PRIVACY AND COOKIES NOTICE

We are the company Home Experience and we understand that trust in our company is directly related to the quality and competence demonstrated in our operations. This increasingly includes the importance of respecting personal data and acting within legal limits.

This Privacy and Cookies Notice is another way to reaffirm our commitment to privacy and data protection. The purpose of this text is to explain how user data is collected, used, stored, processed, and deleted, in accordance with the General Data Protection Law (Law No. 13.709/2018 – LGPD).

The service we provide values efficiency and security, which encompass rights regarding the protection of personal data. Therefore, this notice is intended for the data subject, in compliance with the LGPD and our values, reflected in the lawful processing of personal data.

We emphasize that this document may undergo changes to better inform and protect the data subject. Don’t worry — at the end of this document you’ll find the date of the last update. Any modifications will be made solely to better serve you in light of the LGPD.

Below are some legal definitions that may help you understand this document.

1. DEFINITIONS (ART. 5 OF THE LGPD)

Personal data: information related to an identified or identifiable natural person.

Sensitive personal data: personal data concerning racial or ethnic origin, religious belief, political opinion, trade union membership or membership in a religious, philosophical, or political organization, data concerning health or sex life, genetic or biometric data when linked to a natural person.

Anonymized data: data related to a data subject who cannot be identified, considering reasonable and available technical means at the time of processing.

Database: a structured set of personal data, established in one or several locations, in electronic or physical form.

Data subject: natural person to whom the personal data being processed refers.

Controller: natural or legal person, public or private, responsible for making decisions regarding the processing of personal data.

Processor: natural or legal person, public or private, that processes personal data on behalf of the controller.

DPO (Data Protection Officer): person appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).

Processing agents: the controller and the processor.

Processing: any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, control of information, modification, communication, transfer, dissemination, or extraction.

Anonymization: use of reasonable and available technical means at the time of processing through which data loses the possibility of being associated, directly or indirectly, with an individual.

Consent: free, informed, and unambiguous expression by which the data subject agrees to the processing of their personal data for a specific purpose.

Blocking: temporary suspension of any processing operation, with retention of the personal data or database.

Deletion: elimination of data or a set of data stored in a database, regardless of the method used.

International data transfer: transfer of personal data to a foreign country or international organization of which the country is a member.

Data sharing: communication, dissemination, international transfer, interconnection of personal data or shared processing of personal data databases by public entities, or between these and private entities, with specific authorization.

National Authority: public body responsible for ensuring, implementing, and overseeing compliance with this Law throughout the national territory.

2. DATA COLLECTED ON THE WEBSITE AND PURPOSES

To make a purchase: full name, CPF (Tax ID), phone number, email, full address, and financial data.

Purpose: The purpose is to provide a personalized and secure shopping experience for customers. Data is collected to manage commercial transactions properly and ensure efficient delivery of purchased products. Information such as full name and address allows the personalization of offers and promotions according to customer preferences. Contact data such as phone number and email are essential for communication between the store and the customer, including order status updates, product information, and exclusive promotions. The CPF is required for issuing invoices and ensuring transaction security. Financial data is used to process secure transactions, verify the buyer’s identity, prevent fraud, authorize product or service deliveries, process refunds, comply with security standards, facilitate recurring purchases, and personalize the user experience. We also use the data obtained on the site to contact the customer when necessary — for commercial matters, responses to inquiries, complaints, requests, statistics, marketing campaigns, and updates about products, events, or customer service communications.

Login area: full name and email.

Purpose: The collection of login information (full name, email) is mainly intended to ensure user security and unique identification in the system — to control access, protect personal data, secure communications, personalize the user experience, track activities, facilitate account recovery, and comply with privacy and security requirements.

Data collected during browsing: IP address, geolocation, information about the device used for browsing, items searched or viewed, view counts, user actions on the website, pages accessed, dates and times of each action, and Session ID.

Purpose: To display personalized ads, assist in diagnosing and resolving technical issues, develop new features, improve user experience, and enhance account protection, security levels, and fraud prevention.

3. DATA RETENTION PERIOD

The company uses Google Drive cloud storage services. Data will be stored for up to 12 months or as long as necessary to fulfill the purposes described in item 2 of this document. Users may exercise their rights under item 7 at any time.

