Privacy Policy
We at HARMO DESENVOLVIMENTO DE SOFTWARE LTDA (“Harmo” or “we”), with CNPJ/ME no. 37.779.053/0001-62 and registered office at Av. Mauro Ramos, 1970 – Room 308 – Centro, Florianópolis – SC, 88020-304, in the city of Florianópolis, state of Santa Catarina, are a management and control platform for feedback between companies and consumers (“Harmo Platform” or “Platform”) for our customers (“Customers”), and we are committed to safeguarding your privacy and protecting your personal data. The purpose of this document is to clarify Harmo’s practices in handling data collected from users of our website and our customers’ applications.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
This Privacy Policy does not cover third-party websites and applications, and we are not responsible for their privacy policies and practices. It is important that you always review the policies of each third-party application to learn more about how these companies handle your data.
Why does Harmo collect my personal data?
Harmo is a company that processes data to operate a feedback platform between companies and consumers. We are very serious about complying with laws that protect your privacy, and this policy describes how your information and personal data are collected, used, shared, and stored through our website, applications, and related services. This document is an integral part of our Terms of Use , which contain an overview of our platform.
Your acceptance of our Policy will be deemed effective when you agree to the use of your Personal Data for each of the purposes described herein. This indicates that you are aware of and fully agree with how we will use your information and Data. If you do not agree with this Policy, please do not use our services and inform us of your reasons so we can improve.
1. Basic Concepts: What do I need to know to understand this policy?
To simplify your reading, we present some useful definitions for your interpretation:
- “Legal Basis ” refers to the legal grounds that authorize Harmo to Process Personal Data. Any and all Processing of Personal Data is only considered legitimate if it is based on a legal basis.
- “Personal Data ” is any data relating to an identified or identifiable individual, including identification numbers, location data, electronic identifiers, or any Data that, when combined with other information, is capable of identifying someone, making them identifiable or individualizing them.
- “Processing ” means the uses that Harmo makes of Personal Data, including, for example, the following activities: collection, recording, storage, organization, consultation, use, disclosure, sharing, transmission, classification, reproduction, processing and evaluation.
- “you ” or “ Data Subject ” is the person to whom the Personal Data relates.
2. What types of data does Harmo collect?
The amount and type of information collected by Harmo varies depending on the relationship our clients or we have with you. You may be a visitor to our website interested in purchasing our services; you may also be an existing client using our services; or you may be a user of a website or application that uses our technology.
Below, we explain what data we collect in each situation, for what purpose we use it and the respective Legal Basis.
SITE VISITORS:
If you only access our website, we may collect data from your browsing and also registration data, as follows:
Origin
Site navigation.
Types of Data Collected
Navigation data : data collected through cookies or device IDs , including IP, date and time of access, geographic location, referral source, browser type, duration of visit and pages visited.
Data about the access device : model, manufacturer, operating system, operator, browser, connection type and speed.
Purpose
Website functionality: enable essential features such as antivirus software, desktop/mobile responsiveness, and other functions.
Legal basis: legitimate interest and legal obligation.
Analytics: Understand your browsing behavior and how the website is being used to improve your user experience. The data collected is aggregated, and we use pseudonymization and anonymization techniques whenever possible to ensure the security of Personal Data in situations of analysis and use of data in which Data Subjects do not need to be individually identified.
Legal basis : consent.
Marketing: targeting of content and advertising, ours and our partners', according to your profile and preferences.
Legal basis : Consent and legitimate interest.
Commercial Prospecting: contacting you and offering our products and services.
Legal basis : Consent.
CUSTOMERS:
If you use any of our services and/or products, we may collect information from you and the Data Subjects that you submit to the Platform.
Origin
Use of the platform.
Types of Data Collected
Navigation data : data collected through cookies or device IDs , including IP, date and time of access, geographic location, referral source, browser type, duration of visit and pages visited.
Data about the access device : model, manufacturer, operating system, operator, browser, connection type and speed.
Purpose
Website functionality: enable essential features such as antivirus software, desktop/mobile responsiveness, and other functions.
Legal basis : Legitimate Interest, Regular Exercise of Rights (provided for in the contract) and Fraud Prevention.
Analytics: Understand your browsing behavior and how the Platform is being used to improve your customer experience and prevent fraud. The data collected is aggregated and, whenever possible, anonymized..
Legal basis : Legitimate Interest and Fraud Prevention.
Registration form.
Registration data : name, email, telephone number, address, CPF number, store, salesperson and other information that the company wishes to import from its CRM or ERP.
Provision of Services: fulfill our obligations in contracts with our customers, as well as prevent fraud.
Legal basis: Legitimate Interest, Regular Exercise of Rights (provided for in contract), Credit Protection and Fraud Prevention
Relationship Contact : We may send you updates and content about our products and services whenever they are relevant to you.
