Mivita Construtora
VCI SA Online
Welcome to our customer service by Whatsapp.
You have chosen the sector , if you want to change the sector click here.
Enter your details below to start the conversation:

Privacy policy

VCI SA has, as one of its main values, respect for the privacy of its service users,

employees, partners, its users in general (“You”) and their personal data. This “Privacy

Policy and Protection of Personal Data” (hereinafter the “Policy”) to explain to You how

we treat your personal data.

When using our services, we may process personal data owned by you, which is why

this Policy seeks to clarify our practices regarding the collection, use, disclosure and

processing in general of personal data of our service providers, users and other

natural persons who can establish some relationship with VCI SA

Doubts can be clarified with our Data Protection Officer ( Data Protection Officer -

DPO), through the service channel:

1. General terms and concepts

1.1 For the purposes of this policy and as provided for in Law No. 13.709/2018, it is considered:

i. personal data: information related to an identified or identifiable natural person,

so that any information that enables the identification of a natural person is

considered personal data;

ii. sensitive personal data: personal data on racial or ethnic origin, religious conviction,

political opinion, affiliation to a union or organization of a religious, philosophical or

political nature, data relating to health or sexual life, genetic or biometric data, when

linked to a natural person;

iii. anonymized data: data related to the holder that cannot be identified, considering

the use of reasonable technical means available at the time of its treatment;

iv. database: structured set of personal data, established in one or several places,

in electronic or physical support;

v. holder of personal data: natural person to whom the personal data to be

processed refer;



treatment agents: the controller and the operator;

controller: natural or legal person, under public or private law, who are

responsible for decisions regarding the processing of personal data, such as VCI


viii. operator: natural or legal person, under public or private law, who processes

personal data on behalf of the controller;

ix. foreman or DPO ( Data Protection Officer): person appointed by the controller and

operator to act as a communication channel between the controller, the data subjects

and the National Data Protection Authority (ANPD);

x. treatment: any operation performed with personal data, such as those relating to the

collection, production, reception, classification, use, access, reproduction,

transmission, distribution, processing, archiving, storage, elimination, evaluation or

control of information, modification, communication , transfer, diffusion or extraction;

Translated from Portuguese to English -

xi. anonymization: use of reasonable technical means available at the time of

processing, whereby data loses the possibility of association, directly or indirectly,

with an individual, making its identification impossible;

xii. consent: free, informed and unambiguous expression by which the holder agrees

with the processing of his/her personal data for a specific purpose;

xiii. blocking: temporary suspension of any processing operation, by keeping

personal data or the database;

xiv. deletion: deletion of data or set of data stored in a database, regardless of the

procedure used;

xv. shared use of data: communication, dissemination, international transfer,

interconnection of personal data or shared treatment of personal data banks by

public bodies and entities in compliance with their legal powers, or between these

and private entities, reciprocally, with specific authorization, to one or more

modalities of treatment allowed by these public entities, or between private


2. Rights of the holder of personal data

2.1. The holder of personal data, regardless of their position in relation to VCI SA, has

the right to:





Confirm the existence of the processing of personal data;

Access personal data;

Correct incomplete, inaccurate or outdated personal data;

Request the anonymization, blocking, deletion or deletion of unnecessary or excessive


Request the portability of your data to another supplier or product, as long as you

follow the parameters indicated by ANPD (National Data Protection Authority;

Request the deletion of data processed with your consent;

Request information about the public or private entities with which your data

has been shared;

Request information about the consequences of not providing your

consent; Revoke consent.

Request a copy of: the categories and specific personal data that are collected; the

categories of personal data collected; the purpose of the collection of personal

data; the categories and specific third parties with respect to which personal data

is shared;

Oppose the processing of personal data;

Request the review of automated decisions, in case, eventually, a decision of

this nature is taken.









2.2. Whenever possible, personal data will be deleted after processing or will be

anonymized, using techniques available at the time.

2.3. It is possible to maintain certain personal data in the VCI SA database, if such

action proves necessary: (i) to comply with the applicable legislation; or (ii) to

enable the exercise of VCI SA's rights in judicial, administrative or arbitration


2.4. The request for deletion or deletion of personal data does not guarantee the

complete or comprehensive removal of the content or information relating to

personal data, in cases where the maintenance of data in our database is necessary

for the strict fulfillment of legal duty.

