WhatsPro Privacy Policy

At LOOP Tecnologia LTDA ("LOOP Tecnologia", "we, us") we consider the privacy and the security of personal data to be extremely important.

This Privacy Policy explains clearly and transparently what personal data we collect, how we process it, the purposes for which we use it, and how users can exercise their rights, including requesting deletion of their data.

We process personal data for (1) our own purposes and (2) under instructions of our customers who use WhatsPro service ("Service"), upload and keep certain information in it in accordance with the applicable data protection laws and regulations. In the second case, we strictly adhere to customers' instructions and do not use data for any other purposes than providing the Service (see details in Data Processing Addendum).

In this Privacy Policy, we describe how we process the personal data of the following data subjects for our own purposes:

• our customers, their end users and representatives,
• website users,
• newsletter subscribers,
• potential customers,
• our counterparties and their representatives.

It covers information collected in the Service, on our website www.whatspro.me, or other websites administered by LOOP Tecnologia LTDA where Privacy Policy is placed (the "Site"), in our Mobile apps and in other sources.

If you have any questions or suggestions concerning our privacy practices, please email us at [email protected]. Please also send us an email, if you would like to request data access or deletion, or to exercise other rights as a data subject.

Definitions

Personal data: any information relating to an identified or identifiable natural person, that is, a person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person.

Processing of personal data: any operation or any set of operations relating to personal data, whatever the process used, and in particular the collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as locking, erasure, or destruction.

Cookie: a cookie is a piece of information placed on the hard drive of Internet users by the server of the site they visit. It contains several pieces of data: the name of the server which installed it, an identifier in the form of a unique number, and possibly an expiry date.

Data Controller - DPO

The data controller for the processing of the personal data referred to herein is LOOP Tecnologia LTDA, CNPJ 50.456.744/0001-93, located at Avenida Paulista, 1106, Sala 01 Andar 16 - Bela Vista, São Paulo - SP, 01.310-914, a company registered in Brazil.

LOOP Tecnologia LTDA has appointed a Data Protection Officer who can be contacted at the following address: [email protected].

1. How We Collect Personal Data

What personal data we collect depends largely on the interaction that takes place between you and WhatsPro, most of which can be categorized under the following:

When you use WhatsPro Service or interact with an entity that uses a WhatsPro Service

When you use WhatsPro Service, we store all the content you provide, including information related to you as a customer or an end user of the Service. We gather this information from you directly when you enter it, or from integrations that you linked to the Service (Facebook, Instagram, etc.). When you ask us to sign DPA or other documents, we also receive data about you and your representatives.

When you send us emails or message us

When we receive emails or messages from you in the chat, we can store the content of such emails, attachments as well as your contact details.

When you submit forms on the Site or participate in our events

When you complete forms on the Site (contact us, subscription, demo request, event registration, etc.) we collect your contact details and information you complete in the form.

When you use the Site

When you use the Site, we collect certain information, as described in more detail below that may, alone or in combination with other information, constitute personal data (e.g. cookie files).

2. What Types of Personal Data We Process

We collect and process the following personal data:

Customer account details

To create or update your account and provide the Service we collect from you and third-party integrations (e.g. Facebook, Instagram) information about you, as a customer or end-user of the Service. This includes id, name, email, status, linked pages and accounts, products in use, location, gender, etc.

Financial information

To process your payments for the Service subscription, we need your credit card details (last four digits of the card number), account details and payment information.

Contact details and business data

We receive information about our customers and potential customers for cooperation and communication purposes. This includes full name, title, company, email or other contact details as may be necessary.

Requests, messages and submitted forms details

We receive and process your messages, support requests, emails and information you share with us via online forms or social media accounts. This includes the content of such communications as well as your contact details if any.

Usage data, logs and other technical data

When you interact with the Service, metadata and log files are collected automatically. Log data may include the Internet Protocol (IP) address, your browser type and settings, the date and time you used the Service, information about browser configuration plugins, language preferences, the pages or features which you browsed, time spent on those pages or features, the frequency of pages and functions use, the links clicked on or used.

