Privacy Policy | Software

  1. 1. INTRODUCTION

    1.1. This Privacy Policy (“Privacy Policy”) governs the processing of personal data within the scope of Cortex's Big Data platform (“Software”) and, in general, when providing Cortex Services (“Services”) to its clients (“Partner” or “you” and, collectively, “Partners” and “you”).

    1.2. We at Cortex reiterate our commitment to and concern for privacy and the protection of data processed through the Software. Therefore, before entering and processing any personal data in the Software, you must read this Privacy Policy carefully. In the event of disagreement with any clause or condition of this Privacy Policy, we request that you do not use the Software, as its partial or full use implies immediate acceptance of this Privacy Policy in its entirety.

    1.3. By using the Software, you express your awareness of this Privacy Policy which governs your relationship with Cortex.1.3.1. This Policy is not applicable to Cortex products and services that have their own Privacy Policies expressly declaring the non-application of this Privacy Policy.

    2. DEFINITIONS APPLICABLE TO THE PRIVACY POLICY

    2.1. Law No. 13,709/2018 (General Data Protection Law or “LGPD”): the law that provides for the protection of personal data, rights of data subjects, and responsibilities of processing agents (controllers and processors), in addition to other aspects applicable to the processing of personal data.

    2.2. Data Subject: the natural person to whom the personal data being processed refers.

    2.3. Software: Cortex's Big Data platform which may be used upon contracting for the purpose of performing personal data and/or information analyses by Partners—governed by the Terms of Use, Privacy Policy, contract between Cortex and Partners, and other applicable documents responsible for managing and determining the use of the Software.2.3.1. Responsible Users: users designated by the Partner to Cortex as those responsible for managing the platform and defining access for Software users, as defined in 2.1.2.

    2.3.2. Software User (or, collectively, “Users”): any natural person who is an employee, service provider, agent, and/or representative linked to the Partner and identified in the Cortex Software by an account and the data necessary for establishing said account—access credentials for these users are personal and non-transferable.

    2.3.3. Account: the personal and non-transferable means of access to the Cortex Software which must be created upon request by the Responsible Users to Cortex.

    2.4. Partners: Cortex clients who use the Software and Cortex Services for the purpose of analyzing their personal data and/or information.

    2.5. Suppliers: specialized data collection companies that Cortex may hire for integration into the Software and its Services.

    2.6. Cortex Services: all services offered by Cortex in conjunction with the Software, such as: instructions and training on the use of the Software; performing analyses, when requested, for Partners; sending and managing mailing lists; among others.

    2.7. Personal Data: personal data, according to Law No. 13,709/2018 (“LGPD”), is any information related to identified or identifiable natural persons.

    2.8. Sensitive Personal Data: data concerning racial or ethnic origin, religious conviction, political opinion, union membership or membership in a religious, philosophical, or political organization, data regarding health or sexual life, genetic or biometric data, when linked to a natural person.

    2.9. Partner’s Personal Data and/or Information: all data collected by the Partner that begins to be processed in the Software from the moment of its inclusion via upload. Regarding these, it is important to mention that Cortex bears no responsibility for the method of data collection, which is performed previously and exclusively by the Partner.

    2.10. Suppliers’ Personal Data and/or Information: data (personal or otherwise) obtained through third parties contracted by Cortex and which may be processed by Partners in the Software.

    2.11. Controller: the natural or legal person, of public or private law, who is responsible for decisions regarding the processing of personal data.

    2.12. Processor: the natural or legal person, of public or private law, who performs the processing of personal data on behalf of the controller.

    3. HOW CORTEX ACCESSES PERSONAL DATA AND WHICH DATA IS PROCESSED

    3.1. For the purposes of this Policy and applicable laws, Cortex considers personal data to be any information that identifies or allows the identification of a natural person—as described in 1.3. Anonymized or aggregated data are not considered personal data.

    3.2. Cortex does not collect personal data directly from the data subject. There are two ways in which Cortex may access this data:3.2.1. Data may be acquired by Cortex itself or via companies specialized in data collection (“Supplier” and, collectively, “Suppliers”), for the purpose of maintaining complete and updated data for Partners, collaborating in the construction of growth intelligence strategies to strategically and precisely boost their marketing and sales areas.

    3.2.2. Data may also be provided directly by Cortex Partners for processing and use within the scope of the Software—in which case Cortex will participate indirectly in the processing as a processor due to the contracting of the Software itself. In certain situations, Cortex may also process this data directly in the Software or other Services on behalf of its Partners, always within the limits established in the contract with Partners and in compliance with applicable legislation—in which case Cortex will also participate as a processor.3.2.2.1. In this sense, Partners declare and acknowledge that Cortex shall only be the processor regarding the processing activities performed by itself or by partners when using the Software or other Services focused on specific purposes and according to instructions provided by the Partners, adopting the meaning of processor delimited by the LGPD as set out in 1.6.