3. Hypotheses for the processing of collected personal data: reasons that justify the

processing of personal data

3.1. Personal data will not be used without adequate justification, provided for by law, for

such purpose. Therefore, the processing of your personal data will only be carried out

in the following cases, alternatively:



If consent to the processing of personal data has been obtained;

If the treatment is necessary to perform the contractual obligations assumed with you

or to adopt pre-contractual measures, at your request;



If legal or regulatory obligations demand the processing of personal data;

If the processing of personal data is necessary for the purpose of meeting the

legitimate interests of VCI SA and provided that, in this case, it does not unduly affect

the fundamental rights and freedoms of the holder of the personal data. Examples of

situations that constitute the “legitimate interest” of VCI SA are data processing

activities carried out for: (a) commercial operations through the sale of goods and

services; (b) responding to requests; (c) development of VCI SA's core business, among


v. For the purpose of managing adverse events, carrying out prevention and/or

investigation activities, complying with administrative formalities, records,

declarations or audits;

saw. To enable access to applications and virtual platforms, manage online

accounts, control entry and exit, among other electronic control platforms;





Preparation of research and clinical studies, through records and

trials; Recruitment of new employees;

Conducting market research for non-commercial purposes;

Identify access credentials, including passwords, password hints, security

information and questions, identification (ID) registered with the state entity,

health professional number, driver's license or passport data, among others.





To enable payments by verifying financial data; Send news and

information about products and services;

For the purpose of complying with judicial, administrative or arbitration

subpoenas; To ensure the health and safety of VCI SA's employees and facilities;

xv. In cases where authorized by the holder of the personal data upon obtaining


xvi. For the purpose of enabling the sale of the business or its assets, in order to allow the total

or partial acquisition by third parties;

xvi. Carry out the identification and registration of the holders of personal data in the

databases of VCI SA, being possible to receive personal data from the user's profile,

such as navigation, registration or contact data;

xviii. In order to provide sufficient information to the competent sector for the purpose

of issuing an invoice;

xix. Respond to any queries made by the holder of personal data, including orders,

purchases and returns, if applicable;

xx. Perform analyses, quality control, market research and determine the

effectiveness of activities developed by VCI SA;

xxi. Respond to requests from public and government authorities, national or


xxii. In cases where VCI SA receives personal data from third parties, the institution

will assume that prior authorization has been obtained from the holder of the

personal data, by this third party, or that there is a legal basis for such sharing;

3.2. If the Owner of the personal data has doubts as to the regularity of the treatment of

their personal data, they may contact the VCI SA DPO directly through the email

address provided at the beginning of this Policy.

3.3. Personal data of children under 12 years of age will not be processed without the prior, specific

and prominent consent of their parents or legal guardians.

4. Types of personal data that are processed by VCI SA

4.1. In accordance with the governing legislation and in order to enable the achievement of the

activities described in its corporate purpose and in its legitimate interest, VCI SA processes the

following categories of personal data.

i. Financial or payment information: bank account, credit and/or debit card


ii. Registration information: full name, marital status, date of birth, gender,

identity documents, username for login and password, RG and CPF;



Sensitive information: data relating to health and ethnicity;

Behavioral information: access logs, click data and other data collected

including through technologies;

v. Browsing data: server log information, IP address ( internet protocol) device,

date and time access, operating system, browser type;

saw. Cookie data: cookies, pixel tags and other similar technologies;


5. Methods of collecting personal data

The data processed by VCI SA can be collected in the following ways:

Contact details: registered address, email, telephone;



Direct supply by the holder of personal data;

Receipt of personal data by third parties by sharing data from partners or

service providers;

It collects in an automated way upon access to our website, including:

characteristics of the device used for access, browser used for access, IP

origin (with date and time), information about your interaction on our

page, information that will be collected through of cookies.


6. Identification of individuals or entities that have access to personal data and data

sharing with third parties

6.1. VCI SA guarantees that everyone who has access to the personal data under its care

undertakes to maintain absolute secrecy regarding the same;

6.2. VCI SA informs that it may share personal data with partner companies and

suppliers, in the development and provision of services or offering targeted

products, provided that it is in line with VCI SA's values;

6.3. VCI SA further emphasizes that it may share personal data under its custody with

authorities, government entities, national or foreign, or other third parties, for

the protection of its interests, in cases where there is any type of conflict, whether

of judicial or administrative nature;

6.4. It is also possible to share personal data with third parties when such action proves

necessary to comply with legal or regulatory obligations;

6.5. In the case of corporate transactions involving VCI SA, it will be possible to share

personal data with third parties, taking the necessary measures to ensure that privacy

rights continue to be protected, in accordance with this Policy;

6.6. Personal data held by VCI SA will be shared with third parties in the event that such

action proves necessary to comply with a court order or at the request of

administrative authorities that have legal competence for such request;

6.7. It is legitimate to share personal data with other companies that may be part of the

VCI SA group;

6.8. Personal data held by VCI SA may be shared with health professionals and

organizations, distributors and other members of the field, whenever the legal basis

refers to the protection of health, exclusively, in a procedure carried out by health

professionals, health services or health authority;

6.9. Personal data may be shared with marketing partners, for purposes of carrying out

marketing actions, provided that there is a legal basis for this and there is no

economic exploitation of such data;

6.10. We will not sell, share or, in any other way costly or with economic content,

transfer personal data with third parties;

6.11. In the exercise of our activity and for the same purposes provided for in this Policy,

personal data will be accessed by:

6.11.1. our employees (including employees or departments) in the exercise of their


6.11.2. our suppliers and service providers who provide us with products and


6.11.3. our information technology systems providers, cloud service providers

(“cloud”), database providers and consultants;

6.11.4. our business partners;

6.11.5. Any third parties to whom we have transferred our rights and obligations;

6.11.6. our consultants and outside counsel in the context of the sale or transfer of

any part of our business or assets.

