Privacy Policy

At BW Cosmetic, privacy and security are priorities and we are committed to transparency in the processing of personal data of our users/customers. Therefore, this Privacy Policy establishes how the collection, use and transfer of information from customers or other people who access or use our website is carried out.

When using our services, you understand that we will collect and use your personal information in the ways described in this Policy, under the rules of the Federal Constitution of 1988 (art. 5, LXXIX; and art. 22, XXX – included by EC 115/2022) , of Data Protection standards (LGPD, Federal Law 13,709/2018), the consumerist provisions of Federal Law 8078/1990 and other applicable standards of the Brazilian legal system.

In this way, the (business name) , hereinafter referred to simply as “(simplified business name)”, registered with the CNPJ/MF under no. (CNPJ number) , in the role of Data Controller, is obliged to comply with the provisions of this Privacy Policy.

1. What data do we collect about you and for what purpose?

Our website collects and uses some of your personal data in order to enable the provision of services and improve the user experience.

1.1. Personal data provided by the holder

  • Data and purpose
  • Data and purpose
  • Data and purpose
  • Data and purpose

1.2. Personal data collected automatically

  • Data and purpose
  • Data and purpose
  • Data and purpose
  • Data and purpose

2. How do we collect your data?

In this sense, the collection of your personal data occurs as follows:

  • How to collect
  • How to collect
  • How to collect
  • How to collect

2.1. Consent

It is based on your consent that we process your personal data. Consent is the free, informed and unequivocal expression by which you authorize the (simplified business name) to process your data.

Therefore, in accordance with the General Data Protection Law, your data will only be collected, processed and stored with prior and express consent.

Your consent will be obtained specifically for each purpose described above, demonstrating the Company's commitment to transparency and good faith. (simplified business name) towards its users/clients, following the relevant legislative regulations.

When using the services of (simplified business name) and provide your personal data, you are aware of and consent to the provisions of this Privacy Policy, in addition to knowing your rights and how to exercise them.

At any time and at no cost, you may revoke your consent.

It is important to highlight that revoking consent for data processing may result in the impossibility of adequate performance of some functionality of the website that depends on the operation. Such consequences will be informed in advance.

3. What are your rights?

A (simplified business name) assures its users/clients their rights as holders provided for in article 18 of the General Data Protection Law. This way, you can, free of charge and at any time:

  • Confirm the existence of data processing , in a simplified manner or in a clear and complete format.
  • Access your data , being able to request it in a legible copy in printed form or electronically, secure and suitable.
  • Correct your data when requesting it to be edited, corrected or updated.
  • Limit your data when unnecessary, excessive or treated in non-compliance with legislation through anonymization, blocking or deletion.
  • Request the portability of your data , through a registration data report that the (simplified business name) deals with you.
  • Delete your data processed based on your consent, except in cases provided for by law.
  • Revoke your consent , deauthorizing the processing of your data.
  • Inform yourself about the possibility of not providing your consent and about the consequences of denial.

4. How can you exercise your rights as a holder?

To exercise your rights as a holder, you must contact the (simplified business name) through the following available means:

  • Contact method
  • Contact method

In order to guarantee your correct identification as the holder of the personal data subject to the request, we may request documents or other evidence that can prove your identity. In this case, you will be informed in advance.

5. How and for how long will your data be stored?

Your personal data collected by (simplified business name) will be used and stored for as long as necessary to provide the service or for the purposes listed in this Privacy Policy to be achieved, considering the rights of data subjects and controllers.

In general, your data will be kept as long as the contractual relationship between you and the (simplified business name) endure. Once the personal data has been stored for a period of time, it will be deleted from our databases or anonymized, except in the cases legally provided for in article 16 of the general data protection law, namely:

I – compliance with legal or regulatory obligations by the controller;

II – study by a research body, guaranteeing, whenever possible, the anonymization of personal data;

III – transfer to a third party, provided that the data processing requirements set out in this Law are respected; or

IV – exclusive use by the controller, access by third parties is prohibited, and provided that the data is anonymized.

That is, personal information about you that is essential for complying with legal, judicial and administrative orders and/or for exercising the right to defense in judicial and administrative proceedings will be maintained, despite the deletion of other data.

The storage of data collected by (simplified business name) reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions capable of guaranteeing the confidentiality, integrity and inviolability of your data. In addition, we also have security measures appropriate to the risks and control access to stored information.

6. What do we do to keep your data safe?

To keep your personal information safe, we use physical, electronic and managerial tools aimed at protecting your privacy.

We apply these tools taking into account the nature of the personal data collected, the context and purpose of the processing and the risks that possible violations would generate for the rights and freedoms of the holder of the data collected and processed.

Among the measures we adopted, we highlight the following:

  • Only authorized people have access to your personal data
  • Access to your personal data is only made after a commitment to confidentiality
  • Your personal data is stored in a safe and suitable environment.

