Privacy Policies
1. Purpose
To establish guidelines and procedures for the Processing of Personal Data by Wurth Industry, ensuring compliance with the General Data Protection Law (Law No. 13,709/2018 – LGPD), information security, and respect for the privacy of Data Subjects.
2. Scope
This policy applies to all customers, users, suppliers, partners, and other third parties whose Personal Data are processed by Wurth Industry within the national territory. It also applies to employees involved in the activities of collecting, using, storing, sharing, and disposing of Personal Data.
3. Definitions
- National Data Protection Authority (ANPD): Public administration body responsible for overseeing, implementing, and enforcing compliance with the Brazilian General Data Protection Law (LGPD). Created by Provisional Measure No. 869/2018, the ANPD is linked to the Federal Executive Branch;
- Controller: Legal entity or individual responsible for making decisions regarding the Processing of Personal Data. Under this Policy, Wurth Industry acts as the Data Controller;
- Access Data: Information automatically collected through the use of and navigation on the Website, including IP address, date and time of access, actions performed, length of stay, device used, geolocation, and Cookies;
- Personal Data: Information related to an identified or identifiable natural person, including Access Data. Any data that, alone or in combination with others, can identify an individual;
- Data Protection Officer (DPO): Person appointed by the Controller to act as a communication channel between the Controller, the Data Subjects, and the ANPD;
- Applicable Data Protection Legislation: Set of rules that includes Law No. 13,709/2018 (LGPD), its amendments, and other regulations, guidelines, and codes of conduct issued by the ANPD or competent authorities;
- Processor: Natural person or legal entity that processes Personal Data on behalf of the Controller. Examples include suppliers, agencies, or partners contracted by the company;
- Data Subject: Natural person to whom the Personal Data subject to Processing relate, including customers, employees, service providers, and Website users;
- Processing: Any operation carried out with Personal Data, such as collection, storage, use, sharing, transfer, deletion, among others;
- Personal Data Breach: Any security incident that results in the destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data under the responsibility of the Company or its authorized partners.
4. Collection of Personal Data
Wurth Industry collects Personal Data in different contexts, including:
- Contracting and use of products and services;
- Browsing websites and portals;
- Registration in forms, newsletters, and relationship programs;
- Direct communication by telephone, e-mail, or messaging applications.
Collection may occur directly (provided by the Data Subject) or indirectly (automatically, via Cookies or access logs).
5. Categories of Data Collected
5.1 Data provided by the Data Subject
- Full name, marital status, CPF, RG, date of birth;
- Billing and delivery addresses;
- E-mail, telephone, and other contact details;
- Banking data, credit card, or proof of income;
5.2 Browsing and device data
- IP address, date and time of access;
- Referring URL and browsing history;
- Browser type and version, operating system, and device;
- Geolocation and cookies.
5.3 Public data
- Information made public by the Data Subject;
- Mentions, comments, and testimonials on social networks;
- Profile image and content made available on public channels.
6. Purposes of the Processing of Personal Data
Personal Data are used for:
- Provision of services and supply of products;
- Identity verification and authentication;
- Handling requests and inquiries;
- Communication via telephone, e-mail, SMS, WhatsApp, and other channels;
- Sending information, offers, campaigns, and promotional content;
- Development and improvement of products and services;
- Compliance with legal and regulatory obligations;
- Regular exercise of rights in administrative and judicial proceedings;
- Generation of internal reports, studies, and statistics.
Processing is always carried out based on legitimate, specific, and informed purposes, in compliance with the principles of the LGPD.
7. Data Retention and Storage
Personal Data will be stored in a secure and controlled manner while there is an active relationship with the Data Subject (active customer or prospect). After the end of the relationship, the data may be retained for the period necessary to comply with legal and regulatory obligations or for the regular exercise of rights. In the event of a deletion request, the maximum time for fulfillment will be 15 (fifteen) business days, subject to the legal exceptions provided by law.
8. Sharing of Personal Data
Personal Data may be shared with:
- Technology, communication, and marketing service providers;
- Customer service providers;
- Financial institutions and payment processors;
- Public authorities and regulatory bodies, when required by law.
All contracted third parties are required to comply with this Policy and the Applicable Data Protection Legislation, through contractual confidentiality and information security clauses.
9. Data Subject Rights
The Data Subject may exercise, at any time, the following rights:
Controller: Legal entity or individual responsible for making decisions regarding the Processing of Personal Data. Under this Policy, Wurth Industry acts as the Data Controller;
- Confirmation of the existence of processing and access to the processed Personal Data;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymization, blocking, or deletion of unnecessary data;
- Data portability to another service provider;
- Withdrawal of consent;
- Information about data sharing;
- Objection to processing carried out unlawfully;
- Deletion of Personal Data processed based on consent;
- Review of automated decisions;
- Filing a complaint with the National Data Protection Authority (ANPD).
Requests must be sent to the Data Protection Officer (DPO) at: privacidade@wurthindustry.com.br.
Identity confirmation may be required as a security and fraud-prevention measure.
10. Responsibilities
10.1 Employees:
- Process Personal Data only in accordance with this Policy;
- Maintain confidentiality of the information accessed;
- Immediately report security incidents to the IT/IS department.
10.2 IT and Information Security Team:
- Ensure technical and administrative protection measures;
- Implement access controls and secure storage;
- Oversee audits and compliance with the LGPD.
10.3 Data Protection Officer (DPO):
- Act as a communication channel with Data Subjects and the ANPD;
- Monitor compliance with this Policy;
- Advise internal departments on privacy and data protection best practices.
11. Activity Logging and Cookies
Wurth Industry may record activities performed by users while using its portals/systems, generating Access Data. Cookies and similar technologies, whether first-party or third-party, may be used for monitoring purposes and to personalize the user experience. Cookies temporarily store information about browsing, enabling proper website functionality and continuous improvement of the services provided. The use of third-party Cookies follows the privacy policies of their respective providers.
Cookies are used for:
- Access authentication and information security;
- Personalization of the browsing experience;
- Performance measurement and traffic analysis;
- Advertising and recommendations;
- Studies and performance improvements of products and services.
Users may, at any time, configure their browser to block or delete Cookies. In this case, some website features may be limited.
12. International Data Transfer
Wurth Industry may transfer part or all of the Personal Data abroad when they are stored on cloud computing servers located outside Brazil. Such transfers are carried out in accordance with the Data Subject’s rights and the data protection regime set forth in the Applicable Data Protection Legislation. We also adopt best security and privacy practices to ensure the integrity and confidentiality of your Personal Data.
13. Information Security
Wurth Industry adopts technical and administrative measures in line with market best practices to protect the Personal Data under its control. These measures include access controls, encryption, password policies, secure backups, periodic audits, and continuous incident monitoring.
The Data Subject is responsible for keeping their website login and password confidential. In the event of suspected misuse, the Data Subject must immediately contact the official support channel and change their access password.
The technical protection of Personal Data is governed by the Information Security Policy (DC 14.01), which establishes the applicable security controls and standards.
14. Consent
Certain Personal Data will only be collected or processed with the Data Subject’s explicit consent. By accepting this Policy, the Data Subject authorizes the Processing of their data for the purposes described herein. Consent may be withdrawn at any time, as provided under the LGPD, without affecting the lawfulness of the Processing previously carried out.
15. Compliance and Enforcement
Failure to comply with this Policy will be considered a serious violation of information security and privacy and may result in:
- Internal disciplinary actions;
- Blocking of access to corporate systems;
- Civil, administrative, or criminal liability, in accordance with applicable law.
The Würth Industrie Service GmbH & Co. KG collects and processes the personal data provided in the form in order to process the requested request for you. Please note the mandatory fields in the forms. The legal basis for this processing, the absolutely necessary data, is Art. 6 para. 1 lit. b DSGVO, implementation of a pre-contractual measure. The processing of data voluntarily provided by you is carried out on the basis of Art. 6 para. 1 lit. f DSGVO. Thereafter, processing is permissible which is necessary to safeguard our legitimate interests. Our legitimate interest is to have contact with you, our customers, to improve our consulting quality and to be able to contact you more easily in case of possible queries. The data collected will only be stored by us for as long as is necessary to process your enquiry and to contact you. They are then deleted.
Supplementary data protection information, in particular regarding your rights to information, correction, deletion, restriction of processing, objection and complaint, can be found in our data protection declaration.