MEISTRARI - Privacy Policy Form

We at MEISTRARI DESENVOLVIMENTO DE SOFTWARE LTDA (“MEISTRARI”), a company headquartered at Alameda Ministro Rocha de Azevedo 599, apt 11, respect and care for the privacy of Personal Data Holders, always striving to be transparent and provide clear information about the Processing of Personal Data. The Processing of your Personal Data aims, first and foremost, to provide better and more personalized service, taking into account the specific conditions of each User. The more the User interacts with us, the more they inform us, and the more capable we are of offering personalized services.

As Users contact us, register, access, and use Tela, personal information about the User may be collected and processed. This Privacy Policy describes the types of Personal Data we may receive about the User, how we may use it, with whom we may share it, how we protect and keep it secure, and your rights regarding your Personal Data. Therefore, this Privacy Policy provides an overview of the situations through which we may interact. This Privacy Policy is an integral and inseparable part of the Terms and Conditions of Use of Tela (“Terms of Use”), available at the link https://tela.com/terms-of-use.

1. DEFINITIONS

1.1 Terms capitalized will have their meaning defined according to the Terms of Use or applicable legislation. Below are some definitions used throughout this Privacy Policy:

“User” or “You”: any person, whether a legal entity or an individual accessing Tela on behalf of a legal entity, who inputs Personal Data into Tela by adhering to the Terms of Use and this Privacy Policy;
“Client”: companies that hire and use Tela and the Product, sharing Anonymized Data of their employees, which will later be integrated into the Product;
“Tela”: website https://tela.com in addition to any applications, widgets, software, tools, and other services offered by MEISTRARI to make the Product available;
“Product”: solution, accessed through Tela.
“Terms of Use”: General Terms and Conditions of Use of the Product available at the link https://tela.com/terms-of-use;
“Personal Data”: data that identifies or makes an individual identifiable;
“Sensitive Personal Data”: Personal Data about racial or ethnic origin, religious belief, political opinion, union membership or membership in a religious, philosophical, or political organization, data concerning health or sexual life, genetic or biometric data when linked to an individual;
“Anonymized Data”: any data related to a Data Subject that cannot be identified, considering the use of reasonable and available technical means at the time of its Processing;
“Controller”: individual or legal entity responsible for decisions regarding the Processing of Personal Data;
“Independent Controllers”: two or more individuals or legal entities with decision-making power over the Processing of Personal Data, where each Controller separately and independently defines the purposes and mode of Processing, each being responsible for the Processing carried out within their scope of action;
“Processor”: individual or legal entity that processes Personal Data on behalf of the Controller;
“Cookies”: browsing files that temporarily store what the User is visiting on a particular website or application;
“Data Subject”: individual to whom the Personal Data being processed refers;
“Processing”: any operation or set of operations performed on Personal Data or sets of Personal Data, whether by automated means or not, such as, but not limited to, collection, use, access, organization, consultation, production, alteration, reception, classification, utilization, reproduction, communication, transmission, distribution, processing, archiving, recording, structuring, storage, adaptation, retrieval, transfer, availability, combination, restriction, elimination, evaluation or control, modification, deletion, or extraction;
“Data Protection Legislation”: while in force, the General Data Protection Law (Law No. 13.709/2018 or “LGPD”), its subsequent amendments, and any other laws and regulations regarding the Processing, protection, and privacy of Data that are applicable and, if applicable, all guidelines, standards, rules, ordinances, regulations, and codes of practice and conduct issued by the National Data Protection Authority (“ANPD”) or other relevant supervisory or data protection authority.
“Personal Data Breach”: information security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data transmitted, stored, or otherwise Processed by MEISTRARI or an authorized subcontractor;
“Consent”: free, informed, and unequivocal expression by which an individual agrees to the Processing of their Personal Data for a specific purpose.

2. WHAT DATA IS COLLECTED?

2.1 Collected data and data sets. MEISTRARI collects and processes various types of Personal Data when Users access, register, and use Tela according to Tela's functionalities. Some of this data is (i) automatically collected by Us (such as information collected from the device used to access Tela; geolocation information; access logs, Tela usage information, Cookie information or similar technologies, statistical information, and aggregated data), (ii) provided directly by Users (such as registration and identification data, information entered by Users in Tela, and information shared by Users when contacting us or interacting with other Users), and (iii) others provided to Us by third parties, such as employee names for service provision, always in compliance with Data Protection Legislation. See here the Personal Data we collect:

Data Group	Data Subject	How it is collected	What data is collected and processed
Access Records	User	Automatic collection of all Users accessing Tela	IP address, date and time of access, precise or approximate geolocation, GPS data, access log, browser type, device type, hardware model, network data, operating system, and browser used.
Registration Data	User	Data provided by the Data Subject to create an account on Tela.	Full name, position, phone number, email, and password.
Data on Tela usage	User	Automatically collected by MEISTRARI from the User's use of Tela.	Access history, accessed content, access duration, session, interaction history with Tela and other Users, preferences and settings activated for your account, Tela functionalities used or pages viewed, Tela failures, and other system activities and third-party sites or services used by the User before using Tela.
Data collected through Cookies and similar technologies	User	Automatically collected by MEISTRARI from the User's use of Tela.	MEISTRARI may use Cookies and electronic device identifiers (such as SDKs, web beacons, among others) when the User uses Tela. These technologies allow statistical analysis of the use of a particular application, offering or developing functionalities, but can also allow the identification of devices, browsers, and User profiles.
Data provided by Clients	User	Product: data provided anonymously by Clients when integrating, inputting, or sending their employees' data into Tela.

3. HOW IS THE DATA USED?

3.1 MEISTRARI will use the Personal Data described in the above item for the following purposes and according to the applicable legal basis:

Purpose	Explanation
Identification and creation of access account to Tela	MEISTRARI will use User Data to identify, authenticate, and individualize them on Tela, generating their access credentials and profile on Tela.
Provision and maintenance of the Product and Tela	MEISTRARI may use User Data to make Tela and the Product available, provide, and maintain them.
Improvement and protection of Tela	MEISTRARI may use IP Data, geolocation, and other Access Records to detect possible fraud and security incidents on Tela. Additionally, MEISTRARI may use browser navigation data to improve the User experience and access logs to detect errors on Tela.
Problem resolution or request handling	MEISTRARI, whenever requested or aware of any technical problem on Tela, may use User data to identify, address, and correct the problem or to fulfill other requests made by the User regarding Tela or services provided by MEISTRARI.
Commercial communications and service offerings by MEISTRARI itself	MEISTRARI may use User Data to display advertisements on Tela or otherwise inform them about other products and services offered by MEISTRARI itself, information, news, content, partnerships, and other relevant events about MEISTRARI products and services when it believes such offers may be of interest to the User (“Newsletter and Commercial Communications”).
Generation of intelligence related to MEISTRARI services	MEISTRARI may use Personal Data to generate aggregated and anonymous statistical analyses and reports on the operation and performance of Tela and the Product, for the benefit of MEISTRARI, Clients, other Users, or third parties, conduct satisfaction surveys on Tela and the Product, generate new products, businesses, or market intelligence.
Compliance with MEISTRARI's legal or regulatory obligations	MEISTRARI will process certain User Personal Data to comply with its legal and/or regulatory obligations. These obligations may include, for example, tax and fiscal obligations, obligations regarding the maintenance of technical records, documentation of contracted services, accountability, among others.
Administrative, judicial, extrajudicial, or arbitral defense of MEISTRARI's interests and rights	MEISTRARI may use User Personal Data to exercise its own rights and/or defend its rights and interests before the User or third parties. This may include extrajudicial negotiations between the parties, judicial or arbitral proceedings, administrative procedures, among others.

4. HOW WE STORE THE COLLECTED INFORMATION

4.1 Security. MEISTRARI will do everything possible to keep Personal Data always secure and will adopt security and protection measures, both technical and administrative, compatible with the nature of the Data collected, used, stored, or otherwise Processed by MEISTRARI, in accordance with appropriate market practices.

4.1.1 Exceptions. However, no method of electronic data transmission or retention is fully secure and may be subject to external attacks. Thus, MEISTRARI cannot guarantee that such security measures are error-free or not subject to third-party interference (hackers, among others). By its nature, despite MEISTRARI's best efforts, any security measure may fail, and any Data may become public. BY USING Tela, USERS EXPRESSLY UNDERSTAND AND ASSUME THIS RISK AND AGREE THAT MEISTRARI WILL NOT BE RESPONSIBLE FOR SUCH TYPE OF LEAKAGE OR UNAUTHORIZED ACCESS TO DATA.

4.1.2 The above-described security measures apply to User Data only from the moment MEISTRARI receives them and while they are under its custody. The operation and security of the device Users use to access Tela, as well as third-party networks through which data travels, are not the responsibility of MEISTRARI.

4.2 Servers. For as long as Users keep their account on Tela active, all collected information will be stored with a high-security standard on MEISTRARI's or third-party servers, located in Brazil and/or abroad. The User is hereby aware that MEISTRARI may store their Personal Data on servers outside Brazil and/or use service providers not located in Brazilian territory. In such cases, MEISTRARI will observe the legal requirements for such international transfers, ensuring the same level of security applied to Processing carried out in Brazilian territory.