4. SHARING OF PERSONAL DATA

There may be specific situations where data is shared with third-party marketing providers, always related to the purposes stated in item 2. Any sharing will comply with privacy laws and include mutual rights and obligations. We do not sell data and do not support that practice. Any sharing will strictly follow the LGPD’s provisions.

Regarding sharing with judicial, police, or governmental authorities, we inform that personal data may be provided in response to court orders, administrative requests, or legal and regulatory obligations, and to cooperate with investigations involving illegal behavior or cybercrimes.

5. SECURITY

We take all legally applicable measures under the LGPD to store your data securely and ensure the protection and privacy of your personal data using security protocols. The data and information collected are stored in a secure environment and can only be accessed by qualified and authorized personnel.

6. INTERNATIONAL DATA TRANSFER

We do not share your data internationally. However, some contracted service providers for server hosting or data management may use cloud storage outside the country. These companies are also required to comply with the LGPD and ensure adequate protection of your personal data.

7. YOUR RIGHTS AS A DATA SUBJECT

As a data subject, you have the following rights guaranteed by the LGPD (Art. 18): confirmation of the existence of data processing; access to data; correction of incomplete, inaccurate, or outdated data; anonymization, blocking, or deletion of unnecessary or excessive data processed in violation of this Law; data portability to another provider; deletion of data processed with consent; information about data sharing; information on the option to withhold consent and its consequences; and revocation of consent.

All requests will be processed free of charge and subject to prior verification of your identity and feasibility to ensure compliance with obligations that may prevent full satisfaction of data subject requests.

8. COOKIES

To offer you a better experience, we use cookies to make the platform’s operation more personalized for each user.

Definition: A cookie is a small file added to the user’s device to provide a customized platform experience. Cookies help analyze web traffic and let us know when a user has visited a specific site. A cookie does not grant access to a computer or reveal information beyond what the user chooses to share. Cookies are used to recommend products and offers based on navigation patterns. These recommendations are generated through algorithms and may not be exact, but aim to suggest relevant products without obligation.

This site uses Necessary Cookies, Session Cookies, Persistent Cookies, Web Beacons, Analytics, and Pixels, as described below.

Usage:

Category 1: Necessary Cookies

These cookies are used for essential website functionality, such as tracking active users and retention rates, enabling us to enhance the user experience.

Category 2: Session Cookies

Temporary cookies deleted when you close your browser. Example: performance cookies that help us understand how visitors interact with our site, providing insights into visited areas, time spent, and any issues encountered, helping us improve performance.

Category 3: Persistent Cookies

Persistent cookies are small text files stored on the user’s device for longer periods to provide a consistent experience across multiple visits.

Pixels: Pixels are JavaScript code snippets installed on websites or emails to track and collect user activity, identify navigation patterns, and optimize content goals.

Analytics tools: These tools collect information about how users visit our site, which pages they access, and other related browsing data.

Web Beacon: Invisible images embedded in web pages or emails to track user activity. They are used for performance analysis, content personalization, engagement measurement, email tracking, and integration with analytical tools.

HOW TO DISABLE COOKIES:

You can manage and disable cookies in your browser settings. You may configure your browser to warn you before accepting cookies or reject them entirely. Note that some cookies are necessary for site functionality. Check your browser’s “Help” section (e.g., Chrome, Firefox, Edge) for instructions. If you use multiple devices, adjust each browser’s cookie preferences individually.

PURPOSES OF COOKIE USE:

To display personalized ads.

To assist in diagnosing and resolving technical issues.

To develop new features and improve available services.

To perform analysis used to protect accounts, enhance security, and prevent possible fraud.

9. CHANGES TO THIS PRIVACY AND COOKIES NOTICE

Whenever relevant conditions of this Privacy and Cookies Notice are changed, the new version will become valid and binding upon publication.

10. COMMUNICATION CHANNEL

If you have any questions about this Privacy and Cookies Notice, even after reading it, or if you need to contact us regarding your personal data, you can do so through the following email: <contato@homeexpirence.com.br>.

Last updated: 03/08/2024.