Know our Privacy Policy
1. Introduction
This Privacy and Personal Data Protection Policy (“Privacy Policy” or simply “Policy”) which is available at the address https://vencyone.cloud/painel-empresa/3510770211-central, aims to inform about the privacy and data protection practices, as well as the way Data is collected and used by MIGRATE.
This policy seeks to meet the legal, regulatory and contractual requirements involving MIGRATE under the terms of Law 13.709/2018, the General Data Protection Law (LGPD), observing the rights of Personal Data Subjects (PD) and applies to personal data subjects, client companies, partner companies and the general public.
Below are the commitments on which the Privacy and Personal Data Protection Policy is based:
1. Respect for the privacy of data subjects;
2. Transparency to data subjects about the need for processing their personal data, the form, duration and accuracy of the information;
3. The proper processing of Personal Data, serving its legitimate purpose;
4. Protection of personal data of data subjects in all company environments;
5. Limitation of data processing to the minimum necessary to carry out the company's activities and processes;
6. Impossibility of processing data for illicit or abusive discriminatory purposes. In the various operations and activities carried out by MIGRATE, transactions related to the processing of personal data occur, in this sense, according to the definitions of the LGPD, the company can be classified as either a Personal Data Controller or a Personal Data Operator, therefore, in the search for the best interest of data subjects and respecting their rights and freedoms, this document reinforces the commitment to complying with the applicable personal data privacy and protection rules.
MIGRATE informs that it may eventually request the User's Personal Data, due to the need and for the correct use and execution of the services provided and/or for the purposes specified in this Policy.
Finally, Personal Data may be processed for the fulfillment of a legal or regulatory obligation; regular exercise of rights in a judicial, administrative or arbitral process; based on legitimate interests; and for the execution of contracts.
This Policy may be updated and revised at any time, in the form it is in, to not only accompany the expansion of MIGRATE's activities, in accordance with its values, mission and purposes, but also, seeking constant growth through technological innovations, implementation of new services, development of legislation, regulatory measures and technical standards involving the protection of personal data, rights and freedoms of data subjects.
2. Scope
The Privacy and Personal Data Protection Policy covers all processes that deal with digital and analog Personal Data of data subjects who have a relationship with MIGRATE.
Therefore, the rules described in this policy apply to the entire internal organization, directly to its employees, contractors or outsourced, directors and partners, as well as to external parties, such as its contracted or subcontracted PD Operators, business partners (third parties) and other stakeholders, in order to directly or indirectly involve all those who process personal data on behalf of MIGRATE, including MIGRATE itself, on behalf of other Controllers.
3. Types of Personal Data Subject to Processing
To facilitate the understanding of personal data, below is a brief classification of data according to each processing activity.
The personal data of natural persons processed by MIGRATE are directly related to the services contracted by the data subject, and may have as legal bases those provided for in article 7, items I, II, V and VI and article 11, items I and II, “d”, of Law 13.709/18, encompassing the following personal data:
1. Personal identification data: name, CPF, RG, date of birth and image;
2. Personal civil status data: marriage or stable union certificate;
3. Personal professional data: profession;
4. Personal electronic address data: e-mail address;
5. Personal physical address data: residential and commercial addresses;
6. Personal contact data: cell phone, landline;
7. Personal dependent data: birth certificate;
8. Personal data from health system registration: SUS card;
9. Personal labor data: GFIP/CTPS/PIS/PASEP/NIS;
10. Personal Affiliation Data: name of ancestors;
11. Indirect personal vehicle identification data: license plate, chassis, and Renavam of vehicles;
12. Sensitive Personal Data: gender + medical and health information;
13. Personal Internet Data: IP address, geolocation.
4. The Data Protection Policy
This Policy is governed, under the rules of the Federal Constitution of 1988, by the General Data Protection Law (LGPD, Federal Law 13.709/2018), and other applicable and current norms of the Brazilian legal system.
The information collected and the Personal Data that are processed by MIGRATE are not shared with third parties, except in the cases authorized and expressly provided for in the LGPD, regulations of the National Data Protection Authority (ANPD), and other laws related to personal data protection or still in this Policy, with the purpose that the use and execution of the services provided by MIGRATE occur in a complete manner.
MIGRATE is classified as a Personal Data Controller and Personal Data Operator, in the context of the LGPD definitions, therefore, this policy confirms MIGRATE's commitment to protecting the privacy of personal information of its potential clients, clients, employees, contractors, partners, subcontractors and other interested parties.
