1. Sombrero Seguros commitment to Privacy and Data Protection

With a team formed by professionals experienced in the (different or various) types of special risks of the corporate segments, Sombrero Seguros is an independent, multiline insurance company and specialized in corporate insurance with a focus on the real economy. We were born from the vision of creating an insurance company focused on three main pillars: Innovation, Experience, and Agility.

From these pillars, we want to be much more than just an insurance company. We want to become a business partner engaged in the result of our clients and partners. Because for Sombrero, the important thing is to offer the best solution for each insured, building a solid and lasting relationship with each partner and client.

If you are our client, make use of any of our products or services, or use our website, this Privacy Policy applies to you, who is the holder of personal data.

Sombrero is committed to protecting your privacy and protecting your data. This document is intended to show you how Sombrero does this.

It is important to note that Sombrero uses your data exclusively to provide the services in the most appropriate and efficient way. And so that we can have trust as a basis for providing our services, any personal data or information collected about you is treated confidentially and in line with current privacy and data protection legislation.

Also for this reason, and seeking even more transparency, we have tried to write this policy in a simple and accessible way. However, if you have any questions, please get in touch with Sombrero through the electronic address: protecaodedados@sombrero.com.br

2. How and why does Sombrero collect your data?

For us to provide our services with quality, we use different types of personal data, committing to store only those that are necessary for the provision of our services.

The data can be collected directly (through the Sombrero website, branch, or call center), indirectly (through an intermediary such as the insurance broker, for example), or automatically (through your electronic device).

And so that Sombrero can be transparent in the treatment of this data, we describe below the purposes for which we may keep your data.

Hire the services of Sombrero Seguros:

Sombrero will use your data so that we can send you information about the prices and conditions of the service, as well as finalize the hiring of these services. Sombrero may also, from time to time, use the data of those contracts you initiated, but not completed through our website, because we understand that you are interested in this hiring. In all cases, you can always object to this use, in case you understand that it does not meet your expectations.

Fraud prevention and combat:

To prevent fraud and maintain the integrity of the services that are used and offered to you, Sombrero will use some of your data to provide security for your access to our website.

Offer new services and communicate with you:

Sombrero may, from time to time, use your data to offer you new services when you are already a client, or when you have already started a contract through our website. We do this because we understand that you are interested in our services. In both cases, if you understand that these services do not meet your expectations, we clarify that you can always unsubscribe through an easily accessible link contained in the communication received. Your data may also be used to inform you about the progress of any service you may have requested, such as the opening of claim, endorsement, cancellation, etc.

Evaluate the performance of our services, research, and innovation:

So that Sombrero can always improve the services offered, at times we ask our clients to evaluate the performance of the services that have been provided. With the same goal, Sombrero may also use some of your data in statistical research for the innovation of services and/or the development of new products.

Run or execute our services:

Sombrero may eventually use some of your data to perform the hired service. Without them, it would not be possible to identify and perform services such as, for example, the payment of the claim of your insurance contract (when we need you to provide us with your bank details, etc.). In addition, when requested assistance is provided in your policy, Sombrero may also share your data with service providers or duly accredited companies that will go to the indicated location to provide the service on behalf of Sombrero.

Social media:

Sombrero may also use your data to interact with you through social media, to promote products or services that are of interest to you. In all cases, you can always object to these advertisements; through the privacy settings of the social media you use.

Device information:

Sombrero may use data that is collected automatically through your mobile devices or computers connected to the internet, through cookies (detailed further in section 9).

3. Treatment of sensitive data of children and teenagers

In some cases, Sombrero Seguros may collect some personal data considered sensitive according to the definition of the General Data Protection Regulation – GDPR (Personal data on racial or ethnic origin, religious conviction, political opinion, affiliation to a syndicate or organization of religious character, philosophical or political nature, data relating to health or sex life, genetic or biometric data) or the collection of any personal data that may reveal any sensitive data. In such cases, we will only use this data under the legal hypotheses provided for in the GDPR. In addition, data from those who are under 18 years of age may also be collected during the provision of services. In these cases, Sombrero will always seek the authorization of its legal representative or one of its parents, according to the rules stated in the GDPR.