Legal basis: Legitimate Interest, Regular Exercise of Rights (provided for in contract), Credit Protection and Fraud Prevention
USERS OF PLATFORM CLIENTS' WEBSITES AND APPLICATIONS:
If you are using a website or application owned by our Clients, our Clients may use our Platform for a variety of purposes, depending on how they configure the Platform. Depending on how Clients configure the Platform, we may collect data from your browsing activity through feedback collection technology we implement in our Clients' applications. Please note that, in these situations, Harmo is the operator and always acts on behalf of our Client, who is the controller, and our Clients also need a valid legal basis to authorize Harmo to process their data.
Origin
Browsing the website or app.
Types of Data Collected
Navigation data : data collected through cookies or device IDs , including IP, date and time of access, geographic location, referral source, browser type, duration of visit and pages visited.
Data about the access device : model, manufacturer, operating system, operator, browser, connection type and speed.
Data on participation in advertising campaigns : type of advertising visited and information about your interaction with the campaign.
Purpose
Website functionality: enable essential features such as antivirus software, desktop/mobile responsiveness, and other functions.
Legal basis : Legitimate Interest.
Analytics: Understand your browsing behavior and how the Platform is being used to improve your customer experience and prevent fraud. The data collected is aggregated and, whenever possible, anonymized.
Legal basis : Legitimate Interest and Fraud Prevention
Marketing: our Clients can, to finance their own websites and applications, use the Platform to help target content and advertising, according to their profile and preferences.
Legal basis: Legitimate Interest and Consent
Important : It is the Customer's sole responsibility, in this case, to ensure the legal basis.
Registration form.
Registration data : name, email, telephone number, address, CPF number, store, salesperson and other information that the company wishes to import from its CRM or ERP.
Provision of Services: fulfill our obligations in contracts with our customers, as well as prevent fraud.
Legal basis: Legitimate Interest, Regular Exercise of Rights (provided for in contract), Credit Protection and Fraud Prevention
Relationship Contact : We may send you updates and content about our products and services whenever they are relevant to you.
Legal basis: Legitimate Interest, Regular Exercise of Rights (provided for in contract), Credit Protection and Fraud Prevention
3. Who does Harmo share your data with?
Harmo, like any company, works in partnership with a number of other companies to offer its services. Therefore, we may share your Personal Data with these companies to protect your privacy as much as possible and, whenever possible, anonymously. Here, we describe in which situations we will share Personal Data and for what purposes.
Below, we explain what data we collect in each situation, for what purpose we use it and the respective Legal Basis.
Enterprise
Our suppliers.
Shared data types
Browsing data, data about the access device, data about login and password, data about participation in advertising campaigns, registration data, non-personal data.
Explanation
We have a number of vendors we contract to operate our services, and some of them may process personal data we collect. For example, we contract with Amazon Web Services for data hosting, Auth0 for our login management system, Zenvia for SMS sending, and Zendesk for potential integration of customer accounts with our platform.
Our analytics and social media tools.
Browsing data, data about the access device.
On our website and platform, we also use software tools to understand your browsing behavior and how the platform is being used. We also have tools that allow you to connect with our social networks, such as Facebook, YouTube, Twitter, Instagram, and LinkedIn.
Public authorities.
Browsing data, data about the access device, data on participation in advertising campaigns, registration data, non-personal data.
We must comply with the law: if a judge or other authority with legal jurisdiction requires us to share certain data for, for example, an investigation, we will share it. We oppose any abuse of authority, and if Harmo believes a particular order is abusive, we will always defend the privacy of Data Subjects.
Co-marketing partners.
Registration data (name, email, company, position, department, telephone, company website, company segment).
We have the following agreement with our partners: they promote the marketing campaign (which could be a webinar, e-book, online event, or any other digital content of this type) through their channels (email, social media, website, blog, contact list, etc.), and in exchange, we share the data (listed in the left column) of registrants interested in participating in the event or accessing the digital content. This data is shared only once (at the end of the campaign), through a spreadsheet emailed to each partner.
4. Can my data be transferred to other countries?
Yes. Although Harmo is headquartered in Brazil and the Data we collect is governed by Brazilian law, Harmo collects and transfers Personal Data collected in Brazil to servers located in the United States. This transfer occurs to store Personal Data and other information necessary for the operation of the Platform. These transfers only involve companies that have demonstrated compliance or are in compliance with applicable laws, and which can be identified in this list: Amazon Web Services and Oracle.
5. What are the rights of data subjects?
Your personal data is yours, and Brazilian law grants you a number of rights related to that data. We are committed to upholding these rights, and in this section, we'll explain how you can exercise these rights with Harmo.
- How do I know if Harmo has data about me, and how can I access that data?
Harmo allows you to confirm whether we hold data about you and access that data by emailing seguranca@harmo.me (as a security measure, we may request other data to verify your identity and prevent fraud).
- Can I correct the data Harmo has about me?
Yes! You can request the correction by email at seguranca@harmo.me .
- Can I delete my data, in whole or in part?
Yes! Simply request deletion by emailing seguranca@harmo.me . Two important things to note: (i) we may occasionally conduct checks to verify your true identity to ensure there's no fraud, and (ii) some data cannot be deleted due to legal obligations.
