Página Inicial Oi Melvin

Página Inicial Oi Melvin

Privacy Policy

Last updated 06/03/2025

This Privacy Policy will help you better understand how we collect, use and share your personal information.

Introduction

At MELVIN SOLUÇÕES EM SOFTWARE LTDA (“Melvin”) and MANUTENÇÃO EM AÇÃO ENSINO DE GESTÃO DE MANUTENÇÃO INDUSTRIAL LTDA (“Maintenance in Action”), together referred to here as “Melvin and Maintenance in Action”, privacy and data protection are priorities. We know how important it is for you to understand how your information is handled, and we want to ensure total transparency in this process.

That’s why we present our Privacy and Personal Data Protection Policy. Here, we explain in a clear, objective and accessible way how we collect, use, store and protect your data when you interact with our services, whether on the websites, the platform or any other channel.

We are committed to the best data protection practices and strictly follow the General Data Protection Act (LGPD – Law No. 13,709/18), the General Data Protection Regulation (GDPR) and the applicable ISO standards. In this way, we ensure that your rights are always respected.

Definitions: speaking the same language

To ensure that this Policy is clear and understandable to you, we have put together some essential concepts here:

  1. ANPD (National Data Protection Authority): government institution responsible for overseeing and regulating compliance with the General Data Protection Law in Brazil.
  2. Processing Agents: your personal data can be processed by two types of agent: the controller, who makes the decisions, and the operator, who only processes the data in accordance with the instructions given by the controller. We can explain it better like this: when you buy a course from Manutenção em Ação, we contract a platform to offer you that course according to our guidelines. In this scenario, Manutenção em Ação is the controller and the platform is the operator.
  3. Personal data: all the information that allows us to identify who you are. For example: your name, social security number and e-mail address (but there are others!).
  4. Sensitive Personal Data: personal data that requires a higher level of protection because it reveals intimate information and can expose its owners to discrimination. Examples: race, sexual orientation, religion, health information or even biometrics. We do not currently process this type of data. However, should this occur under any circumstances, we will apply all the technical and organizational measures necessary to guarantee the maximum security and confidentiality of this information.
  5. DPO: person appointed to act as a communication channel between Melvin and Maintenance in Action, the data subjects and the ANPD.
  6. LGPD (General Data Protection Law): this is the law that gives instructions on how to handle personal data properly.
  7. Data subject: the person to whom the personal data refers, i.e. you, the customer, or our supplier.
  8. Processing: any operation carried out with personal data, including collection, storage, sharing and deletion. To help you understand this better, let’s give you an example: when you enter our website, you can contact us by filling in a few details such as your name, e-mail address and cell phone number. All the activities we do with this data that you have provided us with are processing of personal data, such as copying, sharing, deleting and archiving.

 

What data do we use?

When you interact with Melvin e Manutenção em Ação, whether by accessing our website, using our products and services or contacting our team, some personal data may be collected.

This data can be provided directly by you, captured automatically by your device or even obtained from reliable third-party sources.

The amount and type of data collected varies according to the context of your relationship with us. To ensure full transparency, we detail in this Policy the main forms of collection and the purposes for which we use this information:

  • Personal data provided by you when contracting products and services or in simulations during the proposal phase: some identification and contact data, such as name, CPF, CNPJ, address, e-mail, telephone, job title, photo and signature.
  • Personal data collected automatically: characteristics of the access device and browser; the way you connected with us, with IP address, date, time and origin; and cookies.
  • Personal data from trusted third parties: we do not currently collect personal data from third parties. However, in the future, we may obtain information from strategic partners to improve our services and make your experience even better. Should we collect this data, we guarantee that it will be done responsibly, securely and in compliance with applicable legislation. The data received will always be limited to what is necessary for the specific purpose and protected with appropriate security measures.

In compliance with the principle of data minimization established by the LGPD (art. 6, III), GDPR (art. 5, 1, c) and ISO standards, we collect only the data that is strictly necessary to achieve the purposes stated in this Policy. In addition, we periodically review the data stored to ensure that it is not kept beyond what is necessary.

