Our website collects and uses some personal data from our users as provided in this section.

1. Personal data expressly provided by the user

We collect the following personal data expressly provided by you while using our website: Ex.:

Full name;
CPF (social security number);
Email address;
Telephone number;
Contact messages;
Date of birth.

These data collection occurs in the following moments: Ex.:

When the visitor uses the contact form;
When the visitor registers on the website;
When the visitor fills out different forms.

The data provided by our users are collected for the following purposes: Ex.:

For the visitor to acquire our products and services;
For the visitor to contact our Customer Service (SAC);
For use to send information, launches and promotions to our visitors;

2. Sensitive data

Sensitive data from our users will not be collected. Sensitive data are considered as those defined in arts. 11 and subsequent articles of the General Personal Data Protection Law. Thus, there will be no data collection related to racial or ethnic origin, religious belief, philosophical or political conviction, data referring to health or sexual life, genetic or biometric data, where linked to a natural person.

3. Cookies

Cookies are small text files automatically downloaded in your device when you access and browses a website. They basically serve to identify devices, activities, and preferences of users.
Cookies will not allow any file or information to be extracted from the user’s hard drive, and one can’t, through them, access personal information that is not from the user or the way the website resources are used.

a. The website cookies

The website cookies are those sent to the computer or device of the user and administrator, exclusively through the website.
The information collected with these cookies is used to improve and personalize the user’s experience, and some cookies can, for example, be used to remind the user’s preferences and choices, as well as to offer personalized content.

b. Cookies management

Users can object to the use of cookies by the website. They must only disable them when they start to use the service, following the instructions below:
As they enter the website, visitors will have the option of blocking or allowing the use of cookies. They must only select the corresponding option on the dialogue box (pop up) that is automatically loaded as our page is accessed.
While disabling cookies, it’s important to bear in mind that the user’s experience may be affected, since the information used to personalize the experience will no longer be used.

4. Collection of data not expressly provided

Other types of data not expressly provided in this Privacy Policy can be eventually collected, as long as they are provided with the user consent, or, also, the collection is allowed based on other legal grounds provided by law.
In any case, the data collection, and the activities involved in their processing will be informed to the website’s users.

We share some personal data mentioned in this section with third parties.

The data shared are the following:

Some browsing data are shared with Lef Pisos e Revestimentos S.A. commercial, tax and credit departments, Customer Service and HR

Such data are shared for the following reasons and purposes:

Sharing occurs for users that agree with it to receive personalized offers and information, consistent with their interests.

In addition to the situations herein informed, data can be shared with third parties for us to comply with some legal or regulatory determination, or, also to comply with some order issued by public authority.

In any case, the sharing of personal data will observe all applicable laws and rules, always seeking to ensure security to our users’ data, complying with technical standards used in the market.

Personal data collected by the website will be stored and used for the period considered necessary to reach the purposes listed in this document, considering their holders’ rights, the website controller’s rights and applicable legal or regulatory provisions.

Once personal data storage periods are expired, they will be removed from our data bases or anonymized, except for cases where there is the possibility or need to store due to legal or regulatory provision.

Each personal data processing operation needs to have legal ground, that is, a legal base, which is nothing more than a justification that authorizes it, as provided in the General Personal Data Protection Law.

All our activities involving personal data processing are grounded in legal base, among those allowed by the legislation. Further information on the legal bases we use for specific personal data processing operations can be obtained from our contact channels, as informed at the end of this Policy.

The website user has the following rights, as provided by the General Personal Data Protection Law:

• confirmation of the processing existence;
• access to the data;
• correction of incomplete, inexact, or outdated data;
• anonymization, blocking or elimination of unnecessary, excessive data, or processed without compliance with the law;
• portability of data to other service or product provider upon express requisition, according to the national authority regulations, observing commercial and industrial secrets;
• elimination of personal data processes with the holder consent, expect for cases provided by law;
• information from public and private entities with which the controller made shared use of data;
• information on the possibility of not consenting and the consequences of the denial;
• revocation of the consent.

It is worth highlighting that, under the LGPD terms, there is no right of elimination of data processed based on legal grounds other than the consent, unless the data are unnecessary, excessive, or processed without compliance with the law.

1. How can the holder exercise their rights

To ensure that the user that intends to use his rights is, in fact, the holder of the personal data object of the requisition, we can request documents or other information to assist in their correct identification, in order to protect our rights and the rights of third parties. This will only be made, however, in case it is absolutely necessary, and the claimant will receive the related information.

We use technical and organizational measures to protect personal data from non authorized accesses and situations involving destruction, loss, misplacement, or change in these data.

The measures we use take into consideration the nature of the data, the processing context and purpose, risks an eventual violation would generate for the user’s rights and liberties, and the standards currently adopted in the market by companies similar to ours.

Among the security measures adopted by us, the following are outstanding:

Storage of passwords using cryptographic hashes; Restrictions of access to data banks; Monitoring of physical access to servers; SSL Certification, among others.

Even while adopting all it can to avoid security incidents, some problem may occur, exclusively motivated by a third party – as in case of hackers or crackers attack, or, also, in cases where the user is exclusively responsible, which occurs, for example, when the user himself transfer his data to a third party. So, though, in general, we are responsible for the personal data we process, we are exempt from responsibility in case an exceptional situation like this occurs, over which we have no control.

In any case, if any type of security incident occurs that may endanger or cause relevant damage to any of our users, we shall inform those affected and the National Authority for Data Protection about the occurrence, as provided in the General Personal Data Protection Law.

Without prejudice to any other way of administrative or judicial remedy, the holders of personal data who feel, in any way, aggrieved, can present complaint to the National Authority for Data Protection.

The present version of this Privacy Policy was updated for the last time on 11/21/2023.

We reserve the right to change, at any time, the present norms, particularly to adapt them to eventual changes in our website, by making available new features, or suppression or change in the existing ones.

Whenever a change occurs, our users will be informed about the change.

In order to clarify any doubts concerning this Privacy Policy or the personal data we process, please contact our person in charge of Personal Data Protection, via some of the channels listed below:

Email: valdemir@lef.com.br
Postal address: Rod. Fausto Santomauro (SP 127) – KM25
Piracicaba – São Paulo