5. Personal Data Processing
MIGRATE has a specific procedure to identify the need for Personal Data Processing, applying all the principles of Personal Data Processing provided for by the LGPD to said processing. In this way, this procedure meets the principle of “subsidiarity”, as a good practice for assessing the need for processing, before carrying it out.
6. Rights of Personal Data Subjects
Based on the applicable legislation, as a personal data subject, you are assured of exercising your rights, in order to request:
1. confirmation of the existence of processing of your personal data;
2. access to your data;
3. correction of your incomplete, inaccurate or outdated data;
4. anonymization, blocking or deletion of your data that is unnecessary, excessive, or processed in non-compliance with the provisions of the applicable legislation;
5. portability of your data to another service or product provider, observing commercial and industrial secrets;
6. deletion of your personal data, except in the cases provided for in the applicable legislation, for the exercise of rights related to MIGRATE and for the fulfillment of legal requirements;
7. information about the public and private entities with which MIGRATE has shared your data;
8. revocation of your consent, when you have provided it to us, safeguarding the public interest that may justify the continuity of processing or the existence of another legal basis that authorizes it;
9. opposition to any processing of personal data based on one of the hypotheses in which your consent is waived, provided that there has been non-compliance with the provisions of the applicable legislation and the public interest that may justify the continuity of processing is safeguarded.
Your request can be made through our Privacy Center, available via the link: https://vencyone.cloud/painel-empresa/3510770211-central. We will analyze your request and respond to it as quickly as possible, considering the deadlines and terms provided for in the applicable legislation. If it is not possible to immediately fulfill your request, we will indicate the reasons of fact and law that prevent us.
MIGRATE reinforces the importance of the data and that it cannot be held responsible for the correctness, veracity, authenticity, completeness and updating of the data provided by the Data Subject, nor for any misuse of information published by them or for fraud resulting from the violation of personal passwords.
It is your sole responsibility to provide only correct, true, authentic, complete and updated information, as well as to ensure the secrecy of your password, when applicable, not disclosing it to third parties.
7. Identification and Documentation of Purpose
MIGRATE has a specific procedure to identify and document the purpose (or finality) of Personal Data Processing. No Personal Data Processing is carried out without first going through this step.
Article 7 of the LGPD clearly establishes the legal basis under which Personal Data can be processed. The table below represents the summary of the processing hypotheses.
I - Through the provision of consent by the data subject;
II - For the fulfillment of a legal or regulatory obligation by the controller;
III - By the public administration, ...
IV - For the carrying out of studies by a research body ...
V - Execution of a contract or procedures... related to a contract of which the data subject is a party...
VI - For the regular exercise of rights in a judicial, administrative or arbitral process...
VII - For the protection of the life or physical safety of the data subject or a third party
VIII - For health care...
IX - When necessary to serve the legitimate interests of the controller or a third party.
X - For credit protection...
8. Consent of the PD Data Subject
In cases where the legal basis for PD Processing is “Consent”, MIGRATE will collect specified, highlighted and informed consent, providing all necessary clarifications to the personal data subject. The Consent Term is filed together with the related service provision contract.
9. Personal Data Retention
Regarding “retention”, MIGRATE stores and maintains its information by observing the legal and contractual requirements for this, whether they are: (i) for the time required by law; (ii) until the end of personal data processing, as mentioned below; (iii) for the time necessary to preserve the legitimate interest of Migrate, as the case may be; (iv) for the time necessary to safeguard the regular exercise of MIGRATE's rights in a judicial, administrative or arbitral process.
In this way, the data will be processed, for example, during the applicable prescription periods or while necessary to fulfill a legal or regulatory obligation.
The end of personal data processing will occur in the following cases:
1. When the purpose for which the Data Subject's personal data was collected is achieved and/or the personal data collected is no longer necessary or relevant to achieve such purpose;
2. When the Data Subject is within their right to request the end of processing and the deletion of their personal data and does so; and
3. When there is a legal determination in this regard.
If the processing of your personal data ends, except for the hypotheses established by the applicable legislation or by this Privacy and Data Protection Policy, they will be deleted from MIGRATE's database. If it is not possible to delete them immediately, the data will be securely stored and isolated from any subsequent processing, until deletion is possible.
