Privacy policy
1. introduction
ALYMENTE BENEFICIOS E SIMILARES LTDA, a legal entity governed by private law, duly registered with the CNPJ/ME under No. 29.062.232/0001-56, with its head office in the city of São Paulo, state of São Paulo, at Rua Dr. Geraldo Campos Moreira, 375, Andar 1 Con 11, Cidade Monções, CEP 04571-936 ("Alymente Solution"). Geraldo Campos Moreira, nº 375, Andar 1 Conj 11, Cidade Monções, CEP 04571-938 ("Alymente"), through the Alymente Solution, enables its Clients to provide flexible benefits and awards to their employees (our "Users"), as agreed between Alymente and the Client.
Alymente values the privacy of its Users and/or those interested in the Alymente Solution. This Privacy Policy ("Policy") details the company's practices regarding the collection, use, sharing, retention periods and deletion of Users' Personal Data during and after their relationship with Alymente.
By using Alymente's services, the User agrees to the practices described in this Policy. We recommend reading our Cookies Policy for additional information on the use of cookies and similar technologies. In the event of differences between the policies, the more specific provisions shall prevail.
Observando o princípio da transparência, previsto na LGPD, os Usuários podem encontrar a FAQ Proteção de Dados, que também pode ser acessada através do App Alymente BR, no campo “mais opções<dúvidas e informações<parcerias e perguntas gerais”.
Users can obtain further information about the functionalities of the Alymente Solution and the services provided by Alymente through the Alymente User Terms of Service, also made available in the 'more options' field in the Alymente App of its publication at the respective link.
2. Definitions
2.1 Legal
"LGPD" is the General Personal Data Protection Law (Law no. 13.709/18).
"Personal data" means any information relating to a natural person, directly or indirectly, identified or identifiable.
"Sensitive Personal Data" is the special category of Personal Data relating to racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, relating to health or sex life, genetic or biometric data relating to a natural person.
"Data subject" means the natural person to whom the personal data refers.
"Processing" means any operation carried out with Personal Data, such as: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction, among others.
"Anonymization" is the process by which data loses the possibility of direct or indirect association with an individual, taking into account reasonable technical means available at the time of processing.
2.2 Contracts
"App Alymente" is the digital platform developed by Alymente that allows Users to enjoy their benefits and rewards. Available for mobile devices with Android or iOS operating systems (in compatible versions), the app offers various features to facilitate access to and management of benefits.
"Alymente Card" means the physical rechargeable card issued by SWAP MEIOS DE PAGAMENTO S.A. (Swap), which enables the User to use the credits for benefits and/or rewards attributed to them. Use of the card is strictly personal and non-transferable, and may be subject to the User setting a password for greater security.
"Alymente Solution" comprises the application (Alymente App) and/or the physical card (Alymente Card), both used to access and manage benefits.
"Swap" is the payment institution with which Alymente maintains a strategic partnership, being responsible for issuing and managing the Alymente Card, as well as opening and managing the payment account linked to the card.
"User" is the natural person registered on the Alymente platform, who enjoys the benefits offered by the company.
"Client" is the legal entity contracting Alymente's services, generally the User's employer.
3. Origin of Personal Data collection
Alymente collects and processes Users' Personal Data, which can be obtained either directly from the User themselves or indirectly through their Clients, business partners and other third parties involved in processing operations (financial institutions, third-party service platforms, establishments that accept the Alymente Card or the Alymente App, among others). The processing of this data is carried out in order to enable the provision of the services offered by Alymente and complies with the applicable legislation, in particular the General Personal Data Protection Act (LGPD).
Alymente undertakes to obtain the User's consent for the processing of their personal data, except in the cases provided for by law. Users have the right to access, correct, request deletion of and object to the processing of their personal data.
3.1 What Personal Data we process and legal bases
The LGPD includes two main figures as agents for processing personal data: the controller, who is responsible for defining how the processing of personal data will take place, and the operator, who will carry out the processing as defined by the controller.
Alymente, as controller, will process Users' personal data for the purposes of enabling the provision of Alymente Solution services, personalizing the User experience, conducting market research and complying with legal obligations. Processing will be carried out on the basis of the User's consent and the execution of the contract entered into with the Client.