Be careful when sharing your data

To guarantee your privacy and security, we ask that you share with us only the personal data that is strictly necessary to fulfill your request. In the case of free-text fields such as contact forms, please avoid entering sensitive information such as passwords, official documents or any other data that is not essential for your interaction with us. We follow the best data protection practices, but we emphasize that the responsibility for the content sent also lies with the data subject.

What do we use your data for?

We want you to know exactly why and for what purpose we process your personal data:

  • Formalize and manage contracts signed with you or your company;
  • Processing payments, issuing invoices and collecting payments;
  • Manage your registration and guarantee the correct provision of our services and products;
  • Providing technical and operational support, answering requests and answering questions;
  • Verify your identity and prevent fraud, ensuring greater security in your interaction with us;
  • To protect you and our company from unauthorized access, fraudulent activity or security breaches;
  • Authenticating users on our systems and digital platforms;
  • To personalize and improve your experience when accessing our services and platforms;
  • Collect feedback and carry out satisfaction surveys to improve our products and services;
  • Adjusting the functionality and design of our websites, applications and other platforms to make them more intuitive and efficient;
  • Send institutional information and updates on our services;
  • Respond to complaints, requests and support requests quickly and efficiently;
  • Facilitate contact through our service channels;
  • Meet the requirements of laws, regulations and standards applicable to our sector;
  • Complying with orders from administrative, regulatory or judicial authorities;
  • Keeping the necessary records and evidence for audits and inspections by the competent bodies;
  • Meeting accounting, fiscal and tax requirements.
  • Offering products, services and content more in line with their interests and needs;
  • Carrying out promotional campaigns and targeted marketing actions, when agreed;
  • Make personalized recommendations based on your profile and previous interactions.
  • Analyzing data to improve our solutions, optimizing their usability and security;
  • Identify navigation patterns and interactions to improve the user experience;
  • Testing new features and continually improving our services;
  • Update your registration and keep your information correct and complete;
  • Conducting internal and external audits to ensure compliance with standards and good practices;
  • Ensuring the proper functioning and maintenance of our systems and databases.

Whenever possible, we apply anonymization techniques to minimize risks to the privacy of data subjects, especially when the data does not need to be directly associated with an identifiable person.

Legal basis for data processing

According to the LGPD, all processing of personal data must be based on one of the legal hypotheses set out in Article 7 of the law. Melvin and Manutenção em Ação use the following legal bases to process your data:

  • Contract performance: to provide our services and fulfill contractual obligations with our customers, suppliers and partners.
  • Compliance with legal or regulatory obligation: to meet fiscal, tax, regulatory and other legal obligations.
  • Consent: for sending marketing communications and promotional campaigns, when necessary.

In cases where processing is based on consent, you can revoke it at any time, without prejudice to the lawfulness of the processing carried out prior to the revocation.

Regulatory, Legal and Business Obligations

Melvin and Manutenção em Ação determine and document their regulatory, legal and business obligations related to the processing of personal data, ensuring compliance with the General Data Protection Law (LGPD – Law No. 13,709/2018) and other applicable standards.

These obligations include:

  1. Regulatory Obligations
    These are those imposed by regulatory bodies, such as the National Data Protection Authority (ANPD), which oversees and regulates the processing of personal data in Brazil. Our main obligations include:

    • Response to requests from data subjects: we guarantee that data subjects can exercise their rights under the LGPD, such as access, correction, anonymization or deletion of their data, within a maximum period of 15 days (§3 of art. 19 of the LGPD).
    • Data Protection Impact Report (DPR): if/when we carry out high-risk operations with personal data, we prepare an Impact Report as required by the ANPD (art. 38 of the LGPD).
    • Notification of security incidents: in the event of a personal data breach that may cause damage to data subjects, we notify the ANPD and the affected data subjects as soon as possible and adopt corrective measures (art. 48 of the LGPD).
  2. Legal Obligations
    These are requirements established by Brazilian and international laws applicable to the processing of personal data. Our main legal obligations include:

