MIDAS SOLUÇÕES

Privacy Policy

March 05, 2025

1. Introduction

This Privacy Policy aims to demonstrate D EMPREENDIMENTOS's commitment to transparency, security, and privacy in processing the personal data of its users, clients, partners, and other data subjects who interact with the company's services and digital platforms.

D EMPREENDIMENTOS is a company specialized in financial management, debt collection, and administration of microcredit operations, operating in compliance with current legislation and the principles set forth by Law No. 13.709/2018 – General Data Protection Law (LGPD).

This Policy clearly and accessibly explains how data are collected, used, shared, and stored, as well as the rights of data subjects and the mechanisms available to exercise them. D EMPREENDIMENTOS understands that protecting privacy and transparency in using information are essential to trust and integrity in relationships with its users.

By using D EMPREENDIMENTOS's services and providing personal data, the data subject acknowledges and agrees to the terms set forth herein, authorizing the processing of their information for the purposes described in this document.

This Policy applies to all personal data processing activities carried out by D EMPREENDIMENTOS, including through its websites, systems, applications, digital platforms, and customer service channels, both online and offline.

We recommend that you read this Policy carefully and in full. If you have any questions, suggestions, or requests related to data processing, we provide specific service channels as described at the end of this document.

2. Definitions

For the purposes of this Privacy Policy, the following definitions are adopted, in accordance with the General Data Protection Law (Law No. 13.709/LGPD) and D EMPREENDIMENTOS's data governance practices:

  • 2.1. D EMPREENDIMENTOS: Private legal entity responsible for processing personal data under this Policy, acting as the Controller by defining purposes and means of processing personal data collected in connection with its financial management, debt collection, and microcredit administration activities.
  • 2.2. Personal Data: Any information relating to an identified or identifiable natural person, such as name, CPF, email, phone number, IP address, geolocation, financial and banking data, photographs of personal documents, among others.
  • 2.3. Sensitive Personal Data: Subset of personal data revealing racial or ethnic origin, religious conviction, political opinion, union membership, or membership in an organization of a religious, philosophical, or political nature, as well as data on health, sexual life, genetic or biometric data when linked to a natural person. D EMPREENDIMENTOS does not process sensitive personal data unless strictly necessary and based on a specific legal basis.
  • 2.4. Data Subject: Natural person to whom the personal data refer and whose personal data are subject to processing by D EMPREENDIMENTOS.
  • 2.5. Data Processing: Any operation performed on personal data, such as collection, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of the information, modification, communication, transfer, dissemination, or extraction.
  • 2.6. Controller: Natural or legal person, public or private, responsible for deciding how and why personal data are processed. In this Policy, D EMPREENDIMENTOS generally acts as the Controller.
  • 2.7. Processor: Natural or legal person, public or private, who processes personal data on behalf of and under instructions from the Controller. D EMPREENDIMENTOS may contract Processors for specific activities under confidentiality and security clauses.
  • 2.8. Data Protection Officer (DPO): Person appointed by D EMPREENDIMENTOS to act as a communication channel between the company, data subjects, and the National Data Protection Authority (ANPD), responsible for ensuring LGPD compliance.
  • 2.9. National Data Protection Authority (ANPD): Federal public administration body responsible for overseeing, implementing, and enforcing LGPD compliance throughout Brazil.
  • 2.10. Legal Bases: Legal grounds authorizing personal data processing under the LGPD, such as data subject consent, compliance with legal or regulatory obligations, contract execution, or preliminary contractual procedures, and regular exercise of rights in judicial, administrative, or arbitration proceedings.
  • 2.11. Consent: Free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose. When required by law, consent will be collected clearly and specifically.
  • 2.12. Cookies: Small digital files stored on the data subject’s device when navigating websites and digital platforms, used to enhance user experience, collect statistical data, and enable specific functionalities.
  • 2.13. Anonymization: Process by which personal data lose the possibility of direct or indirect association with an individual, using reasonable and available technical means at the time of processing.
  • 2.14. Data Sharing: Any form of communication, dissemination, international transfer, interconnection, or joint processing of personal data between the Controller and third parties.
  • 2.15. Security Incident: Confirmed or suspected adverse event compromising the confidentiality, integrity, or availability of personal data, such as leakage, loss, unauthorized access, destruction, or improper alteration.

3. Data Collected

D EMPREENDIMENTOS collects personal data in a structured, secure manner aligned with the legitimate purposes of its activities, respecting the principles of necessity, adequacy, purpose, free access, data quality, and security as established by the LGPD.

Data collection may occur through form completion, document upload, interactions with the digital platform, communication submissions, or integration with authorized public or private databases.