3. For Which Purposes We Use Personal Data

We collect and process your personal data for the following purposes:

• To operate the Service: We use data to enter into the agreement with you as a customer and operate, maintain and administer your account in the Service, as well as to communicate with you regarding the account (sending announcements, technical notices, updates, security alerts, and support and administrative messages) and to respond to Service-related requests, questions and feedback.
• To provide the Service: We process Customer Content information on your behalf as a customer.
• To communicate with you and inform you about the Service: If you request information from us, register for the Service, complete a form or feedback on a Site, or participate in our surveys, promotions or events, we may send you WhatsPro-related marketing communications if permitted by law.
• To conduct events and communicate with you: We use your personal data, which you provided while registering for the event, to send you reminders about the event, communications related to the event and WhatsPro-related services.
• To comply with law: We use your personal data as necessary to comply with applicable laws, including sanction requirements, accounting and tax obligations, legal processes or audits, to respond to subpoenas or legally binding requests from government authorities.

4. How We Share Personal Data

We do not sell your data to third parties for commercial or advertising purposes. We share your data as described in this Privacy Policy or upon obtaining your consent for such data sharing.

We disclose personal data to third parties under the following circumstances:

• Service Providers: We employ third-party companies and individuals to help us with performance of certain activities, e.g. payment service providers. We also use third-party software to process data (e.g. CRM, email agent, cloud storage solutions, etc.).
• Professional Advisors: We may disclose your personal data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.
• Third-party Applications and Integrations: For the provision of the Service we receive and share data with integrations and apps linked by customers (Facebook, Instagram, Stripe, Paypal, etc.).
• Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.
• Compliance with Laws and Law Enforcement: WhatsPro may disclose information about you to government or law enforcement officials or private parties as required by law.

5. Your Data Protection Rights & Choices

You, including any data subject that has its personal data processed by WhatsPro in its capacity of data controller, may have the following rights depending on the applicable legislation in your jurisdiction:

• Access: If you wish to confirm the existence of processing of your personal data or access your personal data that WhatsPro collects, you can do so at any time by contacting us.
• Correction and Update: You can contact us to update, correct incomplete, inaccurate, or outdated data in your account.
• Deletion: You have the right to request deletion of your personal data. To request deletion of your data, send an email to [email protected] with the subject "Data Deletion Request". We will process your request within 30 days, except when retention is necessary to comply with legal obligations.
• Information about Sharing: You have the right to request information about data sharing and with whom it is shared.
• Information about Consent: You have the right to request information about the possibility of not providing consent and the consequences of refusal.
• Objection and Restriction: If you are in the European Economic Area ("EEA"), the UK, Brazil or Switzerland, you can object to processing of your personal data, ask us to restrict processing of your personal data processed with consent, or request portability of your personal data where it is technically possible.

You may submit your request via email to [email protected]. We will respond to all requests in accordance with applicable data protection laws.

6. For How Long We Retain Personal Data

We will retain and process personal data until you terminate the Agreement with us as set forth under the Terms of Service or based on your explicit request.

If you are located in Brazil, we also have to store access logs for a 6-month period to meet the requirements provided by the Brazilian Internet Act (Law 12,965 of April 23, 2014).

7. International Data Transfers

WhatsPro implements preventive controls for data transfer, including standard contractual clauses, specific contractual clauses and global corporate standards. Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers, including in the U.S.

8. Children's Information

WhatsPro does not intentionally collect personal data from children under 16 years of age. However, we cannot control the personal data that our customers collect. If a customer chooses to enter personal data of children under 16 years of age in the Services, that customer does so under their own privacy practices, not ours.

WhatsPro is not responsible for a customer's failure to comply with any law designed to protect children or any other law governing the customer's use of our Services. Please contact the customer directly if you have questions about their privacy practices.

As part of our commitment to your privacy, we encourage you to contact us at [email protected] if you believe we may have collected any online information from a child under 16 years of age, or if you are aware of any unauthorized submission of information to us. WhatsPro reserves the right to delete any information from our systems if we discover it was collected inappropriately.