    1. Mandatory data retention:
      • Tax and financial data must be stored for at least 5 years to comply with tax legislation (art. 173 of the National Tax Code).
      • Records of access to internet applications (such as system access logs) are stored for 6 months as required by the Brazilian Civil Rights Framework for the Internet (Art. 15 of Law No. 12,965/2014).
    2. Providing data to authorities:
      • In the event of a court order or legal request from competent authorities (e.g. Internal Revenue Service, Public Prosecutor’s Office), we may be obliged to provide specific information, always guaranteeing the security and minimization of the data shared.
    3. Consent and legal basis for treatment:
      • All data processing carried out by us is based on a legal basis under the LGPD, such as performance of a contract (Art. 7, V) or compliance with a legal obligation (Art. 7, II), as applicable.
  3. Business Obligations
    In addition to regulatory and legal requirements, we have adopted governance practices to ensure the protection and privacy of personal data, including:

    • Consent management: we provide means for holders to consult, revoke or modify their consent at any time.
    • Contract with suppliers: wherever possible, we require all suppliers and partners who process personal data on our behalf to sign data protection and information security commitments, ensuring that they adhere to the same security and privacy standards as Melvin and Maintenance in Action.
    • Training and awareness: all our employees and service providers receive ongoing training on data protection and good information security practices.
  4. Privacy Risk Management
    As part of our commitment to compliance, we apply an ongoing privacy and information security risk assessment process, following the guidelines of ISO/IEC 27701 and the ANPD Data Governance Regulation. This process allows us to identify, monitor and mitigate risks related to the processing of personal data, ensuring preventive and corrective measures to strengthen our protection and compliance.

Storage and deletion

You have already understood that the security and protection of your personal data are priorities for Melvin and Manutenção em Ação. That’s why we adopt strict storage practices, using technologies and security measures recognized by the market, in line with best practices and the requirements of applicable legislation.

The personal data collected is stored securely in controlled environments, with restricted and monitored access. We have implemented appropriate technical and organizational measures to prevent unauthorized access, loss, destruction, alteration, disclosure or any form of inappropriate or unlawful processing.

Personal data is stored for the time necessary to fulfill the purposes stated in the sections above or for as long as there is a legal justification for processing it. As a rule, we keep data for a minimum period of 5 (five) years, as required by regulatory standards and to guarantee the regular exercise of rights in judicial and administrative proceedings. However, this period may vary depending on the nature of the data, specific legal requirements or the need to retain it to defend the company’s legitimate interests.

Data processed on the basis of consent will be stored until the data subject requests its deletion or after a period of 12 months without interaction with us. For data collected on the basis of a legal obligation or performance of a contract, retention will take place for the time necessary to fulfill these purposes, respecting specific deadlines of the applicable legislation.

At the end of the retention period, personal data will be disposed of securely using appropriate disposal techniques, ensuring that it cannot be recovered or accessed improperly. If applicable, the data may be anonymized, making it impossible to identify the data subject, allowing it to be retained for statistical or research purposes.

If you would like more information on storage periods or to request the deletion of your data, please contact us through the channels available in this Policy.

With whom is your data shared?

The personal data we collect is processed exclusively by specific professionals duly authorized by Melvin and/or Manutenção em Ação, always in accordance with the guidelines of the applicable data protection legislation.

As a data controller, we may share personal information with suppliers and service providers (operators) to enable the provision of our products and services, as well as to achieve some of the purposes described in this Policy. This includes, for example, technology and cloud storage providers (e.g. data hosting providers and management systems) and payment methods and financial institutions, to process transactions and payments.

In addition, we may share data with competent authorities when there is a legal or regulatory obligation to do so. In any event, we take strict measures to ensure that this sharing takes place securely and respects the rights of data subjects.

The suppliers and service providers we work with operate under specific contracts, which establish clear obligations regarding the protection of personal data and information security, requiring them to adopt standards compatible with the LGPD and other applicable regulations.

Melvin and Manutenção em Ação are based in Brazil, but may process personal data in other countries by contracting partner companies, which in turn will be subject to the obligations of this Privacy Policy.

The updated list of suppliers and subcontractors with access to personal data is available at: https://oimelvin.com/subcontratadosdp.

If you have any questions about data sharing or would like more information about how we protect your information, please contact us through the channels indicated in this Policy.

Use of Cookies

We use cookies to give you the best experience on our websites. But what are cookies anyway?

Cookies are small files stored in your browser while you browse the internet. They help remember your preferences, making your access faster and more personalized.