*Obtaining geolocation during the provision of services may or may not be allowed by the user via the device on which the Alymente App is downloaded (by default, geolocation is disabled).
Once Alymente receives the personal data specified, an individualized profile is generated for each user. The information contained in this profile is used to provide and continuously improve the services offered by the company. The activities carried out by Alymente, in its capacity as controller, include, but are not limited to:
- Issuing and parameterizing the benefits and/or awards requested by the client;
- Assistance, management and execution of credit requests made by the Customer through the Alymente platform, debits and other uses requested by Users through the Alymente Solution;
- Management, processing and execution of refund requests, payment of slips, requests for discounts/advantages/vouchers from accredited partners in force, requests for cash withdrawals and bank transfers requested by the User or the purchase of products from third parties within the Alymente App;
- Connection between Users and accredited partners through system integration;
- Geolocation of users to suggest a list of partners;
- Carrying out statistics on the use of the Alymente Solution;
- Carrying out satisfaction, opinion and usability surveys with Users and Clients;
- Handling and resolving any challenges made by Users;
- Suspension or blocking of use of the Alymente App and/or the Alymente Card, in the event of theft, loss, suspected fraud or misuse;
- Managing relationships with external partners and passing on donations made by Users, at the sole discretion of the User;
- Sending communications, newsletters and service offers to Users and Clients;
- Charging for contracted services;
- Management of any disputes involving the User, the Client, the accredited partner or others;
- Installation of cookies and other trackings on the terminals of Users and the Company (Cookies Policy);
- Affiliation of establishments to accept the Alymente App and/or the Alymente Card;
- To comply with all legislation/regulations applicable to this contract.
The purpose of this list is to inform users of the categories of data that can be processed.
Alymente will process users' personal data in order to ensure the proper functioning and continuous improvement of the Alymente Solution. These activities include statistical analyses that do not allow individual identification. However, in the event of such identification, such as in the usability testing activity, Alymente will always ask the user for their prior consent, when not based on the execution of the contract or the legitimate interest of the User and Alymente.
More specifically, with regard to marketing activities, Alymente is guided by the following legal bases, depending on the activity it will carry out:
* Users can always opt out of this type of mailing, either by using the opt out option in the case of e-mails, or by contacting Alymente via the data protection channel.
Users who wish to have information on the processing operations carried out by Clients and/or accredited partners must request it directly from them.
4. Information about the shared use of data
Alymente may share users' personal data with various entities, such as government authorities, suppliers (third-party company that provides storage and hosting of applications, files and data), third-party service providers that process Personal Data on behalf of Alymente (such as accountants, auditors, consultancies, etc.), partners and companies (such as SaaS CRM solution providers, cloud storage providers, payment institutions, etc.), in order to comply with legal or contractual obligations or for business management purposes. Sharing will be limited to what is strictly necessary and recipients must process the data in accordance with the LGPD.
Alymente may also, from time to time, share certain bank details of its Users with its Clients (it being understood that the sharing in question occurs only between the User and the Client to which they are linked), under the terms of article 7, item X of the LGPD. In these cases, we recommend that you obtain more information from the Client (your employer in this case) about what data will be passed on.
5. International transfer
Personal Data will be processed on servers located outside Brazilian territory. This is particularly the case when we transfer information to some of our operators/sub-operators located in Europe and the United States.
In any case, Alymente will adopt the necessary safeguards so that Personal Data has the same level of protection as we do and, where necessary, we will use the international data transfer mechanism required by applicable data protection laws.
6. Responsibilities of the agents who will carry out the treatment
Alymente implements technical and administrative security measures to protect users' personal data from unauthorized access, loss, disclosure, copying, use, modification or destruction. Access to data is restricted to Alymente employees who need this information to carry out their duties and who have been duly trained in the importance of data protection.
All those who process your Personal Data based on Alymente's instructions are subject to a duty of confidentiality, and are obliged to prove compliance with the LGPD and other data protection laws.
Alymente does not treat sensitive Personal Data as a rule, but where this is the case, it will, where possible, be stored separately from other Personal Data, with even more restricted access.
Alymente protects its systems against unauthorized access through various levels of access permissions and password controls, defined by the Technology area. In the event of a breach of these systems, which Alymente considers to be highly relevant, real or suspected, we will notify the user, the National Data Protection Authority (ANDP) and any other applicable authority of the breach and the measures we have taken to resolve it.
