PRIVACY POLICY
Introduction
The companies that are part of the corporate group formed by the holding company Gold Creek Investments S/A and its wholly owned subsidiaries Perfil Térmico Aquecimento e Isolamento Industrial Ltda. and Digimet Ltda., hereinafter jointly referred to as “Perfil Group”, process personal data responsibly, transparently, and respectfully. Whenever you interact with us, whether as a customer, supplier, employee, partner, or user of our websites, platforms, or services, certain personal data may be required to enable this relationship, provide services, perform contracts, and ensure the security of operations.
This Privacy Policy aims to explain, in a clear manner, what data we collect, why we use this information, and how it is protected. Here you will also find your rights and how to exercise them.
The companies that are part of Perfil Group may act either as Data Controllers or Data Processors, depending on the nature of the activities performed, the services provided, the responsibilities contractually defined, and the applicable legislation.
1. Who Are the Data Subjects
Perfil Group may process personal data of individuals who interact with the company in different day-to-day contexts. This includes, for example:
-
Customers: individuals or legal entities that maintain a commercial relationship with Perfil Group, as well as the individuals responsible for representing them and serving as points of contact
-
Suppliers and their representatives: individuals connected to companies that provide products or services
-
Employees (under labor law): professionals hired by the company under employment agreements
-
Service providers (legal entities): professionals or companies hired to perform specific activities
-
Job applicants: individuals participating in recruitment processes
-
Website and tool users, such as simulator users: users of forms, simulators, digital platforms, systems, or technological solutions made available by Perfil Group
-
Visitors and event participants: individuals participating in meetings, training sessions, trade fairs, or events organized or supported by the company
-
Other third parties: any person who, in any way, interacts or maintains a relationship with Perfil Group
In each of these contexts, personal data is processed differently, always taking into account the type of relationship with Perfil Group and what is necessary for each situation.
2. Personal Data Processed, Purposes, and Legal Bases
The companies within Perfil Group carry out operations with distinct characteristics, including operational and commercial activities related to thermal insulation solutions, as well as technological operations, digital platforms, and SaaS solutions. Personal data processing takes place according to the nature of each activity performed.
The table below presents the main categories of personal data processed, with examples, purposes, and the respective legal bases.
Identification and Contact | Name, email, phone number, job title, company | Registration and commercial relationship with customers | Performance of a contract |
Commercial | Name, email, phone number, company, job title | Preparation of proposals, negotiation, and execution of sales | Performance of a contract; preliminary procedures related to it |
Financial and Tax | Name, taxpayer ID number, banking details | Compliance with tax obligations, invoicing, and collection | Legal obligation |
Suppliers and Partners | Name, email, phone number, job title | Hiring, management, and communication with suppliers | Performance of a contract |
Human Resources | Name, taxpayer ID number, ID document number, address, date of birth, banking details, dependents' data, job title, contractual information, time records, and benefits | Employee management, administration of the employment relationship, and compliance with labor, social security, and contractual obligations | Legal obligation |
Occupational Health | Medical certificates, occupational health exams | Compliance with occupational health and safety rules | Legal obligation |
Job Applicants | Name, email, phone number, professional information | Recruitment and selection | Legitimate interest |
Communication and Customer Service | Name, email, phone number | Handling requests and providing support | Performance of a contract |
Communication Records | Name, email, phone number | Recording interactions for control, history, and service improvement | Legitimate interest |
System Access | Username, access records (logs), session identifiers | Access control and information security | Performance of a contract |
Website Users | IP address, date and time of access, browsing data | Ensuring website operation, security, and improvement | Legitimate interest |
Website Forms | Name, email, phone number, company | Receiving and responding to requests submitted through the website | Performance of a contract; preliminary procedures related to it |
Simulator | Name, email, phone number, company, job title | Generating the simulation requested by the user and enabling commercial follow-up | Performance of a contract; preliminary procedures related to it |
Platforms and Technological Solutions | Name, email, phone number, company, usage records, session identifiers, and operational information | Provision, support, security, and performance of technological platforms, systems, and services | Performance of a contract |
Newsletter | Name, email | Sending requested informational content | Consent, when applicable |
Marketing Communications | Name, email, phone number, company, job title | Sending institutional and promotional content | Consent, when applicable |
Property and Personal Security | Image (CCTV), identification linked to access records | Protection of individuals and access control to facilities | Legitimate interest |
Visitors and Events | Name, email, phone number, company | Organization of visits, meetings, and events | Performance of a contract |
Fraud Prevention and Security | Name, email, IP address, access records | Prevention of fraud, incidents, and misuse | Legitimate interest |
Category of Data
Personal Data (examples)
Purpose
Legal Basis
The categories and purposes above represent the most common situations involving personal data processing at Perfil Group. Other data may be processed as necessary for the development of the company’s activities, always limited to the minimum necessary, linked to a legitimate purpose, and based on an appropriate legal basis.