The data collected are classified in the following categories:

3.1. Personal Identification Data

  • Full name
  • CPF number
  • Photo ID (RG, CNH, or equivalent)
  • Date of birth
  • Nationality and place of birth
  • Gender and marital status (when required by applicable law or registration process)

3.2. Contact Data

  • Full residential address
  • Personal or professional email
  • Landline and/or mobile phone number with area code
  • IP address and device geolocation (when accessing the digital platform)

3.3. Identity Verification Data

  • Photographs of identity documents (front and back)
  • Selfie with the document beside the face (proof of life and authentication)
  • Digital or electronic signature (where applicable)

3.4. Financial and Credit Data

  • Declared monthly income (when provided)
  • Credit score from authorized bureaus
  • Number of bank accounts (in case of granting, receipt, or settlement of funds)
  • Installment details, contracts with D EMPREENDIMENTOS, and associated guarantees
  • Note: D EMPREENDIMENTOS does not request or store complete banking data (passwords, tokens, or full card numbers); any such request is repudiated and subject to legal sanctions.

3.5. Contractual and Operational Data

  • Contract history, compliance, and default records
  • Details of renegotiation proposals, agreements, or settlements
  • User activity logs on the platform
  • Support interactions (chat, email, or phone), recorded and archived per internal security policy

3.6. Automatically Collected Data

  • IP address, date, and time of access
  • Browser type, device, and operating system
  • Active sessions, clicks, time spent, and navigation patterns
  • Cookies and anonymous identifiers for authentication, preferences, and personalization

Cookie usage can be controlled by the data subject via browser settings. Refusing or deleting cookies may impact platform functionality.

3.7. Third-Party Data

D EMPREENDIMENTOS may receive data from third-party partners (credit bureaus, identity verification platforms, banking integrators, etc.), based on contracts, legitimate purposes, and express legal permission, observing legislative limits.

4. How Data Are Used (Purpose and Legal Basis)

D EMPREENDIMENTOS processes personal data for legitimate, specific, and explicit purposes, always respecting data subjects’ rights and LGPD principles.

4.1. To Register and Identify the User

Finalidade:

Validate the user's identity and allow secure access to D EMPREENDIMENTOS’s services.

Base Legal:

Art. 7º, V – Performance of contract; Art. 7º, I – Consent.

4.2. To Provide Microcredit Management and Collection

Finalidade:

Enable application analysis, contract management, debt collection, invoice issuance, due notifications, and debt renegotiations.

Base Legal:

Art. 7º, V – Performance of contract; Art. 7º, IX – Regular exercise of rights.

4.3. To Assess Risk and Prevent Fraud

Finalidade:

Perform credit scoring, anti–money laundering and counter–terrorism financing checks (PLD/FT), and document fraud detection.

Base Legal:

Art. 7º, II – Legal or regulatory obligation; Art. 7º, VI – Legitimate interest.

4.4. To Comply with Legal and Regulatory Obligations

Finalidade:

Meet requirements under applicable laws (tax, financial, accounting, and credit sector regulations).

Base Legal:

Art. 7º, II – Legal or regulatory obligation.

4.5. To Communicate with the User

Finalidade:

Send account updates, payment reminders, renegotiations, contract changes, and other operational messages.

Base Legal:

Art. 7º, V – Performance of contract.

No direct marketing without prior, unequivocal consent.

4.6. For Security and Auditing

Finalidade:

Log access events, track platform actions, and monitor suspicious activities.

Base Legal:

Art. 7º, IX – Regular exercise of rights; Art. 11, II – Legal obligation for security data.

4.7. For Continuous Improvement

Finalidade:

Collect usability, performance, and navigation data to enhance features and personalize experience.

Base Legal:

Art. 7º, IX – Legitimate interest; with privacy impact assessment.

4.8. For Automated Processing and Internal Analysis

Finalidade:

Use data for internal metrics, delinquency control, operational efficiency measurement, and strategic planning.

Base Legal:

Art. 7º, IX – Legitimate interest; anonymized when possible.

5. Data Sharing with Third Parties

D EMPREENDIMENTOS values confidentiality and security of personal data. However, under specific circumstances, data may be shared with third parties, respecting LGPD principles.

Data sharing occurs only in the following cases:

5.1. Technical Partners and Service Providers

Com:

Data hosting, infrastructure, authentication, identity verification platforms, and communication providers.

Finalidade:

Ensure platform operation, functionality, and security.

Base Legal:

Art. 7º, V and IX – Performance of contract and legitimate interest.

5.2. Financial Institutions and Payment Partners

Com:

Payment processors, banks, cooperatives, and settlement systems.