4.3 Storage period. Personal Data will be retained as long as necessary for the purposes listed in this Privacy Policy. MEISTRARI adopts controls to ensure that Data is retained only as long as it is indeed necessary, being discarded whenever the Processing is terminated or no legal retention hypothesis applies. In addition to the provisions, data may eventually be retained for a longer period when necessary to comply with legal/regulatory obligations.

4.4 Data deletion. When we no longer need to use Personal Data, it will be removed from our systems and records or anonymized so that MEISTRARI can no longer be identified from this data, at MEISTRARI's sole discretion. MEISTRARI may retain some Personal Data to comply with legal or regulatory obligations, as well as to allow and ensure the regular exercise of our rights (for example, in judicial, administrative, or arbitral proceedings). For audit, security, fraud control, and rights preservation purposes, MEISTRARI may retain the historical record of Personal Data for a longer period in cases where the law or regulatory norm so establishes or for rights preservation.

4.5 LIMITATION OF LIABILITY. NOTHING IN THIS PRIVACY POLICY IS INTENDED TO EXCLUDE OR LIMIT ANY CONDITION, WARRANTY, RIGHT, OR LIABILITY THAT CANNOT BE LEGALLY EXCLUDED OR LIMITED. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR CONDITIONS OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR LOSS AND DAMAGE. CONSEQUENTLY, ONLY THE LIMITATIONS THAT ARE PERMITTED BY LAW IN YOUR JURISDICTION WILL APPLY TO YOU. IN CASES WHERE EXCLUSION OF LIABILITY IS NOT POSSIBLE, BUT LIMITATION OF LIABILITY IS LEGALLY APPLICABLE, MEISTRARI'S TOTAL LIABILITY WILL BE LIMITED TO R$ 1,000.00.

5. RIGHTS OF DATA SUBJECTS

5.1 MEISTRARI provides tools for Data Subjects to exercise their legal rights over their Personal Data. In this item, we will describe these rights and how Data Subjects can exercise them.

Confirmation of processing existence: Data Subjects can confirm whether MEISTRARI is Processing their Personal Data;
Access to Personal Data: Data Subjects can access their Personal Data, including requesting a copy of the Processed Data;
Correction of incomplete, inaccurate, or outdated Data: Data Subjects can request the alteration or correction of their incorrect Personal Data;
Anonymization, blocking, or deletion: Data Subjects can request the anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data with Data Protection Legislation;
Portability. Data Subjects can request the portability of their Data by requesting it through the contact channels indicated in this Privacy Policy;
Deletion of Personal Data. Data Subjects can request the deletion of their Personal Data processed by MEISTRARI when collected and processed based on their consent, through Tela itself or by requesting it through the contact channels indicated in this Privacy Policy;
Information about sharing. Data Subjects can request information about which public and private entities MEISTRARI has shared their Personal Data with, under the terms of this Privacy Policy;
Information about the possibility of not consenting. Data Subjects receive through this Privacy Policy and can request, through the contact channels, information about the possibility of not consenting to the Processing of Personal Data and its potential consequences, including the impossibility of MEISTRARI providing services;
Revocation of Consent. Data Subjects can, at any time and at their discretion, revoke the Consent previously provided for the Processing of Personal Data, with the treatments carried out based on it until that moment remaining valid.

5.2 Exercise of rights. The rights mentioned above and others provided by applicable legislation can be exercised by the Data Subject directly through Tela, according to the functionalities made available on it (such as tools for accessing and editing Personal Data) or by requesting it via email privacy@tela.com. MEISTRARI reserves the right to request information or documents to verify the applicant's claims.

5.3 Consequences of data deletion. It is important to note that, in some cases, by complying with deletion requests, MEISTRARI may be unable to provide its services. Thus, the request for deletion of Personal Data will result in the immediate deactivation of the User's account on Tela, with the permanent loss of any such Data entered into Tela. After the deletion of this Personal Data, MEISTRARI may continue to use it in a non-individualized and anonymized manner, i.e., without any personal identification, for the purposes provided in this Privacy Policy.

5.4 Data retention. MEISTRARI may retain the Personal Data of certain Users for a period longer than the legal retention period, in compliance with possible orders from public authorities, to defend itself in judicial and/or administrative proceedings, and in cases where Personal Data has been duly anonymized.

IN COMPLIANCE WITH APPLICABLE LEGISLATION OR COURT ORDER, MEISTRARI MAY RETAIN CERTAIN PERSONAL DATA FOR A PERIOD NOT LESS THAN 6 (SIX) MONTHS AFTER YOUR DELETION REQUEST. SUCH DATA WILL NOT BE ANONYMIZED OR DESTROYED BY MEISTRARI BEFORE THE END OF THIS PERIOD. MEISTRARI WILL STORE YOUR DELETION REQUEST AND, OBSERVING THE LEGAL MANDATORY RETENTION PERIOD OF CERTAIN DATA, WILL PROVIDE FOR THE DESTRUCTION OR ANONYMIZATION, AT MEISTRARI'S SOLE DISCRETION, OF INFORMATION CAPABLE OF IDENTIFYING THE USER.

IF THE USER REQUESTS THE DELETION OF THEIR INFORMATION BUT STILL HAS ANY PENDING OBLIGATION WITH MEISTRARI, THEIR INFORMATION WILL NOT BE DELETED AND WILL REMAIN STORED TO ENABLE THE RESOLUTION OF THE PENDING ISSUE AND THE ADOPTION OF APPROPRIATE MEASURES.

5.5 Failure to provide consent in cases where it is necessary may prevent MEISTRARI from providing its services or certain functionalities of Tela from being used by the User.

6. CONTACT WITH MEISTRARI

6.1 In case of doubt, suggestions, complaints, or clarifications about this Privacy Policy or the Processing of Personal Data by MEISTRARI, or to request the exercise of any of the rights described in this Privacy Policy or Data Protection Legislation, the User can contact MEISTRARI via email: privacy@tela.com. MEISTRARI will be pleased to clarify any doubts and/or fulfill your request.

7. DATA SHARING WITH THIRD PARTIES

7.1 Processing Operators. MEISTRARI may hire third parties to assist in providing its services, such as cloud storage servers and payment processing platforms. Currently, MEISTRARI shares its Data with infrastructure providers (servers, hosting, and cloud services) for the proper functioning of Tela, IT service providers, and partners related to payment processing, which may be replaced at any time, provided that adequate data security and confidentiality standards are maintained. MEISTRARI, as the Data Controller, will require such partner Operators to maintain adequate security and confidentiality levels.

7.2 Third-Party Services. During the use of Tela, Users may use other services, channels, products, and platforms provided, maintained, and/or operated by third parties, used as channels or support means for services provided by MEISTRARI, but without any relation to MEISTRARI (“Third-Party Services”). These Third-Party Services may include, for example, payment platforms, file-sharing tools, among others. When MEISTRARI services use such Third-Party Services, the Processing of Personal Data will also be subject, in addition to this Privacy Policy, to the privacy policies and terms of use of such Third-Party Services, over which MEISTRARI has no control or influence. In this case, MEISTRARI and this third party will be Independent Controllers of Personal Data, each being responsible for the Processing of Personal Data carried out within their scope of action. Concerning MEISTRARI, even when Personal Data is received by such Third-Party Services, such Personal Data will always be processed in accordance with this Privacy Policy. However, we encourage the User to inform themselves about the policies applicable to such Third-Party Services, as MEISTRARI has no influence over the relationship between the User and such Third Parties and is not responsible for the use made by such Third Parties of the User's Personal Data entered by the Users into the Third-Party Services.

7.3 Other Third Parties. In addition to the cases already mentioned in this Privacy Policy, Personal Data may also be transferred to third parties, including as Controllers, in the following cases:

7.3.1 New Businesses. There may be a transfer of Personal Data to and among MEISTRARI affiliates and/or in the context of acquisition, sale, merger, corporate reorganization, or any other corporate change of MEISTRARI. In this case, MEISTRARI will ensure that the person, whether individual or legal entity, who comes to access or assume control over the Processed Data, under the terms of this Privacy Policy, is also bound by it, ensuring the continuity of Personal Data protection, and notifying Users in advance if this transfer implies any change in the Privacy Policy.
7.3.2 Regular exercise of rights through administrative, judicial, or extra- judicial means. MEISTRARI may share Personal Data with third parties such as law firms, consultancies, collection companies, accounting firms, and similar entities, for the purpose of exercising its own rights or ensuring compliance and enforcement of this Privacy Policy and the Terms of Use.
7.3.3 Judicial or Administrative Request. MEISTRARI may share Personal Data in case of judicial or administrative request.
7.3.4 Compliance with legal or regulatory obligation. MEISTRARI may share Personal Data with bodies, authorities, and other public entities, as well as with private individuals or legal entities, in compliance with legal or regulatory obligations.
7.3.5 With the User's authorization. In other cases, if there is a need to share information, we will send the User a notification requesting their Consent.