    3.3. Due to personal data acquired through Suppliers and Services provided to Partners, Cortex processes the following personal data—categorized by data subjects:3.3.1. Personal data of employees and other third parties related to Partners:3.3.1.1. Registration data: data such as first and last name, email, and access information in the Software stored to allow its use by users.3.3.1.2. Access and interaction data of users with the Software and Cortex Services.3.3.1.3. Data collected through forms, such as those for Service satisfaction purposes, implemented by Cortex. In this case, data such as users' and other Partner employees' emails and contact phone numbers may be collected.

    3.3.2. Third-party data:3.3.2.1. Public data: these may or may not contain personal data. Generally, they are collected from news, APIs, social networks, and other sources, according to the needs and instructions provided by the Partners—depending on the purposes for which the public data will be used in the Software.

    4. PURPOSES FOR WHICH OWN, SUPPLIER, OR PARTNER PERSONAL DATA ARE PROCESSED BY CORTEX

    4.1. Personal data—collected by Cortex, Partners, or Suppliers—processed by Cortex may be used for the following purposes:

  2. 4.1.1. Sending clippings to mailing lists previously provided by Partners.

  3. 4.1.2. Storing data for user access permissions to the platform.

  4. 4.1.3. Performing analysis regarding reputation, the impact of actions, products, brand, and other elements, as well as verifying impressions about Partners, especially on social media; any processing performed by Cortex is done solely according to Partner instructions.

  5. 4.1.4. Monitoring social media for Partner analysis purposes and collecting data shown to be necessary for the activities developed—within the limits of applicable legislation. In this case, there are specific monitorings where, if requested by Partners, Cortex will strictly follow their instructions.

  6. 4.1.5. Collecting information for sending clippings from personal data and information collected by Cortex or obtained by Suppliers.

  7. 4.1.6. Understanding the level of engagement and satisfaction of Partners with the Cortex solution, as well as managing the relationship with Partners for the improvement and continuity of the commercial relationship. For this, Cortex may use access and interaction data (item 3.3.1.2) and data collected through satisfaction forms (item 3.3.1.3), as well as utilize third-party services. Furthermore, depending on the Partners' response, interviews may be conducted to evaluate their perspective on the quality of the Software and Cortex Services.

  8. 4.1.7. Performing internal Cortex analyses regarding its commercial and marketing strategies related to the Software and its Services.

  9. 4.1.8. Assisting Partners in using the Software and other Cortex Services so that Partners can obtain the best results from the available analyses and tools, in addition to commercial and marketing analyses, only in accordance with Partner instructions and if requested from Cortex.

  10. 4.1.9. Presenting analyses of the results obtained through the use of the Software to Partners over a specific period, to improve the relationship between Cortex and Partners and understand the next steps of the project.

  11. 4.1.10. Collecting personal data on behalf of Partner requests—following the limits of applicable laws and in accordance with Partner instructions.

  12. 4.1.11. Integrating Partner personal data and/or information with Supplier personal data and/or information—following the limits of applicable laws and in accordance with Partner instructions.

  13. 4.1.12. Sharing Partner personal data and/or information with Cortex departments that require it for the performance of their activities and only to the extent necessary for employees.

  14. 4.1.13. Sharing personal data with third parties to the extent necessary to enable the provision of Services and the availability of the Software, including data backup.

  15. 4.1.14. Permitting legal due diligence for corporate transactions, such as a merger, acquisition, or sale of all Cortex assets, its economic group, or part of each, and transferring information to its new owner if the ownership or control of all or part of Cortex or its assets changes.

  16. 4.1.15. Permitting Cortex’s defense or any responses to judicial requests and even from other public authorities (e.g., court order, search warrant, or subpoena), if it believes, in good faith, that it is necessary to do so and/or when Cortex is so required by law and/or court decision, and to comply with applicable legal and/or regulatory obligations.

    4.2. Should Partners perform any processing of sensitive personal data through the use of the Cortex Software, they acknowledge and guarantee that they have a specific legal basis, in accordance with those set out in Art. 11 of the LGPD, and that they will follow all applicable procedures for such processing.

    4.3. If the collection of data subjects' consent is necessary for the processing of Partner personal data and/or information, Partners acknowledge and guarantee that they obtained consent appropriately and following LGPD requirements.

  17. 4.3.1. If, eventually, Partner personal data and/or information was processed without due consent or in any other way that constitutes a violation of applicable laws and, in particular, the LGPD, Partners acknowledge and guarantee that Cortex was not responsible for the processing and has no participation in it—performed exclusively by the Partners.

    5. COOKIES

    5.1. Technologies such as “cookies,” small data files stored on your browser, mobile phone, or other device, are used during navigation in the Software to transmit, protect, and understand how Partners use the Software and Cortex Services, as well as to allow the proper functioning of the Software.

    5.2. Cookies may be employed, for example, to: (i) remember Users' access credentials in the Software; (ii) understand how Partners use and interact with the Software and Cortex Services; (iii) customize Services according to your preferences; (iv) measure the usability of Services and the efficiency of communications, as well as send pop-ups regarding Cortex Services; and (v) manage and improve Services and help ensure they are functioning correctly.