Finalidade:

Perform financial operations, bank settlements, send PIX or boleto charges, and record transactions.

Base Legal:

Art. 7º, V – Performance of contract.

5.3. Governmental and Regulatory Authorities

Com:

Authorities such as Federal Revenue, Central Bank, COAF, Federal Police, Judiciary, etc.

Finalidade:

Comply with legal, regulatory, tax obligations and administrative or judicial investigations.

Base Legal:

Art. 7º, II – Legal or regulatory obligation.

5.4. Fraud Prevention and Risk Analysis

Com:

Credit bureaus, anti–fraud companies, and document/biometric validation tools.

Finalidade:

Reduce fraud risk, protect system integrity, and enhance security.

Base Legal:

Art. 7º, IX – Legitimate interest.

5.5. Collection Agencies, Lawyers, Notaries

Com:

Third parties for out-of-court/judicial collections, document processing, or protest filings.

Finalidade:

Recover defaulted amounts and exercise D EMPREENDIMENTOS’s rights.

Base Legal:

Art. 7º, VI and IX – Regular exercise of rights and legitimate interest.

5.6. Corporate Restructuring Transfers

Com:

Acquiring companies, parents, affiliates, or legal successors in mergers, acquisitions, or reorganizations.

Finalidade:

Ensure service continuity and preserve contractual/legal obligations.

Base Legal:

Art. 7º, IX – Legitimate interest.

5.7. Sharing Restrictions

  • D EMPREENDIMENTOS does not sell, rent, or share personal data for direct marketing or advertising without prior and unequivocal consent.
  • All third parties receiving data must adopt equivalent protection, confidentiality, and security standards.

6. Storage, Security and Data Retention

D EMPREENDIMENTOS adopts rigorous information security practices to protect personal data from collection to disposal.

6.1. Data Storage

  • Stored in company-owned or contracted servers in Brazil or abroad, ensuring LGPD compliance (Articles 33–36).
  • Environments use encryption, segmented access control, redundancy, and automated backups for integrity and availability.
  • Data records linked to CPF and authenticated accounts secured by password and MFA.

6.2. Information Security

  • Access control by privilege profile (managers, operators, users).
  • Encryption at rest and in transit for sensitive data.
  • Regular audits and full logging of user and internal activities.
  • Next-generation firewalls, IPS, and updated antivirus.
  • Periodic security and compliance training for staff.
  • Encrypted backup policy with tested restoration.

6.3. Retention Period

  • While contractual or commercial relationship exists.
  • As required by specific legal obligations (consumer, fiscal, AML, etc.).
  • As needed for rights defense in judicial, administrative, or arbitration processes.
  • Until a valid deletion request, subject to LGPD Articles 15–16 exceptions.

6.4. Deletion and Anonymization

  • Permanently and securely deleted using irreversible methods.
  • Anonymized so data cannot be linked to an individual, for statistical or improvement purposes (LGPD Article 12).

7. Data Subject Rights

D EMPREENDIMENTOS ensures data subjects can exercise the rights provided in LGPD Article 18 at any time via a formal, authenticated request.

7.1. Guaranteed Rights

  • a) Confirmation of processing: Verify whether your personal data are processed.
  • b) Access to data: Request clear, complete, and accessible information about your data.
  • c) Correction: Update or rectify incomplete, inaccurate, or outdated data.
  • d) Anonymization, blocking, deletion: Request anonymization, blocking, or deletion of unlawfully processed data.
  • e) Portability: Transfer data to another service or product provider, respecting trade and industrial secrecy.
  • f) Deletion of consent-based data: Request deletion of data processed solely on consent, except where legal obligations apply.
  • g) Information on sharing: Know which entities received your data.
  • h) Consequences of refusal: Understand legal and practical consequences of not consenting when required.
  • i) Consent revocation: Withdraw consent with future effect, without affecting prior lawful processing.

7.2. How to Exercise

  • Email: privacidade@midassolucoes.com.br.com.br
  • Formal request via authenticated user panel with MFA
  • Physical mail to D EMPREENDIMENTOS's Data Protection Department

Additional documents may be required to verify identity.

7.3. Response Time

D EMPREENDIMENTOS will respond within a maximum of 15 (fifteen) calendar days from receipt of the request, per LGPD.

8. Data Sharing and Transfer

D EMPREENDIMENTOS may share personal data only when strictly necessary to fulfill legitimate purposes in this document, observing LGPD principles of good faith, necessity, adequacy, security, and purpose.