Imagine a restaurant that you frequent regularly. As soon as you walk in, the waiter already knows where you like to sit, what your favorite juice is, your favorite dish and, at the end, even serves you that strong coffee just the way you like it. All without you having to ask.

Cookies work in a similar way: they “learn” your preferences and help optimize your experience, ensuring that the site recognizes your actions and makes your browsing more fluid and personalized.

What do we use cookies for?

When you use our services, we may collect, process, store and/or share information about your browsing through cookies for the following purposes:

  • Improve the efficiency and speed of navigation;
  • Enhance your experience and interactivity on our websites and other digital channels;
  • Display content, offers and information that is most relevant to you, according to your interests;
  • Make our communication more efficient and continuous, avoiding unnecessary repetition;
  • Make it easier to deal with your questions and requests;
  • Analyze statistical data and carry out research to improve our products and services.

Cookie management:

You can, at any time, configure your browser to be notified when cookies are activated or to block certain types of cookies.

If you choose to disable non-essential cookies, your browsing may be impacted, and some features of the site may not work properly. For more information on how to manage cookies in your browser, please consult the specific settings of the browser you use.

Your rights

In accordance with the General Data Protection Law (Law No. 13,709/2018) and applicable regulations, we guarantee you, the data subject, the right to submit requests based on the following rights:

  1. Confirmation that your personal data is being processed;
  2. Access to the personal data we hold about you;
  3. Correction of incomplete, inaccurate or outdated data;
  4. Anonymization, blocking or deletion of unnecessary, excessive or inadequately processed data, in breach of the law;
  5. Data portability to another provider;
  6. Deletion of data processed with your consent, except in cases where retention is permitted by law, such as for compliance with legal or regulatory obligations;
  7. Obtaining information about the public or private entities with which we share your personal data;
  8. Information on the possibility of not providing your consent, as well as the consequences of such refusal, where applicable;
  9. Revocation of consent, when the processing is based on your consent;
  10. Opposition to the processing of personal data, when carried out on the basis of the hypotheses of waiver of consent, in case of non-compliance with the LGPD;
  11. Review of automated decisions, which are based exclusively on the automated processing of personal data, affecting your rights.

Melvin and Manutenção em Ação do not process personal data based exclusively on automated processes that could have a significant impact on data subjects, such as decisions involving credit analysis, consumer profiling or risk assessment without human intervention. All relevant decisions involving your personal data are evaluated by our team, guaranteeing transparency and respect for your rights. Should this practice be adopted in the future, we will update this Policy and ensure that you can request information or review of any automated decision.

Deadlines for fulfilling requests:

Melvin and Manutenção em Ação are committed to complying with the data subject’s requests as quickly as possible. However, it is worth noting that, in accordance with the LGPD, there are specific deadlines for complying with these requests, including:

  • Confirmation and access to personal data: the request must be answered within 15 (fifteen) days;
  • Data correction and deletion: the deadline for a response is 15 (fifteen) days, which may be extended by another 15 (fifteen) days, depending on the complexity of the request;
  • Data portability: the deadline is also 15 (fifteen) days after the request, and can be extended by another 15 (fifteen) days if necessary.

It is important to note that, in the event of data deletion, Melvin and Manutenção em Ação will respect the minimum storage period provided for by Brazilian legislation for Internet applications, in addition to other legal provisions that apply to the case, such as those related to the legal custody of data.

Melvin and Manutenção em Ação will make every effort to ensure that your requests are dealt with efficiently and within the legal deadlines. If there is a specific situation that requires more time for analysis or to fulfill your request, you will be notified accordingly.

How can I contact you to exercise my rights?

If you would like to exercise your rights or have any questions about your data, please send your request to compliance@oimelvin.com.

Please note that in order to fulfill your request effectively, we may request additional information and/or documents to validate your identity. This is to protect your data and ensure the security of the process, preventing fraud and guaranteeing the authenticity of the request.

In addition, in some cases, we may have legitimate reasons for not complying with a request to exercise rights. These situations include, for example, cases in which requests to delete data cannot be complied with due to the existence of an obligation to retain data, whether to comply with legal or regulatory obligations or to enable us to defend ourselves in disputes of any kind.