10. Contract with Personal Data Operators
MIGRATE also observes Privacy and Data Protection with its clients and other Data Subjects by entering into contracts with Personal Data Operators and their subcontractors, also Operators, that contain at least:
1. The name of the processing;
2. The duration of the processing;
3. The nature and purpose of the processing;
4. The types of personal data involved;
5. The categories of Data Subjects involved in the processing activities;
6. Rights and obligations of the parties involved;
The contracts also include terms that state that:
1. The Operator must only act on the documented instructions of the Controller, unless required by law to act without such instructions;
2. The Operator must ensure that the people who process the data are subject to a Non-Disclosure Agreement or similar instrument that guarantees the confidentiality of the personal data being processed;
3. The Operator must take appropriate measures to ensure the security of PD Processing;
4. The Operator must only involve a subcontractor (another Operator) with the prior authorization of the Controller and under a written contract;
5. The Operator must take appropriate measures to help the Controller respond to requests from individuals, so that they can exercise their rights;
6. Taking into account the nature of the processing and the information available, the Operator must assist the Controller in fulfilling their obligations with the LGPD in Brazil regarding the security of PD Processing, the notification of Data Breaches and the Data Protection Impact Assessments;
7. The Operator must delete or return all personal data to the Controller (at the Controller's option) at the end of the contract, and the Operator must also delete the existing personal data, unless the law requires its storage; and
8. The Operator must provide the Controller and the Controller must provide the Operator with information and evidence that both are complying with their obligations to the LGPD.
MIGRATE keeps a record of such contracts so that they can be identified in relation to personal data processing in its Data Inventory. MIGRATE also observes Privacy and Data Protection with its clients, assisting them in complying with their legal obligations regarding the Processing of PD of their Data Subjects, by contract entered into between the parties.
11. Cookies
The definitions for each type of cookie collected on the website can be accessed through the button with the image of a cookie on the homepage of the website https://migrate.info, encompassing necessary, functional, marketing, analysis and performance cookies.
MIGRATE informs that it uses cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and recognize you across different Services and devices.
It is important to note that the so-called “necessary” cookies are essential for the website to function properly and cannot be disabled, as they do not collect information that can identify the user. Attention: To better evaluate the decision about consent for cookies, MIGRATE recommends that the user access the website https://allaboutcookies.org which contains detailed explanations about each type of cookie as well as information on how to deactivate them.
MIGRATE also recommends that the visitor access the link below which explains how to access cookie settings in various different browsers and how to disable them, if they so wish: https://allaboutcookies.org/how-to-manage-cookies.
To not be tracked by Google Analytics on all websites, the user can access the link https://tools.google.com/dlpage/gaoptout?hl=pt-BR and proceed with the necessary settings
In order to maintain total transparency regarding the collection and storage of cookies, the cookies used on the website are identified below, as well as a brief description of the purposes for which they are used:
Necessary Cookies:
Cookie: cfmrk_cic
Time: 90 days
Property: Third-party: (Cloudflare)
Purpose: Used by Cloudflare to route user traffic to this website
Functionality Cookies:
Cookie: IDE
Time: 1 year
Property: Third-party: (Google)
Purpose: Registers and reports the user's action after viewing or clicking on the advertiser's ads for the purpose of measuring the effectiveness of an ad and presenting targeted ads to the user
Cookie: VISITOR_INFO1_LIVE
Time: 179 days
Property: Third-party (Youtube)
Purpose: Tries to estimate the bandwidth of users on pages with embedded Youtube videos.
Cookie: YSC
Time: Session
Property: Third-party (Youtube)
Purpose: Registers a unique ID to maintain statistics of who has viewed YouTube videos.
Analytical Cookies:
Cookie: _ga
Time: 2 years
Property: Third-party: (Google Analytics)
Purpose: Used to limit the rate of requests made by the user.