A (simplified business name) is committed to adopting the best postures to avoid security incidents. However, it is necessary to highlight that no virtual page is entirely safe and risk-free. It is possible that, despite all our security protocols, problems that are solely the fault of third parties may occur, such as cyber attacks from hackers , or also as a result of the negligence or recklessness of the user/client themselves.

In the event of security incidents that may create significant risk or damage for you or any of our users/clients, we will communicate to those affected and the National Data Protection Authority about what occurred, in accordance with the provisions of the General Data Protection Law. Data.

7. Who can your data be shared with?

In order to preserve your privacy, the (simplified business name) will not share your personal data with any unauthorized third party.

Your data may be shared with our commercial partners: (full or business name of the commercial partner), registered with the CPF/CNPJ under number (CPF or CNPJ number of the commercial partner).

They receive your data only to the extent necessary to provide the contracted services and our contracts are guided by the data protection standards of the Brazilian legal system.

However, our partners have their own Privacy Policies, which may differ from this one. We recommend reading these documents, which you can access here:

Our partner's Privacy Policy: (link to business partner's privacy policy).

Furthermore, there are also other hypotheses in which your data may be shared, which are:

I – Legal determination, request, requisition or court order, with competent judicial, administrative or governmental authorities.

II – Case of corporate transactions, such as merger, acquisition and incorporation, automatically

III – Protection of the rights of (simplified business name) in any type of conflict, including those of a judicial nature.

7.1. International data transfer

Some of the third parties with whom we share your data may be located in or have facilities located in foreign countries. Under these conditions, in any case, your personal data will be subject to the General Data Protection Law and other Brazilian data protection legislation.

In this sense, the (simplified business name) is committed to always adopting efficient cybersecurity and data protection standards, in the best efforts to guarantee and comply with legislative requirements.

By agreeing to this Privacy Policy, you agree to this sharing, which will take place in accordance with the purposes described in this instrument.

8. Cookies or browsing data

A (simplified business name) makes use of Cookies, which are text files sent by the platform to your computer and stored there, containing information related to website navigation. In short, Cookies are used to improve the user experience.

By accessing our website and consenting to the use of Cookies, you acknowledge and accept the use of a navigation data collection system with the use of Cookies on your device.

(simplified business name) uses the following Cookies: (description of the types of Cookies used by the website).

You can, at any time and at no cost, change permissions, block or refuse Cookies. However, revoking consent for certain Cookies may prevent the correct functioning of some features of the platform.

To manage your browser's cookies, simply do so directly in your browser settings, in the Cookies management area. You can access tutorials on the topic directly through the links below:

If you use the Internet Explorer .

If you use the Firefox .

If you use the Safari .

If you use the Google Chrome .

If you use the Microsoft Edge .

If you use the Opera .

You can find more information about the Cookies we use and how they work in our Cookies Policy, available at this link (link to Cookies Policy) .

9. Changes to this Privacy Policy

The current version of the Privacy Policy was formulated and last updated on: (date of last update of the Privacy Policy) .

We reserve the right to modify this Privacy Policy at any time, mainly to adapt to any changes made to our website or in legislation. We recommend that you review it frequently.

Any changes will come into effect as soon as they are published on our website and we will always notify you of the changes that have occurred.

By using our services and providing your personal data after such modifications, you consent to them.

10. Responsibility

A (simplified business name) provides for the responsibility of agents who act in data processing processes, in accordance with articles 42 to 45 of the General Data Protection Law.

We are committed to keeping this Privacy Policy updated, observing its provisions and ensuring compliance.

Furthermore, we are also committed to seeking technical and organizational conditions that are safely capable of protecting the entire data processing process.

If the National Data Protection Authority requires the adoption of measures in relation to the data processing carried out by the (simplified business name), we commit to following them.

10.1 Disclaimer

As mentioned in Topic 6, although we adopt high security standards in order to avoid incidents, no virtual page is entirely risk-free. In this sense, the (simplified business name) is not responsible for:

I – Any consequences arising from the negligence, recklessness or incompetence of users in relation to their individual data. We guarantee and are only responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument.

We emphasize that the user is responsible for the confidentiality of access data.

II – Malicious actions by third parties, such as hacking attacks hackers , unless proven culpable or deliberate conduct by the (simplified business name).

We emphasize that in the event of security incidents that may create significant risk or damage for you or any of our users/clients, we will inform those affected and the National Data Protection Authority about what happened and take the necessary measures.

III – Inaccuracy of the information entered by the user/client in the records necessary for the use of the company’s services (simplified business name) ; Any consequences arising from false information or information entered in bad faith are the sole responsibility of the user/client.

11. Data Protection Officer

A (simplified business name) provides the following means for you to contact us to exercise your rights as a holder: (contact methods) .

If you have questions about this Privacy Policy or the personal data we process, you can contact our Personal Data Protection Officer through the following channels: