Timpel Academy

PRIVACY POLICY

Effective from the 26 of october of 2021. Version 1.0.

Welcome! 

This is the Privacy Policy (“Policy”) that will guide the relationship established between you (“users”) and Timpel through to the use of our website and related to your personal data and information that may be collected or created from this use.

This Policy explains, in a clear and accessible way, how your information and personal data will be collected, used, shared, and stored by our systems.

If you have any questions or if you need to talk about any subject related to this Policy, contact us through the e-mail timpelsecurity@timpelmedical.com.

This Policy is divided as shown to make it easily understood:

  1. Glossary
  2. Which information Timpel collects and accesses
  3. How Timpel uses the information collected
  4. How, when, and with whom Timpel shares your information
  5. Your rights over the information collected
  6. How Timpel protects your information
  7. Updates to this privacy policy
  8. Applicable law

1 GLOSSARY

  • Data and/or personal information: any information related to the user.
  • Holder and/or data subject : natural person to whom the personal data, that is the object of treatment, refers. In this situation: the user.
  • Treatment and/or processing: all operation done with personal data, such as those that refer to collection, production, reception, classification, use, access, reproduction, transmission, distribution processing, filing, storage, elimination, information assessment or control, modification, communication, transfer, diffusion, or extraction.
  • International data transfer: personal data transfer to a foreign country or international organization to which the country belongs.
  • Block: temporary suspension of any treatment operation, by safeguarding personal data or the database.
  • Elimination: erasure of data or data set stored in a database, regardless of the procedure used.
  • Purpose (principle): doing the treatment for purposes that are legitimate, specific, explicit, and informed to the holder, with no possibility of later treatment that is incompatible with these purposes.

2 WHICH INFORMATION TIMPEL ACCESSES AND COLLECTS

In order for you to have access to the website and so that you can use and enjoy its functions, you will not need to previously register with the application. 

The only user personal data collected are those referring to the contact form available at the page’s footnote and filled in by you, whatever it may be, name, e-mail, telephone, company, and contact message. 

Regarding the information created when the user accesses the website, Timpel collects records of application access automatically, which include the IP address, with date and time, used to log in to Timpel’s website. These data are mandatorily collected, according to Article 6(1)f of the European General Data Protection Regulation (“GDPR”), but they will only be given to third parties if you authorize it, in case of a lawsuit or if other legal obligations require us to do so. 

3 HOW WE USE YOUR INFORMATION

Every data and information about you are treated as confidential and we will only use it as far as admissible and for the purposes described in this document, mostly so that you can enjoy Timpel’s website to its fullest, always aiming at improving your user experience.

  1. Authorized uses

Therefore, we can use your data exclusively to:

  • Contact you commercially, after you send your request via on-line form;
  • Send you messages about support or service, as alerts, notifications, and updates;
  • The external processing of our affiliated or other trustworthy companies or people, based on our instructions and in compliance with our Privacy Policy and any other security and confidentiality measures applicable;
  • Any purpose that you authorize at the data collection moment;
  • Meet legal requirements.

Occasionally, we can use data for purposes not described in this Policy, but these will be within your legitimate expectations. The occasional use of your data for purposes that are not in compliance with this prerogative will only occur with your previous authorization.

  1. Data erasure

All data collected will be erased from our servers as soon as you request it by means of a free and easy procedure, or whenever the data is no longer necessary or relevant for us to offer our services, except when there is any other reason to maintain them, such as any legal obligation to retain or need to preserve data for the protection of Timpel’s rights.

  1. Information retention period

Your personal data and information will be retained for the period needed for the provision of services by Timpel and to meet the purposes described in this Privacy Policy, unless a different retention period is required or permitted by the applicable law. When we no longer need your information for administrative or legal reasons, we will erase it.

We will only retain your personal data for the reasonably necessary period of time considering the circumstances described in this Policy. The retention periods vary according to the data categories, considering legal and regulatory requirements, statute of limitations for legal proceedings, good practices, and the legal base on which we process your personal data.

4 INFORMATION SHARING

Timpel may, under the respective legal conditions, share all the information it accesses or collects with its affiliates, service providers, or other companies, or trustworthy people in Brazil or in the United States and the Netherlands. The transfer will only be done to countries or international organizations that ensure the appropriate degree of data protection. 

Timpel reserves the right to provide your data and information, including your interactions, if requested to do so in court, an act required so that the company is following national laws, or if you expressly authorize.

Timpel may share aggregate information that are not personally identified or identifiable. For example, Timpel can publicly share anonymized information to show trends about the general use of our services.

5 HOLDERS’ RIGHTS

As a data subject, you can always choose not to disclose your data, but keep in mind that some data and information may be required for the use of some functions in our website, such as contacting you to see if you are interested in acquiring one of our products and services. Regardless, you will always have rights related to privacy and protection of your personal data.

