Responsible party pursuant to data protection laws, in particular the EU General Data Protection Regulation (GDPR), is C SANTOS DE OLIVEIRA DESENVOLVIMENTO DE SOFTWARE (CALSOFT), a private law legal entity, registered with the CNPJ/MF under number 36.359.868/0001-20, headquartered at R MAJOR LARA RIBAS 72 - BELA VISTA, PALHOCA/SC 88.132-789, Brazil.
You have the following rights regarding your personal data:
If you have given us consent, you may withdraw it at any time, with effect for the future.
You can contact a supervisory authority with a complaint at any time, such as the supervisory authority of your state of residence or the authority overseeing us as the responsible party.
For a list of supervisory authorities, please visit: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
When you visit our website without registering or submitting any information, general data will be automatically collected (server log files), including the type of web browser, operating system, domain name of your internet service provider, IP address, and similar data.
This data processing is based on our legitimate interest in improving the stability and functionality of our website (Art. 6 Para. 1 (f) GDPR).
Technical service providers working on the operation and maintenance of our website may be recipients.
Data will be deleted once no longer necessary for the stated purposes, typically after the session ends.
We collect precise or approximate location data when the user is logged into the mobile app for Android and iOS. APREPARA/ISHPIA collects this data when the app is running in the foreground (open and on the screen) or in the background (open but off the screen) on the user's mobile device.
The use of approximate or precise location data is utilized for:
Background location tracking can be disabled by the account holder or scheduled for specific times. It is the account holder's responsibility to maintain and configure the background data collection.
Mobile app users can use the apps without enabling location data collection on their devices. However, this may impact certain features of the APREPARA/ISHPIA apps. For example, when location data collection is disabled, the manager will not be able to track the last location of the activity. Additionally, location data collected during usage is linked to the user's account, even if they have not enabled location data collection on their device, including for purposes such as generating receipts, customer support, fraud detection, insurance, and legal disputes.
Before disclosing personal information about another person, you must obtain their consent for the disclosure and processing of their personal information in accordance with this policy.
The location data is linked to the user account and may be used for purposes such as generating receipts, customer support, fraud detection, insurance, and legal disputes.
Users may choose to use our mobile apps without enabling location data collection, but this may limit certain app features, such as real-time tracking of the user's location by the manager.
The collection and use of location data is based on user consent (Art. 6 Para. 1 (a) GDPR). Users can withdraw their consent to location data collection at any time.
We use cookies to collect precise or approximate location data when the user is logged into the app. This location data is collected both in the foreground (when the app is open) and in the background (when the app is open but not on the screen).
Cookies are used to enhance user experience on our website.
We collect data such as IP address, browser type, and operating system.
In your browser settings, you can delete individual cookies or the entire set of cookies. You will also find information and instructions on how to delete these cookies or prevent them from being saved in advance. The following links provide the information you’ll need for the respective browser providers:
With the registration to use our personalised services, some personal data such as name, address, contact and communication information (e.g. phone number and e-mail address) are collected. If you are registered with us, you can access content and services that we only offer to registered users. Registered users also have the ability to change or delete the data entered during registration at any time. At any time, we will also provide you with information on the personal data about you that we have saved.
We will only use your data to send newsletters that you have subscribed to via email. We collect your name to address you personally in the newsletter.
Your express consent (Art. 6 (1) (a) GDPR) allows us to send you newsletters.
You can unsubscribe at any time by following the instructions in the newsletter or by contacting us directly.
We collect data you provide in the contact form to communicate with you effectively. A valid email address and your name are required for this communication. Additional information is optional.
The processing is based on a legitimate interest (Art. 6 Para. 1 (f) GDPR) or to fulfill pre-contractual measures (Art. 6 Para. 1 (b) GDPR).
We use Google Analytics to analyze website usage. Google Analytics uses cookies to collect data, which is typically sent to and stored on Google servers in the U.S. We use this data to evaluate website usage, generate activity reports, and provide other related services.
Data processing is based on user consent (Art. 6 Para. 1 (a) GDPR).
Google processes data in the U.S. under the EU-U.S. Data Privacy Framework (approved by the European Commission on 10 July 2023, pursuant to Art. 45 GDPR), which provides an adequate level of protection for personal data transferred from the EU to participating U.S. organizations.
We use Google Maps to provide interactive maps on our website. Your location data is shared with Google for this feature.
Your consent is the legal basis for integrating Google Maps and transferring data to Google (Art. 6 Para. 1 (a) GDPR).
Google processes data in the U.S. under the EU-U.S. Data Privacy Framework (approved by the European Commission on 10 July 2023, pursuant to Art. 45 GDPR).
We use several Firebase services provided by Google LLC for the operation of our mobile application:
Processing is based on our legitimate interest in providing a stable, functional mobile application (Art. 6 Para. 1 (f) GDPR), and on user consent for social authentication (Art. 6 Para. 1 (a) GDPR).
Firebase is operated by Google LLC and processes data in the U.S. under the EU-U.S. Data Privacy Framework (approved by the European Commission on 10 July 2023, pursuant to Art. 45 GDPR).
We use Google reCAPTCHA on the web panel to protect against automated abuse and bots. On Android devices, we use the Play Integrity API to verify the integrity of the mobile application and device.
Processing is based on our legitimate interest in security and fraud prevention (Art. 6 Para. 1 (f) GDPR).
These services are provided by Google LLC and data is processed in the U.S. under the EU-U.S. Data Privacy Framework (Art. 45 GDPR).
We use Mailgun (operated by Sinch) to deliver transactional emails, including notifications, billing reminders, and service communications.
Processing is based on the execution of the contract (Art. 6 Para. 1 (b) GDPR) and our legitimate interest in communicating with users about service-related matters (Art. 6 Para. 1 (f) GDPR).
Mailgun / Sinch processes data in the U.S. under Standard Contractual Clauses (SCCs) and in compliance with GDPR.
We use Atlassian Jira Service Management as our customer support platform. When you open a support ticket, you create a separate account on Atlassian's platform and interact with us through it. Your name, email address, and any information you include in support tickets are processed by Atlassian.
Processing is based on the execution of the contract (Art. 6 Para. 1 (b) GDPR) for support-related communications.
Atlassian Pty Ltd is headquartered in Australia and processes data in the U.S. and EU under Standard Contractual Clauses (SCCs) and in compliance with GDPR. Atlassian's privacy policy is available at atlassian.com/legal/privacy-policy.
The following service providers based in Brazil also access personal data in the course of services provided:
As these providers are located in Brazil, no international data transfer occurs for these services.
We use SSL encryption (HTTPS) to secure your data during transmission.
After account cancellation, personal data is retained as follows:
During the 60-day period after cancellation, account holders may export their operational data using the tools available in the platform. After this period, data subject to deletion will be permanently removed.
Data retention is based on compliance with legal obligations (Art. 6 Para. 1 (c) GDPR) and legitimate interests (Art. 6 Para. 1 (f) GDPR) for fiscal, legal defense, and fraud prevention purposes.
We reserve the right to amend this privacy policy to comply with legal requirements or to update services. Any future visits will be subject to the new policy.
If you have any questions about this privacy policy, please contact us at: contato@aprepara.com
(Version: #2026-03-02).