9. Automated Decision Making

If you are located or serve customers in the EEA, United Kingdom, Switzerland or Brazil, you must not use the Service for automated individual decision-making, including profiling, that produces legal effects on individuals, or significantly affects them.

10. Security

WhatsPro has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being accessed by unauthorized third parties, distorted, or damaged.

These measures include the following:

• Multi-level firewall
• Proven solutions for anti-virus protection and detection of intrusion attempts
• Encrypted data transmission using SSL/https/VPN technology
• Tier 3 and PCI DSS certified data centres

In addition, access to processing data on behalf of WhatsPro by the receiving third-party services requires authentication of the persons accessing the data, by means of an individual access code and password, that is sufficiently robust and regularly renewed.

Data transmitted over unsecured communication channels is subject to technical measures designed to make such data incomprehensible to any unauthorised person.

If you have any questions about the security of your personal data, you may contact us by email [email protected].

11. Additional Terms Regarding the Use of Third-party Integrations

WhatsPro's platform complies with the Google API Services User Data Policy, including the Limited Use requirements. Any use and transfer of information received from Google APIs from WhatsPro's platform to any other applications will require adherence to the Google API Services User Data Policy, including the Limited Use requirements.

Notwithstanding anything else in the present Privacy Policy, if the User provides WhatsPro access to their Gmail user data, WhatsPro shall:

• only use access to read, write, modify, or control Gmail message bodies (including attachments), metadata, headers, and settings, allowing WhatsPro to provide a web email client for the Users to compose, send, read, and process emails
• never transfer such data to other parties unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets
• in no way use such data for its management of customer acquisition and marketing activities
• in no way use such data to serve advertisements
• not allow humans to read this data unless WhatsPro has the User's affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for WhatsPro's internal operations, and even then, only when the data have been aggregated and anonymized

12. Legal Basis for Processing Your Personal Data

If you are a person located in Brazil, the EEA or the UK, our legal basis for collecting and using the personal data described above will depend on the purpose of processing and personal data concerned:

• We process data to perform a contract with you on the use of the Service;
• We also process data based on our legitimate interest in the following cases: to communicate with you and inform about our Service; to conduct events; for compliance and safety.
• We process some types of cookie files based on your consent.

13. Compliance with Laws and Regulations

WhatsPro processes personal data strictly in compliance with:

• General Data Protection Law (LGPD): Law No. 13.709/2018 of Brazil
• General Data Protection Regulation (GDPR): Regulation (EU) 2016/679
• Brazilian Internet Civil Rights Framework: Law No. 12.965/2014 of Brazil
• WhatsPro Terms of Service: Our applicable terms and conditions
• Platform Policies: All policies applicable to platform data

We process personal data only as clearly described in this Privacy Policy and in accordance with all applicable laws and regulations, our Terms of Service, and all other applicable policies.

14. For California Residents

If you are a resident of California, California Civil Code Section 1798.83 permits you to request information regarding how we disclosed your personal data to third parties for such parties' direct marketing purposes during the preceding calendar year.

15. Complaint Procedures

In the event of a dispute, Users may file a complaint with the relevant data protection authority in their jurisdiction. For users in the European Union, complaints can be filed with the appropriate supervisory authority. For users in Brazil, complaints can be filed with the National Data Protection Authority (ANPD).

Users may also access detailed information about the use of their personal data, in particular concerning the purposes of the processing, the legal bases enabling WhatsPro to process the data, its storage period, its recipients, and, where applicable, its transfer to a country outside the European Union as well as the related compliance guarantees put in place for such transfers. To do so, the User can send their request by email to [email protected].

16. Changes to Our Privacy Policy

We may need to change this Privacy Policy from time to time to reflect legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you before its entry into force, consistent with the significance of the changes we make.

17. How to Contact Us

If you require any more information or have any questions about our privacy policy, please feel free to contact us reaching out to us, by email at [email protected]