applicable legislation, the controller is responsible for decisions regarding the processing of personal data.
The Data Protection Officer/DPO
The Data Protection Officer: The person responsible for representing the Company before the ANP and for monitoring and developing this Program, reporting to the Administrator of the Fazenda Amway Nutrilite do Brasil Ltda.
Employees/Interns/Service Providers
Responsibilities of Employees/Interns/Service Providers:
- They must perform their activities in compliance with applicable legislation, especially the LGPD, aiming at the protection of personal data. Below are some responsibilities:
- Adopt an engaged and proactive stance in the protection of personal data;
- Respect the privacy terms, terms of use, policies and other documents on privacy and data protection;
- Process personal data only for the purposes stated in the data inventory;
- Notify the Manager when identifying undue exposure of personal data or violation of regulations.
Committee
Function
The Company has a Privacy and Personal Data Protection Committee to ensure compliance with this Program, the LGPD and legal and regulatory requirements related to the privacy and protection of Personal Data.
Responsibilities
- Disseminate the privacy program in the organization;
- Promote the engagement of Managers;
- Support Business Area Managers and the DATA PROTECTION OFFICER in identifying privacy and data protection risks and recommending mitigation actions;
- Notify the DATA PROTECTION OFFICER of any changes in the purpose of processing personal data.
Key Contact
If you have any questions about the applicability of the LGPD, please consult the regulations on privacy and personal data protection that we have just mentioned. If that is not enough, send your question to the email dponutrilite@amway.com.
Glossary of technical terms of the LGPD
Processing agents
Controller and Operator.
Anonymization
Use of reasonable technical means available at the time of processing, through which data loses the possibility of direct or indirect association with an individual.
National Authority
Public administration body responsible for overseeing, implementing and monitoring compliance with this Law throughout the national territory.
Database
Structured set of personal data, established in one or more locations, in electronic or physical support.
Blocking
Temporary suspension of any processing operation, through storage of the personal data or database.
Consent
Free, informed and unequivocal manifestation by which the holder agrees to the processing of his/her personal data for a specific purpose. This is an essential basis for the LGP, with non-consent being the exception, as it is only possible to process data without the citizen’s authorization when this action is indispensable for compliance with legal situations, provided for in the LGPD and/or in previous legislation, such as the Access to Information Law (LAI).
Controller
A natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data;
Anonymized data: data related to a data subject that cannot be identified, considering the use of reasonable and available technical means at the time of its processing.
Personal data
Information related to an identified or identifiable natural person.
Personal data of children and adolescents
The Statute of Children and Adolescents (ECA) considers a child to be a person up to 12 years of age and an adolescent to be a person between 12 and 18 years of age. In particular, the LGPD determines that information on the processing of personal data of children and adolescents must be provided in a simple, clear and accessible manner, in order to provide the necessary information to parents or legal guardians and in a manner that is appropriate for the child’s understanding.
Sensitive personal data
Personal data on racial or ethnic origin, religious beliefs, political opinions, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.
Elimination
Deletion of data or a set of data stored in a database, regardless of the procedure used.
Responsible
Person appointed by the Controller and Operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD).
Guarantee of information security
Capacity of systems and organizations to ensure the availability, integrity, confidentiality and authenticity of information. The National Information Security Policy (PNSI) provides for the governance of information security for federal public administration bodies and entities within their scope of action.
Interoperability
Is the capacity of a system, whether computerized or not, to communicate transparently with another system, whether similar or not. The national authority may establish interoperability standards for the purposes of portability, free access to data and security, as well as the retention period of records, taking into account, in particular, the need for transparency.
Operator
Natural or legal person, under public or private law, that processes personal data on behalf of the controller.
Research body
Body or entity of the direct or indirect public administration or a non-profit legal entity under private law legally constituted under Brazilian law, with headquarters and jurisdiction in the country, which includes in its institutional mission or in its corporate or statutory purpose basic or applied research of a historical, scientific, technological or statistical nature.
Report on the impact on the protection of personal data
Documentation of the Controller that contains the description of the personal data processing processes that may generate risks to civil liberties and fundamental rights, as well as measures, safeguards and mechanisms to mitigate risk.
Holder
Natural person to whom the personal data that are subject to processing refer.
International data transfer
Transfer of personal data to a foreign country or international organization of which the country is a member.
Processing
Any operation performed with personal data; such as those related to: access, storage, archiving, evaluation, classification, collection, communication, control, dissemination, distribution, deletion, extraction, modification, processing, production, reception, reproduction, transfer, transmission and use.
Shared use of data
Communication, dissemination, international transfer, interconnection of personal data or shared processing of personal databases by public bodies and entities in compliance with their legal powers, or between these and private entities, reciprocally, with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities.
Breach of personal data
Is a security breach that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure of or unauthorized access to personal data transmitted, stored or subject to any other type of processing.
Manténgase informado con NutriBotanica
Suscríbase a nuestro boletín para recibir información actualizada sobre nuestros últimos productos, iniciativas de sostenibilidad y consejos para llevar un estilo de vida más sano y natural.