Perfil Group does not collect biometric data for identification or access control purposes. Images that may eventually be captured by monitoring systems are used exclusively for the security of people and facilities.
3. Data Sharing
Perfil Group may share personal data with third parties when necessary, including:
Accounting, Legal, and Audit Firms | Compliance with legal and regulatory obligations |
Financial Institutions | Payments and transactions |
Suppliers and Partners | Performance of contracts |
Technology Providers (cloud, email, systems) | Infrastructure and operations |
Security Companies | Access control and protection |
Public Authorities | Legal compliance |
Recipient
Purpose
Data sharing may also occur in the context of the use of technological platforms, cloud services, system operators, and suppliers related to the technological activities and SaaS solutions made available by Perfil Group.
4. Storage, Retention, and Security
Perfil Group adopts measures to ensure that personal data is stored securely, used only when necessary, and retained for the period appropriate to its purposes.
4.1. Where Data Is Stored
The companies that are part of Perfil Group may use their own infrastructure or third-party services for storage, processing, monitoring, support, and the performance of administrative, industrial, commercial, and technological activities.
This storage may occur on servers located in Brazil or abroad, depending on the technological solutions used, and measures are adopted to ensure adequate protection of the information.
4.2. How Long Data Is Retained
Personal data is retained only for the period necessary to fulfill the purposes for which it was collected, observing criteria such as:
-
compliance with legal and regulatory obligations
-
performance of contracts and operational activities
-
the need to defend rights in judicial, administrative, or arbitration proceedings
After the end of the applicable period, the data is securely deleted or anonymized.
4.3. How Data Is Protected
Perfil Group adopts technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or any form of misuse.
Main measures include:
-
access control based on profile and need to use
-
use of secure authentication for access to systems
-
monitoring of access and activities (logs)
-
use of controlled technological environments
-
periodic backups
-
employee training and awareness initiatives
These measures are continuously reviewed to ensure information security and the improvement of internal processes.
5. International Data Transfers
Perfil Group may carry out international transfers of personal data, especially due to the use of technological services, cloud platforms, system operators, and digital solutions used in its administrative, operational, commercial, and technological activities.
In such cases, reasonable measures compatible with applicable legislation will be adopted to ensure an adequate level of protection for the personal data processed.
6. Data Subject Rights
Perfil Group ensures data subjects the exercise of their rights, allowing you to have transparency and control over the use of your information.
Under applicable legislation, you may request, at any time:
-
confirmation of the existence of personal data processing
-
access to your data
-
correction of incomplete, inaccurate, or outdated data
-
anonymization, blocking, or deletion of data, when applicable
-
data portability, as provided by regulation
-
information about data sharing
-
withdrawal of consent, when consent is the legal basis
-
objection to processing, in the cases provided by law
6.1. How to Exercise Your Rights
To exercise your rights, the data subject must access the specific form (Data Subject Rights Request Form) made available by Perfil Group through the link available on the company’s website.
Requests will be reviewed in accordance with applicable legislation and handled within the legal timeframe.
To ensure information security and prevent improper access, Perfil Group may request additional data or documents to confirm the identity of the requester.
7. Cookies and Browsing
The use of cookies and similar technologies is addressed in a specific document available on the Perfil Group website. You can access our Cookie Policy on our website.
8. Third - Party Links (Other Websites)
The Perfil Group website may contain links to external pages, such as partners, suppliers, or other companies. By clicking these links, you will be directed to environments that are not controlled by the companies within Perfil Group.
Each of these websites has its own rules regarding the collection and use of personal data. Therefore, we recommend that, when accessing these websites, you carefully read the Privacy Policies and Terms of Use available on those pages before providing any information.
Perfil Group is not responsible for the privacy practices adopted by these external websites.
9. Changes
This notice may be updated at any time, and periodic consultation is recommended.
10. Contact
-
For privacy-related requests, please contact:
-
E-mail: lgpd@perfil.group
-
Phone: +55 (41) 3051-5002
-
-
Perfil Térmico Aquecimento e Isolamento Industrial Ltda.
-
CNPJ: 76.080.704/0001-83
-
Website: https://www.perfiltermico.com.br
-
Address: Rua Paulo Setúbal 2144, Curitiba, PR, 81670-130
-
-
Digimet Ltda.
-
CNPJ: 07.605.671/0001-25
-
Website: https://www.digimet.solutions/
-
Address: Dona Francisca, 8300 - Bloco 1, Módulo B, Box Nicarágua
-