It is important to note that, depending on the complexity of the request, some responses may require more time for analysis. However, don’t worry, as we will respond to all requests within a reasonable timeframe, always in compliance with the applicable legislation.

Information Security

Melvin and Manutenção em Ação are committed to protecting personal data against any unauthorized access, improper alteration, unauthorized disclosure or destruction, by implementing technical and administrative security measures, including, but not limited to: strict access controls to systems and information; continuous monitoring of systems to identify and mitigate possible vulnerabilities; and constant training and awareness of all staff on the importance of information security and protection of personal data.

In addition to the aforementioned measures, Melvin and Manutenção em Ação follow information security principles and best practices in line with international standards, including ISO/IEC 27001 (Information Security Management System – ISMS) and ISO/IEC 27701 (Information Privacy Management System – IPMS). These standards guide our processes to ensure protection, control and compliance in the processing of personal data.

The guidelines set out in this Policy and in the other internal data protection rules are not limited to their current wording, as we are aware of the constant evolution of technology, applicable legislation and the emergence of new threats. For this reason, these guidelines may be updated periodically by Melvin and Maintenance in Action to ensure that personal data is always protected in accordance with best practices and current legal requirements.

In situations involving high-risk processing of personal data, Melvin and Maintenance in Action will carry out, if/when necessary, a Data Protection Impact Report (DPIR) to identify, mitigate and monitor potential risks to the rights and freedoms of data subjects prior to the implementation of processing.

In compliance with the LGPD and applicable ISO standards, Melvin and Manutenção em Ação have adopted a Security Incident Management Policy, which provides procedures for identifying, containing, analyzing, reporting and mitigating information security incidents. In the event of a personal data breach that may pose risks to data subjects, we will notify the National Data Protection Authority (ANPD) and, where applicable, the data subjects themselves, as required by art. 48 of the LGPD and ISO 27001 guidelines.

We reaffirm our commitment to the protection of personal data, always seeking the best solutions to ensure that the personal information of users and others involved is treated with the highest level of security and in compliance with applicable legislation.

Extent of effect and interpretation of this Policy

The terms of this Privacy Policy apply exclusively to personal information processed by Melvin and/or Manutenção em Ação. Therefore, this Policy does not apply to other services that are not provided by Melvin and/or Manutenção em Ação.

In addition, the terms and expressions used in this Privacy Policy, which are not expressly defined, whether in Portuguese or in any other language, as well as any technical language terms that may be used during the term of this document, to identify acts or practices in compliance with the rights and obligations established, shall be interpreted in accordance with widely recognized international concepts.

Contact

Melvin and Manutenção em Ação are small companies and, in accordance with Resolution CD/ANPD No. 2/2022, are not required to formally appoint a Data Protection Officer (DPO).

However, we reaffirm our commitment to transparency and respect for the rights of data subjects, providing a dedicated communication channel to answer questions, receive requests and enable the exercise of the rights provided for in the General Data Protection Law (LGPD).

To contact us, send an e-mail to compliance@oimelvin.com.

Changes to the Privacy Policy

Melvin and Maintenance in Action carry out periodic compliance assessments and internal audits to ensure the continuous improvement of our data protection processes. Changes to this Policy may occur as a result of these assessments or the updating of applicable regulations.

If the changes are substantial, we will make an appropriate communication by e-mail or by means of a prominent notice on our digital channels before the changes come into effect. In any case, we recommend that you access this document regularly to stay informed of any updates.

General Provisions

Any omission or tolerance on the part of the parties to demand full and strict compliance with the provisions of this Policy, or with the prerogatives arising from applicable legislation, shall not constitute a novation, waiver or affect the exercise of the rights described herein, which may be exercised fully and completely at any time.

Should any provision of this Policy be deemed void or ineffective, the remaining provisions will continue in full force and will be replaced by a valid clause that reflects, as far as possible, the original intention.

Any dispute arising from the terms described herein shall be resolved in accordance with Brazilian law, with the exclusive jurisdiction of the courts of the city of Belo Horizonte/MG, to the exclusion of any other jurisdiction, however privileged.

Date of release of this version

This Policy was updated and made available on March 6, 2025.