    6. WITH WHOM WE SHARE PERSONAL DATA

    6.1. In situations where it is necessary for the provision of Services and availability of the Software, within the limits of applicable laws, Cortex may share Partner personal data and/or information with third parties. This sharing will seek to achieve the following purposes:

  18. 6.1.1. Assist in Cortex operations (e.g., data storage in third-party cloud services), always within the strict limits authorized by applicable legislation, and for the processing purposes and precautions informed in this Policy.

  19. 6.1.2. Allow Cortex to enter into partnerships, to the extent that Partner personal data and/or information is necessary for the completion of the partnerships, always within the strict limits authorized by applicable legislation, and for the processing purposes and precautions informed in this Policy.

  20. 6.1.3. Generate analyses regarding the functionalities and use of the Software and other Cortex Services, which may be made available to Cortex partners and its economic group, always within the strict limits authorized by applicable legislation, and in accordance with the processing purposes and precautions informed in this Policy.

  21. 6.1.4. Analyze and solve technical problems and/or issues regarding fraud and security within the scope of Cortex Services.

  22. 6.1.5. Permit, in necessary cases, legal due diligence for corporate transactions, such as a merger, acquisition, or sale of Cortex assets, its economic group, or part of each, in addition to transferring information to the new owner if the ownership or control of all or part of Cortex or its assets changes. The provisions in this Privacy Policy will continue to apply to your personal data transferred to the new owner.

  23. 6.1.6. Respond, within what is strictly necessary, to requests from judicial, administrative, or arbitral authorities (e.g., court order, search warrant, or subpoena), if Cortex believes, in good faith, that it is necessary to do so or if required by law or by a judicial, administrative, or arbitral decision, in addition to allowing compliance with and execution of legal and/or regulatory obligations through requirements to share personal data with competent authorities within what is strictly necessary.

  24. 6.1.7. Other purposes, in the form and within the limits of the corresponding consent granted by you (when necessary), and within the limit of what is permitted or required by applicable law.

    7. STORAGE AND SECURITY OF PERSONAL DATA

    7.1. When processing Partner personal data and/or information, Cortex will strive to keep it secure. Therefore, Cortex commits to continuously implementing physical, technical, and administrative information security measures appropriate for the processing. We always seek to protect personal data against unauthorized access, accidental or unlawful situations of destruction, loss, alteration, communication, or any form of inappropriate or unlawful processing.

  25. 7.1.1. Cortex allows Partner personal data and/or information to be accessed by its employees and other third parties only to the extent necessary to perform their activities, according to express instructions and under a contractual obligation of secrecy and confidentiality of the personal data processed.

  26. 7.1.2. Cortex's practices related to information security will be guided by applicable law, market best practices, and internal policies related to the theme.

    7.2. Cortex will retain Partner personal data and/or information for the period necessary to achieve the objectives described in this Privacy Policy or according to their instructions.

    8. INTERNATIONAL DATA TRANSFER

    8.1. Cortex, as a company aligned with the most current practices and technologies, may perform international transfers of Partner personal data and/or information to enable the development of some of the activities indicated throughout this Policy (e.g., data storage in cloud services with servers located abroad).

    8.2. Cortex commits to performing international transfers of your personal data and/or information only based on mechanisms permitted by applicable legislation.

  27. 8.2.1. In this sense, Cortex commits to ensuring the protection of Partner personal data and/or information through practices such as entering into appropriate contractual agreements, to ensure that contracted third parties have data protection and information security standards compatible with those applied by Cortex, described in this Policy, and in accordance with applicable law, especially the LGPD.

    9. DATA SUBJECT RIGHTS

    9.1. Cortex will adopt appropriate technical and organizational measures to fulfill its obligations regarding User rights as a personal data subject in cases where it acts as a controller, as noted in this Privacy Policy. If you are interested in exercising any of the rights listed above for activities in which Cortex acts as a controller, you must contact us through the contact information indicated in the “General Provisions” section.

    9.2. Regarding the request for deletion of User personal data, Cortex will comply with personal data deletion requests upon request or in the face of legal obligations. In this case, such data will be permanently deleted, except for cases of mandatory record keeping provided for in legislation and cases where such maintenance is permitted by law.

    9.3. In most of its operations, Cortex acts as a processor and acts on behalf of Partners, according to their instructions and interests. In these situations, and only if applicable and/or necessary, Cortex commits to collaborating with Partners in effecting the rights of personal data subjects when requested, within the limit of its involvement in the relevant personal data processing, and in line with applicable legislation.

    10. GENERAL PROVISIONS

    10.1. This Privacy Policy consists of the valid and effective version of information regarding the processing of own, Supplier, and Partner personal data and/or information by Cortex. This version is responsible for governing all instances in which Cortex processes data.

    10.2. Cortex reserves the right to update and modify any of its legal documents, including this Privacy Policy.

    10.3. The clauses of this Privacy Policy will remain in force upon any form of termination, occurring for various reasons, continuing to produce their effects on the parties as long as there are subsequent legal relationships.

    10.4. If you have any questions about this document and the practices described herein, you should contact Cortex via email at [dpo@cortex-intelligence.com].