8.1. Sharing Scenarios

  • a) Service providers and partners: Data shared with companies for credit analysis, document validation, anti–fraud, collection, support, cloud services, hosting, and platform management under confidentiality obligations.
  • b) Authorities and regulators: To comply with legal orders or administrative requests (Central Bank, Federal Revenue, COAF, etc.).
  • c) Institutional partners: Data shared for structuring financial solutions or services within contractual/legal limits.
  • d) Corporate restructuring: In mergers, acquisitions, or reorganizations, data may transfer to successors, preserving data subject rights and LGPD compliance.

8.2. International Transfer

  • Only to countries with adequate data protection levels per LGPD, or
  • Under specific contractual and technical/legal safeguards to ensure required protection levels.

8.3. No Sale of Data

D EMPREENDIMENTOS does not sell personal data for advertising, marketing, or promotional purposes.

9. Information Security and Data Retention

D EMPREENDIMENTOS adopts technical and organizational measures to protect personal data against unauthorized access, destruction, loss, alteration, disclosure, or other improper processing.

9.1. Security Measures

  • a) Encryption: Sensitive data is stored and transmitted encrypted with up-to-date protocols.
  • b) Access control: Restricted to staff and partners under confidentiality obligations.
  • c) Logging and auditing: Comprehensive logs enable internal audits and breach detection.
  • d) Secure authentication: Requires login and personal password; users must safeguard credentials.
  • e) Continuous monitoring: Periodic assessments and incident response tools identify vulnerabilities.

9.2. Storage and Retention

  • As long as needed for processing purposes.
  • While legal or regulatory obligations require retention.
  • To protect D EMPREENDIMENTOS’s rights in legal or administrative proceedings.
  • Per minimum retention periods in Brazilian law (Civil Code, Consumer Protection, AML, etc.).

9.3. Deletion or Anonymization

  • Permanently deleted using irreversible methods.
  • Anonymized to prevent reidentification, allowing statistical or improvement use.

10. Cookies and Tracking Technologies

D EMPREENDIMENTOS's platform may use cookies and similar technologies (tags, pixels, scripts) to improve navigation, enable features, analyze usage, and personalize content.

11.1. What Are Cookies?

Cookies are small text files stored on the user’s device when accessing D EMPREENDIMENTOS’s site or system, allowing device recognition and automatic information collection.

11.2. Types of Cookies

  • Strictly Necessary Cookies: Essential for basic platform functions; cannot be disabled.
  • Performance/Analytics Cookies: Collect usage data (pages visited, time spent, errors) to improve performance.
  • Functional Cookies: Remember preferences (language, settings) for a personalized experience.
  • Marketing Cookies (future use): Display ads based on browsing behavior; will require prior notice and consent.

11.3. Managing Cookies

Users can block or be notified about cookies via browser settings, but blocking essential cookies may impair functionality.

  • Google Chrome
  • Mozilla Firefox
  • Microsoft Edge
  • Safari (iOS/macOS)

11.4. Cookie Policy

A separate Cookie Policy may be provided, detailing cookie types and purposes. If so, a link will appear in the login area and footer.

11. Policy Updates

12.1. Periodic Review

This Privacy Policy may be reviewed and updated at any time to reflect legislative, regulatory, technological, or operational changes, or changes in data processing purposes.

12.2. Update Criteria

  • Changes in processing purposes or legal bases.
  • New features or integrations involving personal data.
  • New regulations from ANPD, Central Bank, COAF, or others.
  • Technical, legal, or operational adjustments from audits or security recommendations.

12.3. Communication

  • Notice on D EMPREENDIMENTOS’s platform.
  • Email to registered address at least 1 business day before changes take effect.

12.4. Acceptance

Continued use after updates constitutes acceptance. If you disagree, you may cancel your account and request data deletion as described.

12.5. Version History

D EMPREENDIMENTOS will maintain a history of Policy versions with effective dates, ensuring transparency and traceability.

12. Applicable Law and Jurisdiction

13.1. Governing Law

  • Law No. 13.709/2018 (General Data Protection Law – LGPD)
  • Brazilian Civil Code
  • Marco Civil da Internet (Law No. 12.965/2014)
  • Other applicable laws on data protection, digital services, and corporate activity

13.2. Jurisdiction

The courts of São Luís, Maranhão, Brazil are the exclusive venue for disputes arising from this Policy or any legal relationship between D EMPREENDIMENTOS and the data subject.

13.3. Waiver of Other Jurisdictions

By accepting this Policy, the data subject waives any other jurisdiction, including their domicile, ensuring legal certainty and contractual predictability.

D EMPREENDIMENTOS LTDA - 45.810.376/0001-08
Rua Pernambuco, Room 09, 750, Chácara Brasil – São Luís, MA
65066-851

Last updated: 05/03/2025

Back to Home Page