Alymente adopts various security measures, including password access control and profiles, defined by the Technology area, to protect users' personal data from unauthorized access. In the event of a breach of these systems, which Alymente considers to be highly relevant, real or suspected, we will notify the user, the National Data Protection Authority (ANDP) and any other applicable authority of the breach and the measures we have taken to remedy it.
Although Alymente makes every effort to preserve the privacy and protect the data of Data Subjects, no transmission of information is completely secure, so Alymente cannot fully guarantee that all information it receives or sends will not be subject to unauthorized access perpetrated by means of methods designed to obtain information improperly. For this reason, we encourage Data Subjects to take appropriate measures to protect themselves, such as keeping their passwords confidential, given that such information is personal, non-transferable and the sole responsibility of Data Subjects.
7. Data retention period
In order to protect the privacy of Data Subjects, Personal Data processed by Alymente will be deleted when it is no longer useful for the purposes for which it was collected, or when the Data Subject requests its deletion, unless its retention is expressly authorized by applicable law or regulation, or within the limitation period defined by law for the filing of any judicial or administrative actions.
Not exhaustively, considering our main service-related activities:
- The personal data that allows us to identify you, your history of actions and transactions on the platform, will be stored for as long as you are our customer and for an additional period of 5 years after the end of the relationship, i.e. for as long as you have a balance with us. This practice is intended to meet legal obligations, such as issuing invoices and resolving possible disputes.
- Cookies and other commercial trackers may be deposited on the User's terminal for a maximum period of 13 months depending on the trackers.
- Information relating to the geolocation of Users is transitory, as it is processed at the time and then lost.
8. Your rights as a User
In compliance with current legislation, especially the General Personal Data Protection Act (LGPD), Alymente guarantees the data subject the following rights:
- Confirmation and access: The data subject has the right to confirm the existence of the processing of their personal data and to access related information, such as the origin, purposes and criteria used in the processing;
- Correction: The owner can request the correction of incomplete, inaccurate or outdated data.
- Anonymization, blocking or deletion: The right to be guaranteed the unlinking of Personal Data, to request the temporary suspension of any processing operation or to request the deletion of a piece or set of Personal Data when it is unnecessary, excessive or processed in breach of the LGPD;
- Portability: The data subject has the right to receive their personal data in a structured, commonly used and machine-readable format in order to transmit it to another controller;
- Deletion: Right to request the deletion of your Personal Data processed with your previous consent;
- Sharing: Right to receive information about the public and private entities with which your Personal Data is shared;
- Explanation: The right to obtain information about the possibility and consequences of not giving your consent to a certain processing operation of your Personal Data; and
- Withdrawal of consent: The right to withdraw your consent to the processing of your Personal Data by means of a free and easy procedure.
Personal Data Subjects have the right to object to the processing of their data when it is carried out in violation of the General Personal Data Protection Act (LGPD). Furthermore, the data subject has the right to obtain clear and complete information on the criteria and procedures used to make automated decisions that produce legal effects or significantly affect them, such as decisions that define their personal or professional profile,
To exercise your rights, please contact our Data Protection Officer (DPO) at dpo@alymente.com.br. To confirm your identity, we may ask you for some personal data.
9. Security
Alymente has implemented a comprehensive set of security measures to protect users' Personal Data and the confidentiality of the data we collect, in order to preserve data security and prevent data from being distorted, damaged or accessed by unauthorized third parties. These measures include, but are not limited to: restricted access control, data encryption, secure communication protocols (HTTPS), robust authentication mechanisms, continuous security monitoring and regular backups. These practices aim to guarantee the confidentiality, integrity and availability of data, preventing unauthorized access, unintentional modifications and loss of information.
In the event of a security incident, we will take all appropriate measures provided for in the applicable legislation.
10. DPO of Alymente
Our Data Protection Officer is Thiago Vilela and he is responsible for ensuring that your rights are met and for clarifying any doubts about the processing of your Personal Data. You can contact him at dpo@alymente.com.br.
11. Changes to this Privacy Policy
Alymente reserves the right to update this policy at any time. Changes will be communicated to users via the Alymente app, by email or by other means that the company deems appropriate. The current version of the policy will always be the one made available on the app.