4. Does Sombrero share my data with anyone?

Sombrero only shares your data in the cases listed below.

Service Providers:

Sombrero Seguros hires service providers to assist in the provision of services to you. This is the case, for example, when you hire the insurance services and we need to share your data with the accredited network provider that will serve you. Another possibility is the sharing of data for support, customer service, fraud detection, market research analysis, billing, etc. The information shared with the service providers is strictly necessary for the execution of their services and they are obliged not to disclose it or use it for other purposes.

Legal or Regulatory Obligation:

Sombrero may be compelled to disclose or share your data if required to do so by court summons and/or according to any legislation.

Sombrero may also reveal your data in good faith in cases that are necessary for investigating or combating fraud.

Third-Party Services:

The Sombrero Seguros website is managed with the help of Google solutions. These solutions use trademarks on our pages and anonymous cookies (which you can consult in section 9) to analyze information about the website´s audiences (number of visits, duration of visits, etc.), sociodemographic and behavioral data (traffic sources, pages reviewed, preferred sections, etc.). For more information about their privacy policies, visit: www.google.com/intl/es_ALL/privacypolicy.html.

5. International Data Transfer

For Sombrero to provide its services, your data may eventually be transferred to other countries that have the same degree of data protection and/or that demonstrate compliance with applicable data protection legislation through internal rules, procedures, seals, and certifications that guarantee the proper privacy and protection of personal data.

6. What are your rights under the GDPR (General Data Protection Regulation)

You will always be able to exercise your rights regarding privacy and the protection of your data. In addition, Sombrero, other than being concerned about the security of this data, we are also concerned that you have access and knowledge to all of your rights. Thus, below is a summary of all your rights contained in article 18 of Law n.13.709/18.

Access, confirmation of use, and sharing information:

This right allows you to request which of your data is held by Sombrero, as well as request confirmation of the use that Sombrero makes of your data. You also have the right to receive information about any public and private entities with which Sombrero shares data if any.

Data Correction:

This right allows you to request the correction of your data if you identify the existence of any error, inaccuracy, or outdated information. However, for this correction to take effect, it may be necessary to verify the veracity of the data you provide to Sombrero.

Request anonymization, blocking, or deletion of data:

This right allows you to ask Sombrero to anonymize, block or delete your data in the following scenarios: (a) unnecessarily personal data; (b) excessive personal data; or (c)personal data processed in violation of the GDPR.

All of your collected data will be anonymized or deleted from Sombrero´s servers when you request it (as long as it is possible) or when it is no longer needed by Sombrero (saved when there is another reason for their maintenance, such as a possible legal obligation to retain personal data or need to preserve them to protect your rights or the rights of Sombrero).

Data portability:

Sombrero will provide your data, to you or the third parties you choose, upon express request and under available technical capacity.

Opposition to use:

You also have the right to object to Sombrero´s use of your data. In certain situations, Sombrero may demonstrate that it has legitimate reasons to continue to use your data, which override, such as, for example, in activities required by legislation.

Withdrawing your consent and knowing the consequences of not providing consent:

You have the right to not authorize the use of your data, and in these cases, you will be informed of the consequences of refusal. In addition, you also have the right to withdraw your consent at any time, without affecting the legality of any previous use of your data. However, if you withdraw your consent, Sombrero may no longer be able to provide you with certain services. And if that’s the case, Sombrero will let you know about it the moment it happens.

Automated decision review:

You also have the right to request the review of a decision made solely based on the automated use of your data, which affects your interests.

Sombrero may request specific information from you to confirm your identity and for your protection.

Sombrero reserves the right to reject applications if they are illegitimate or illegal, observing the protection of trade and industrial and industrial secrets, as permitted by current legislation.