6.12. The aforementioned agents are contractually obliged to protect the confidentiality and

security of personal data and to comply with the provisions of the LGPD.

6.13. Personal data may be processed, accessed or stored in a country other than the

headquarters of VCI SA, provided that such country offers the same level of personal data

protection provided for in Brazilian law

6.13.1. In such case, we ensure that, when sharing personal data with third-party

companies located in other jurisdictions: (i) we will guarantee the application

of the level of protection required by the personal data protection/privacy

legislation applicable to VCI SA; and (ii) ensure that we act in accordance with

our policies and standards.

7. Duration of processing of personal data: how long will your data be processed?

7.1. All agents mentioned have a contractual obligation to protect the security and

confidentiality of personal data, and must fully comply with all provisions of the


7.2. Personal data will be retained by VCI SA for as long as is necessary to achieve the

purposes and objectives described in this Privacy and Data Protection Policy or

when there is specific consent to do so, except in the event that applicable law

requires or permits longer retention period.

7.3. VCI SA will eliminate all personal data processed in the event that it becomes

unnecessary for the purposes that justified its collection.

7.4. The processed personal data will also be deleted upon the express request of the

holder of said personal data, except in situations whose maintenance is authorized by

law, including with regard to the need to comply with a legal obligation, regulatory

obligation or, even when there is a need to exclusive use by VCI

SA, which includes its use to exercise VCI SA's rights in judicial or administrative


7.5. Personal data will be deleted upon express request, provided that such request is

accepted, considering the following hypotheses: (i) data collected with consent; (ii)

data considered excessive or unnecessary; (iii) when VCI SA fails to comply with

the rules provided for in the LGPD.

7.6. Personal data will not be deleted when the maintenance of their treatment proves

necessary to: (i) comply with a legal or regulatory obligation; (ii) transfer to a third

party (in compliance with the requirements for data processing in this case); and

(iii) exclusive use of VCI SA (including for exercising its ownership rights in legal or

administrative proceedings).

8. Measures taken to protect personal data

8.1. VCI SA adopts technical and administrative doctors capable of guaranteeing the protection

of personal data, observing the necessary levels of security and confidentiality.

8.2. The protection of collected personal data is carried out in line with the best security

practices used by the market, including with regard to the prohibition of

unauthorized access.

8.3. In addition to the security measures already adopted, we follow standards of conduct that

must be observed by our employees to ensure greater effectiveness in protecting

personal data, namely:

8.3.1. Use of the best physical, technical and administrative measures to reduce the

risk of loss, misuse, unauthorized access, disclosure or modification of your

Personal Data.

8.3.2. use of encryption

8.3.3. restriction of access only to authorized persons

8.3.4. identified access control

8.3.5. personal and non-transferable passwords

8.3.6. periodic update of passwords

8.3.7. hosting and storing information in secure environments

8.3.8. Restricted access to the place where personal data is stored.

8.3.9. Secrecy guarantee for everyone who has access to personal data

8.3.10. Prohibition to provide the registration password to third parties;

8.3.11. Immediate change of access credentials in case of use or suspicion of unauthorized


8.3.12. Use of the “https:” model, showing that the connection to the website is secure;

8.4. All measures aim to preserve the integrity of personal data against: (i) unauthorized

access; (ii) accidental or unlawful situations of destruction, loss, alteration,

communication or dissemination; or (iii) any other form of unlawful treatment.

8.5. VCI SA highlights that, even if the best efforts and latest technologies are adopted

to preserve privacy and personal data, no information transmission is

invulnerable and therefore susceptible to the occurrence of technical failures,

cyber attacks by virus medium, among others. Despite this, the

VCI SA values transparency and will immediately inform holders of personal data

if any event of this nature occurs.



Cookies policy

VCI SA emphasizes that it is available on its website the indication of the cookies

that are obtained and stored by VCI SA

9.2. The full cookies policy must be consulted directly in the aforementioned electronic

information repository.

10. The possibility of changing this Privacy and Personal Data Protection Policy

10.1. Any changes in the treatment of personal data collected or shared with VCI SA will

be notified in advance by electronic notice sent via email and/or insertion on the

VCI SA website


Business Partners

Hard Rock RCI