7.4 Legal basis for sharing. The sharing of Data with such third parties will always be carried out with the User's Consent or (i) for the regular exercise of MEISTRARI's rights, (ii) to comply with legal obligations, (iii) for the execution of a contract, or (iv) for MEISTRARI's legitimate interest (in this last case, not including the User's Sensitive Data), or any other applicable legal basis.

8. INTERNATIONAL TRANSFERS

8.1 To optimize the efficiency, performance, and security of Tela, MEISTRARI may use a global technical infrastructure and have service providers not only in Brazil but also abroad. Therefore, your Personal Data, including Sensitive Personal Data, may be transferred to other countries for data Processing and storage, in accordance with the terms and purposes defined in this Privacy Policy, as well as to provide the services requested by You. MEISTRARI may transfer your Personal Data to service providers who will process Personal Data on behalf of MEISTRARI and according to our instructions.

8.2 Privacy and data protection laws vary from country to country, and data protection standards in other countries may differ from those in Brazil. Nonetheless, MEISTRARI will make every effort to ensure the level of data protection informed in the Privacy Policy, in accordance with applicable laws.

9. COOKIES

9.1 MEISTRARI may use Cookies and similar technologies, such as pixels and tags, to ensure that the services provided meet quality standards. Cookies collect only statistics and will not be used for purposes other than those expressly provided in this Privacy Policy.

9.2 What are Cookies and what are they for? A Cookie is a small file added to your device or computer to provide a personalized access experience to Tela. MEISTRARI may use Cookies:

9.2.1 Necessary: Cookies that enable the use of Tela and without which Tela may not function properly. As these Cookies are necessary, they are used based on the execution of the contract between MEISTRARI and the User.
9.2.2 Functional: Cookies that enable additional functions or serve to enable access to certain specific sections of Tela. The use of such Cookies is not absolutely necessary for the use of the service, but if you choose to disable them, the User may have reduced functionalities, so the use of these Cookies is based on your consent when activating such functions.
9.2.3 Performance: Cookies used to measure and improve the performance of a specific web page and specific content contained on the page.
9.2.4 Third-Party Cookies: Tela uses plugins from third-party sites, applications, and other services. The Cookies used by these third parties may be stored in the User's browser. Each third-party site has its own privacy and personal data protection policy, and the individuals or legal entities that maintain them are responsible for the Data collected and the privacy practices adopted. The User can search, on third-party sites, for information on how their Personal Data is Processed. MEISTRARI HAS NO CONTROL OR INFLUENCE OVER THESE THIRD-PARTY SITES AND WILL NOT BE RESPONSIBLE FOR THE CONTENTS, PRACTICES, AND SERVICES OFFERED BY ANY THIRD PARTIES, NOR FOR THE TREATMENT GIVEN TO YOUR PERSONAL DATA BY THESE SITES, EVEN WHEN THE LINKS ARE PRESENT ON Tela.

9.3 Is it possible to limit the use of Cookies? Browsers generally allow the collection of Cookies to be disabled, so if You do not change the Cookie collection policies of your browser, the User can object to such Processing by adjusting their browser settings to reject Cookies.

10. USER RESPONSIBILITY IN PROTECTING THEIR DATA

10.1 Notwithstanding our efforts to keep Personal Data confidential, according to the terms of this Privacy Policy, it is the responsibility of each User to keep their login and password for accessing their account on Tela secure and confidential.

10.2 If the User believes that their login and password for accessing their account on Tela have been improperly accessed by third parties or are known to other unauthorized persons, for any reason, the User should immediately notify MEISTRARI via email privacy@tela.com, without prejudice to the immediate password change through Tela by the User.

11. PRIVACY POLICY UPDATES

11.1 MEISTRARI may, at any time, change this Privacy Policy at its sole discretion. Any changes will be informed, 30 (thirty) days in advance, through Tela itself and/or the email provided by the User and/or we will highlight these changes at the top of these Terms of Use and provide, for a reasonable period, a highlighted link to such changes. The User should check this page and review this Privacy Policy periodically to ensure they agree with the modifications.

11.2 Except when express Consent is mandatory, if the User continues to use Tela and/or does not object to the changes and new terms informed by MEISTRARI after 30 (thirty) days from the disclosure of the new version of the Privacy Policy, it will be understood that they are fully aware and agree with the new terms applicable to the Processing of Personal Data. If the User does not agree with the changes to the Privacy Policy, they should refrain from using Tela, and may request the cancellation of their account, in accordance with the Terms of Use.

MEISTRARI
Date of Last Update: 01/15/2025

Contact:
- Email: privacy@tela.com
- Address: Alameda Ministro Rocha de Azevedo 599, apt 11