To exercise any of your rights, you can make a formal request to Sombrero Seguros or clarify your questions by e-mail: protecaodedados@sombreroseguros.com.br

7. How long will we retain your data?

Sombrero will keep your data only for as long as is strictly necessary to fulfill the purposes for which they are used, whether to comply with any legal, contractual, accountability obligations or requests from competent authorities.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of possible security incidents that may occur, the purpose of processing your data, and whether we can achieve such purposes through other means, as well as the applicable legal requirements.

8. How does Information Security work?

Sombrero uses technical and organizational measures to protect your privacy and your data, always using the best market practices to ensure the security of your information.

9. Cookies

Sombrero uses cookies to provide you with a better and faster browsing experience on the Sombrero Seguros website. Learn more about using this feature and its configuration options by referring to the items below.

9.1 What are cookies?

Cookies are small data files, automatically generated on your computer that allow you to know your frequency of visits and the content you consume the most. In addition, they also contain information about security elements that may intervene in the control of your access to restricted areas and the display of advertising according to criteria predefined by third parties that provide these services on behalf of Sombrero. As a general rule, these are the following types of cookies:

Depending on when they expire:
Session cookies: expire at the end of a session
Persistent cookies: do not expire at the end of a session

Depending on your origin
Origin: enabled by the site being browsed;
Third-party cookies: cookies from other websites

Depending on your purpose
Technical: allow browsing and use of different services;
Personalization: allow access to services with predefined resources;
Analysis: allow monitoring and analysis of your behavior
Advertising: allow the management of advertising spaces
Behavioral advertising: store information about customer behavior and allow the management of advertising spaces.

9.2 What types of cookies do we at Sombrero Seguros use and why?

Analytical cookies: These are used to collect statistics about the activity on our website. The statistics collected include the number of users who visited us, the number of pages visited, your activity within the website, and your frequency of use. The information collected is always anonymous, so that no link can be related between the data and the individual to whom it refers.

Authentication cookies: These are used to maintain your sessions during each visit. They predominate in private areas of the site, which require your name and password for access.

Cookies used by social media: They allow you to share the content of interest with your contacts on social media, by pressing the corresponding button on the website. These plug-ins store and access cookies on your terminal and allow social media to identify you when you interact with them.

Cookies used by external content add-ons: These are necessary to provide certain types of services and are stored by third parties. This category of cookies includes, for example, multimedia player cookies that are used to store technical data to play video or audio content, such as image quality, loading settings, etc.

Third-party cookies to customize advertising spaces: They make it possible to manage the advertisements you see, whenever you access the website. They are stored by third parties.

9.3 Who has access to cookie information?

The information stored in cookies is used exclusively by Sombrero Seguros.

9.4 Can cookies be disabled?

Except for analytical cookies, the use of cookies affects your privacy, for, as a general rule, it allows you to relate your content to the IP addresses connecting clients and other personal data, such as those provided voluntarily.

By accepting this privacy policy and cookies through the Sombrero website, you consent to the collection of cookies for the purposes mentioned. This only occurs in the online environment as a result of the legislation in force on the date of publication of this policy.

Notwithstanding the foregoing, if you decide to delete all cookies stored on your computer and which necessarily require your consent, you can do so by using the tools that your browsers offer for such purposes.

If you do not agree with cookies or want to disable them later, you may have the functionality of the website impaired.

9.5 Changes and updates to the cookie policy

Sombrero may modify this cookie policy under legislative or regulatory requirements, or adapt this policy to the instructions and recommendations established by the regulators. Therefore, we recommend that you periodically review this cookie policy.

10. Changes to the Privacy Policy.

This Privacy Policy may undergo updates so that Sombrero can be always in line with the best practices of Privacy and Data Protection. Therefore, Sombrero recommends that you periodically visit this page to learn about its changes.

If material updates are made to this document, we will publish this update indicating the date of the last update, ensuring that you have access to the new version so that you can be aware of these changes.

Date of last update: 07.04.2021
Law n. 13.709 of 2018