12. International Data Transfer
The LGPD, in its Art. 33, determines the conditions for an International transfer of personal data to occur, which are:
I - to countries or international organizations that provide a degree of personal data protection adequate to that provided for in this Law;
II - when the controller offers and proves guarantees of compliance with the principles, the rights of the data subject and the data protection regime provided for in this Law, in the form of:
1. a) specific contractual clauses for a given transfer;
2. b) standard contractual clauses;
3. c) binding corporate rules;
4. d) regularly issued stamps, certificates and codes of conduct;
III - when the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, in accordance with international legal instruments;
IV - when the transfer is necessary for the protection of the life or physical safety of the data subject or a third party;
V - when the national authority authorizes the transfer;
VI - when the transfer results from a commitment assumed in an international cooperation agreement;
VII - when the transfer is necessary for the execution of public policy or legal attribution of the public service, being publicized in the terms of item I of the caput of article 23 of this Law;
VIII - when the data subject has provided their specific and explicit consent for the transfer, with prior information about the international nature of the operation, clearly distinguishing it from other purposes; or
IX - when necessary to meet the hypotheses provided for in items II, V and VI of article 7 of this Law.
To reinforce our commitment to the protection of your data, we clarify that the International Transfer of Personal Data, if it occurs, is carried out in accordance with the General Data Protection Law (LGPD), the regulations of the National Data Protection Authority (ANPD) and the provisions of Resolution CD/ANPD nº 19, of August 23, 2024, which deals with the legal bases for the international transfer of personal data. Migrate seeks to carry out such transfers preferably to countries or organizations that provide an adequate level of data security and protection, ensuring the privacy and integrity of your information.
The transfer of your data will be carried out in strict compliance with the applicable legal and regulatory provisions, based on specific contractual clauses, binding corporate rules or, when necessary, with your free, informed, explicit and highlighted consent. We adopt adequate technical and organizational measures to ensure the confidentiality, integrity and protection of your data, ensuring that the processing occurs in a lawful, transparent and compatible manner with the previously informed purposes.
13. Technologies and Innovation
MIGRATE may responsibly and transparently adopt innovative technologies, including tools based on Artificial Intelligence (AI), always with the objective of improving our services and ensuring the best experience for users.
The eventual use of these technologies will observe the principles of necessity, adequacy, security and transparency, in accordance with the General Data Protection Law (LGPD) and other applicable legislation.
14. Data protection principles
MIGRATE is committed to the Processing of Personal Data in accordance with its responsibilities under the LGPD. Article 6 of the LGPD, which establishes that there is good faith in the Processing of Personal Data and the observance of the following principles:
Purpose: Carrying out the processing for legitimate, specific, explicit and informed purposes to the data subject, without the possibility of subsequent processing in a manner incompatible with these purposes;
In this way, MIGRATE only processes data for the purposes collected and communicated and not for other reasons without the agreement and knowledge of the Data Subject
Adequacy: Compatibility of the processing with the purposes informed to the data subject, according to the context of the processing;
MIGRATE reviews and documents the data being processed, both as an operator and as a controller, in this last hypothesis, the legal bases for processing are defined. It also ensures that the data collected is not excessive and is adequate for the purpose for which it was collected.
Necessity: In order to ensure that processing is limited to the minimum necessary to achieve its purposes, MIGRATE seeks to maintain its requests with the scope of relevant, proportional and non-excessive data in relation to the purposes of the data processing;
Free access: Guarantee, to data subjects, of easy and free consultation on the form and duration of the processing, as well as on the completeness of their personal data in processing. MIGRATE Company guarantees Data Subjects the exercise of their rights and freedoms, free of charge, by providing communication channels with the organization, through the Data Protection Officer via the link: https://vencyone.cloud/painel-empresa/3510770211-central.
Data quality: It is guaranteed to data subjects, accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its processing; The processing carried out by MIGRATE follows the principle of minimization, which requires that the data collected be minimal and only necessary for the proposed processing, with guarantees of its quality and accuracy, as well as its integrity, in line with the purpose of the processing.
Transparency: Guarantee, to data subjects, of clear, precise and easily accessible information about the processing and the respective processing agents, observing commercial and industrial secrets;
MIGRATE guarantees the Data Subject the provision of clear information about their personal data and associated processing, through our Privacy Center via the link: https://vencyone.cloud/painel-empresa/3510770211-central.
Security: Use of technical and administrative measures capable of protecting personal data from unauthorized access and accidental or illicit situations of destruction, loss, alteration, communication or diffusion; observing additional data privacy controls suggested by, in order to correctly conduct Personal Data Processing and also observing the security of all assets related to this process, reducing all associated risks to a level acceptable to the organization.
Prevention: The adoption of measures to prevent the occurrence of damage as a result of Personal Data Processing; The organization guarantees the Data Subject that, through the conduct of Security and Privacy Risk Management, it also establishes preventive measures and necessary assessments so that their Personal Data is not subject to Violations.