Therefore, we summarized all the rights that you have under the GDPR, respectively, which you can exercise your rights before Timpel, which are:

  1. Right of access and confirmation. This right allows you to obtain from Timpel the confirmation that the company is treating your personal data and, if it is the case, request a copy of our records of your personal data.
  1. Right to rectification. This right allows you to, at any moment, request the correction and/or rectification of personal data, if you identify that some of them are incomplete, inaccurate, or outdated. However, in order to do this correction, we will have to check the validity of the data you are providing. You can correct some of your personal information by forwarding an e-mail to timpelsecurity@timpelmedical.com with the subject: “Alteration of personal data”.
  1. Right to erasure. This right allows you to request the deletion of your personal data held by us. All data collected will be erased from our servers as soon as you request it or whenever the data is no longer necessary or relevant for us to offer our services to you, except when there is any other reason to maintain them, such as any legal obligation to retain or need to preserve data for the protection of Timpel’s rights. To alter or erase your information from our database, simply send an e-mail to timpelsecurity@timpelmedical.com with the subject: “Erasure of personal data”.
  1. Right to object to processing. You also have the right to contest where and in which context we are treating your personal data for different purposes. In certain situations, we can prove that we have legitimate reasons to treat your data, which would superimpose your rights if, for example, they are essential to provide our applications.
  1. Right of anonymization, blocking, or elimination. This right allows you to request the suspension of your data processing in the following contexts: (a) if you want us to establish the precision of data; (b) when you need the data to be maintained even if we no longer need them, as necessary, to establish, perform, or defend legal claims; or (c) if you have opposed to the use of your data, but in this scenario we need to verify if we have legitimate reasons to use them.
  1. Right to withdraw your consent. You have the right to withdraw your consent insofar as this has been provided. However, this will not impact the legality of any processing that took place previously. If you withdraw your consent, we might not be able to provide certain services.
  2.  Right to data portability: Under the GDPR and subject to the according requirements, data subjects have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
  3. Right to lodge a complaint: Under the GDPR, every data subject has the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

It might be necessary to request your specific information to help us confirm your identity and ensure your right to access your personal data (or to exercise your rights). This is a security measure to ensure that your personal data are not disclosed to any person that does not have the right to access them. We can also contact you to obtain more information regarding your request in order to speed up our response. We try to reply to all requests within five (5) working days. Occasionally, it may take more than five (5) working days if your request is particularly complex or if you have made multiple requests. In this case, we will contact you and keep you updated about the progress of your request.

Requests that are repetitive, that require unproportionate technical effort (for example, development of a new system or a fundamental change of an existing practice), that put in jeopardy other users’ privacy, or that are impractical (for example, requests referring to information locates in backup systems) may be refused.

If you have any questions about these issues and about how you can exercise your rights, feel free to contact us through the e-mail: timpelsecurity@timpelmedical.com.

6 INFORMATION SECURITY

All your data are confidential and only those with the proper authorization can access them. Any use of these data must be in compliance with this Policy. Timpel will undertake all reasonable market efforts to ensure the security of our systems and of your data, employing technical and organizational measures capable of protecting personal data and information from non-authorized accesses and from situations of destruction, loss, alterations, communications, or diffusion of such data. 

To ensure this security, we will adopt solutions that take into consideration the appropriate techniques; application costs; nature, scope, context, and purposes of the treatment; and risks to the user’s rights and liberties.

Your personal information will, whenever possible, be encrypted, if this does not hinder its use on the website. At any moment you can request a copy of your data stored in our systems. We will retain data and information only as long as they are necessary or relevant for the purposes described in his Policy, or in case of periods that have been pre-determined by law, or as long as they are needed for the maintenance of Timpel’s lawful interests.

Timpel considers your privacy something extremely important and will do whatever is in its power to protect it. However, we cannot ensure that all data and information about you in our platform and application will be free of unauthorized accesses. You may also protect your data before all Timpel channels, taking care to end the navigation in the platform properly. 

Timpel agrees, still, to notify you within an appropriate time frame in case of any type of security breach of your personal data that may pose a high risk to your personal rights and liberties.

7 PRIVACY POLICY UPDATES

Timpel reserves the right to change this Policy as often as needed, aiming at providing more security and convenience to you and to improve your experience. That is why it is very important to access our Policy periodically. In order to facilitate the access to information, we indicate in the beginning of the document the last update date and Policy version.

By using the service after occasional changes, you agree with the new terms. If you disagree with any of the changes, you must present your opinion to the customer service immediately, if you wish to do so.

8 APPLICABLE LAWS

Moreover, to the extent applicable, this document is governed and must be interpreted by means of the GDPR. The GDPR applies to the processing of personal data (a) where the controller is established in the European Union, regardless of whether the processing takes place in the European Union or not; (b) where the data subjects are located in the European Union and the processing activities are related to (i) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the European Union; or (ii) the monitoring of their behaviour as far as their behaviour takes place within the European Union.