- Can I restrict Harmo's data processing?
Of course! There are a few ways to do this.
- On any website, via a browser. If you're using a browser (Chrome, Explorer, Safari, Firefox), these programs have tools to refuse and disable the collection of some browsing data, including the ability to browse anonymously. We will always respect your right. Important: If you do this, some areas of our website may not function properly.
- On other websites or apps. Unfortunately, we can't guarantee that other websites and apps not managed by Harmo will respect your privacy. It's always important to review the policies of each third-party app to learn more about how they handle your data.
- If Harmo is using my data for a purpose I don't agree with, can I object?
Yes! In our day-to-day activities, we may often use legal bases that do not require your consent, such as legitimate interest. We always exercise this right responsibly and in your best interests, but if you believe that a purpose impacts your rights, send an email to seguranca@harmo.me and we will stop using your data for that purpose. Please note that, in some cases, we may demonstrate legitimate grounds to continue processing your data (for example, to prevent fraud), but we will always justify this to you to the best of our ability.
- I gave Harmo consent to process my data, but can I change my mind?
Yes! There are several ways to revoke your consent:
- In Harmo's communications. All of our marketing emails have an option in the footer to unsubscribe from our communications.
- On our customers' websites and apps. Unfortunately, we cannot guarantee that other websites and apps not managed by Harmo will respect your privacy. This Privacy Policy does not cover third-party websites and apps, and we are not responsible for their privacy policies and practices. It is important that you always access the policies of each third-party application to learn more about how these companies handle your data.
- If I want a copy of all my data, can I ask Harmo?
Yes! Just send an email to seguranca@harmo.me and we'll provide this information in a format that can be opened on any computer. As a security measure, we may request additional information to verify your identity and prevent fraud.
6. How long will Harmo retain the data?
Harmo has a data retention policy in line with applicable law. All data related to IP addresses and access times are retained for at least six months. Regarding other data and maximum time periods, personal data is stored only for as long as necessary to fulfill the purposes for which we collected it, including to comply with any legal, contractual, or reporting obligations or requests from competent authorities. Of course, you always have the right to request data deletion, as per item 5 above.
We understand this statement may seem vague, but let us explain further. Because this data can be used for profiling, Harmo and our customers may have legitimate purposes for continuing to use the data over time. Even so, we conduct a technical analysis to determine the appropriate retention period for each piece of personal data, considering the amount, nature, potential risk of harm from unauthorized use, and whether we can achieve such purposes through other means. This period typically lasts from 6 months to a maximum of 24 months after the term of your contract, except for data that may be used to exercise Harmo's rights.
Important: Unfortunately, we cannot guarantee that other websites and applications not managed by Harmo will respect your privacy. This Privacy Policy does not cover third-party websites and applications, and we are not responsible for their data retention policies and practices. It is important that you always consult the policies of each third-party application to learn more about how these companies handle your data.
7. What are our responsibilities and how does Harmo protect my data?
Our responsibility is to protect your personal data and use it only for the purposes described in this Policy. To ensure your privacy and the protection of your Personal Data, we adopt security practices appropriate for our market, using encryption techniques and other information security systems.
We strive to protect the privacy of your account, but unfortunately, we cannot guarantee its complete security. Unauthorized account access or use, hardware or software failure, and other factors may compromise the security of your Personal Data at any time. Please help us maintain a safe environment for everyone. In addition to adopting good security practices regarding your account and Data (such as not sharing your password with third parties), if you identify or become aware of anything that compromises the security of your Data, please contact us.
IT IS IMPORTANT TO EMPHASIZE THAT HARMO DOES NOT CONTROL THE PERSONAL DATA PROCESSED BY THIRD PARTIES USING ITS TECHNOLOGIES. THIS DATA BELONGS TO HARMO'S CUSTOMERS, WHO USE, DISCLOSE, AND PROTECT IT IN ACCORDANCE WITH THEIR RESPECTIVE PRIVACY POLICIES. THEY ARE ALSO RESPONSIBLE FOR OBTAINING DIRECT USER CONSENT OR OTHER APPROPRIATE LEGAL BASIS FOR COLLECTING, MANAGING, AND PROCESSING PERSONAL DATA.
8. How do I talk to Harmo?
If you believe that your Personal Information has been used in a manner incompatible with this Privacy Policy or your choices as a Data Subject, or if you have any other questions, comments, or suggestions related to this Policy, please contact us. We have a Data Protection available at the following contact addresses:
DPO (in charge) : Leonardo Rifeli
Correspondence address : Av. Mauro Ramos, 1970 – Room 308 – Center, Florianópolis – SC, 88020-304
Contact email : seguranca@harmo.me
9. Changes to the Privacy Policy
As we are always striving to improve our services, this Privacy Policy may be updated. Therefore, we recommend visiting this page periodically to stay informed of any changes. If any material changes are made that require new consent, we will publish the update and request new consent from you.