Non-discrimination: The impossibility of carrying out processing for illicit or abusive discriminatory purposes;
MIGRATE guarantees the Data Subject that their PD will not be processed in a discriminatory and/or illicit manner, nor will abuses be committed, so that only the proposed processing will be carried out. For this, it makes itself available to the Data Subjects and the ANPD, as well as the Controllers for any clarifications that may be necessary.
Accountability and rendering of accounts: Demonstration, by the agent, of the adoption of effective measures capable of proving the observance and compliance with personal data protection rules and, including, the effectiveness of these measures; MIGRATE has implemented a Privacy and Data Protection Program that allows the application of good practices and governance, as provided for in the LGPD and capable of providing evidence of compliance.
In the event of data breaches, these will be evaluated and, when appropriate and required, the Data Subjects and the ANPD, as well as other authorities and entities provided for in the Data Breach Response Plan, such as other Personal Data Controllers, are duly notified and activated, also in accordance with the deadlines provided for in the Law and detailed in the Plan.
15. How we use the information we collect
MIGRATE may use the information that is collected, and its form will depend on the contracted services. Below are some specific purposes for which we may use the information we collect about you.
For the provision of MIGRATE Services: We use your information to provide our Services, including to process transactions, electronic fiscal documents, also at the time of your login to authenticate you, provide customer support and operate, maintain and improve our Services. We may use your email domain to address matters relating to the contracted Services.
For research and development: We are always looking for ways to make our Services smarter, faster, more secure, integrated and useful. We use collective information and learning (including feedback) about how people use our Services to solve problems, identify trends, usage, activity patterns and areas for integration and improve our Services and develop new products, features and technologies that benefit everyone.
To communicate with you about the Services: MIGRATE uses your contact information to send communications by email and within the Services, customer service and to send technical notices, updates, security alerts and administrative messages. We also send communications when you embark on a certain Service to help you become more proficient in using that Service.
To market, promote and drive engagement with the Services: MIGRATE uses your contact information and information about how you use the Services to send promotional communications that may be of specific interest to you, including by email. These communications may be informed by audits of interactions (such as counting ad impressions) and are intended to drive engagement and maximize what you get from the Services, including information about new features, research requests, newsletters and events that we believe are important and interesting to you. We also communicate with you to offer new services or extensions.
Customer support: We use your information to solve technical problems you encounter, to respond to your requests and questions, to analyze information about failures or any types of rejections involving electronic fiscal documents and to repair and improve the Services.
For security and protection: MIGRATE uses information about you and your use of the Service to verify accounts and activities, detect, prevent and respond to potential or actual security incidents, monitor and protect against other malicious, deceptive, fraudulent or illegal activities, including violations of Service policies.
With your consent: We use information about you with consent to do so for a specific purpose not listed above. For example, we may post featured customer/partner testimonials or stories to promote the Services, with your permission.
politicas.politicaPrivacidade.secoes.14.paragrafos.8
Final Considerations - Statement of Commitment to Continuous Improvement
MIGRATE reinforces its commitment to good privacy and data protection practices, committing to keep its Privacy and Data Protection Management System updated with the legislation in force, regulations and recommendations issued by the National Data Protection Authority - ANPD
It also assumes the commitment to periodically review this Policy and, at its discretion, promote modifications that update its provisions in order to improve the organization's culture and commitment to the privacy and protection of personal data of data subjects.
Any modifications that may lead to a change in the purposes of data processing or that involve the sharing or communication of data to third parties that were not previously foreseen, will be regularly communicated to the data subjects in accordance with the provisions of the General Data Protection Law, and their consent will be requested, if applicable, for processing for this other purpose or for the communication or sharing of data.
The last version will be indicated at the beginning of this document with the last date of its modification, which will be the current Privacy and Personal Data Protection Policy. It is recommended that data subjects visit the MIGRATE website periodically, in order to follow up on any modifications to this Policy
After reading this Privacy Policy, in case of any questions or requests for the fulfillment of your rights, details about the collection or processing of personal data, can be requested from MIGRATE at any time, or, contact us through the link: https://vencyone.cloud/painel-empresa/3510770211-central.
This Policy must be interpreted according to Brazilian law.
Três de Maio, September 02, 2025.
Rafaele Giacomelli Schirmer DPO | Data Protection Officer