Privacy and Cookie Policy
This document presents the Privacy Policy of SANTA MONICA CRIACAO DE SITES E LOJAS VIRTUAIS LTDA. Its purpose is to explain, based on the General Data Protection Law (LGPD), how the collection, storage, usage, processing, sharing, and deletion of data and information collected by COREBIZ on its digital platforms occur, offering information to data subjects regarding the treatment and use of their personal data.
COREBIZ, a privately held legal entity, legally established in Barueri, São Paulo, registered under CNPJ No. 05.819.843/0001-38, with headquarters at AL Rio Negro, 1030, Condomínio Stadium, Office 206, Alphaville Centro Industrial, Barueri – SP, ZIP Code 06.454-000.
COREBIZ declares that its main objective is to preserve privacy, self-determination, freedom of expression and information, intimacy, honor, and image, as regulated by the General Data Protection Law.
On this website, personal information is handled with care and respect, protecting the rights to privacy and control over personal data. For this reason, we only request the necessary information to operate our activities.
COREBIZ may share some information with third parties. In such cases, the conditions will be detailed throughout this Privacy Policy.
To facilitate understanding, COREBIZ presents its Privacy Policy in the following sections:
1 - Data Collected
While browsing our website, we collect only technical data related to your browsing experience, such as:
- Device information (device type, operating system, version)
- Browser data (type and version)
- IP address and internet provider data
- Pages visited within our site
- Time spent on each page
- Access date and time
- Traffic source (how you reached us)
- Interface interactions (clicks, scrolls)
This data is collected automatically through cookies and similar technologies, aimed at improving your browsing experience, analyzing our website’s performance, and optimizing our services. We do not collect personally identifiable information during casual browsing unless you voluntarily provide it through contact forms or other specific interactions.
For more information on our use of cookies, please see the dedicated section of this policy.
2 - Use and Collection of Data
2.1 - As a general rule, we use the data provided to respond to the questions and interests presented by the data subject; occasionally to communicate with you; and to present the possibility of contracting our services, in case you have shown interest.
2.2 - Data is collected through cookies, small files that gather data based on your access.
2.3 - Disable the use of cookies in your browser if you do not wish to allow data collection, by clicking on the name of the browser you use: Firefox, Edge, Google Chrome, among others.
2.4 - Electronic Communication – Email. With the user’s consent and/or based on legitimate interest, electronic communications may be sent, such as newsletters, quotes, and informational messages.
2.5 - Contracting – Interest in contracting our products and services
If you are interested in contracting our products and services, it will be necessary to complete a registration form with operational data from your company. This information will be provided by responding to a questionnaire, which you must request by email if desired. The sole purpose of this data is for analysis by COREBIZ’s Board of Directors.
3 - Use of Sensitive Data
We do not collect sensitive data. In exceptional cases, if sensitive data is collected, it will be treated solely for its intended purpose. COREBIZ does not share such data with third parties.
4 - Data Protection
To ensure the security of your information, we implement appropriate technical and organizational measures aligned with the digital context of an advertising agency. We use encryption, firewalls, and up-to-date security protocols to protect your data during transmission and storage.
Our team is regularly trained on information security best practices, and we maintain a restricted data access policy—only authorized personnel have access to operationally necessary data. We also perform continuous monitoring to identify and address potential vulnerabilities quickly.
While no system is completely immune to risk, we commit to taking reasonable and proportional steps to prevent security incidents. If any event occurs that could compromise your data, you will be notified as required by applicable law, and we will take all appropriate measures to mitigate potential damage.
5 - Data Sharing
Your privacy is our priority. We only share data with third parties when you provide specific consent, when it is necessary for the operation of our website, or in legally mandated situations. In all cases, we limit sharing to the minimum necessary to fulfill the intended purpose.
Main recipients include technical service providers (hosting and site maintenance), analytics and digital marketing tools (for performance tracking and content personalization), and occasionally public authorities when legally required. All partners are bound by strict confidentiality and data protection obligations.
For each data sharing case, we implement contracts with specific data protection clauses and review the recipient's privacy practices. You have the right to request detailed information about how your data is shared through the channels listed in section 12 of this Policy.
5.1- International Data Transfers
In some cases, to properly operate as an advertising agency, we may transfer data to servers or services located outside Brazil. This mainly occurs when using:
- Global data analytics platforms (e.g., Google Analytics, Adobe Analytics)
- Digital marketing and automation tools (e.g., Mailchimp, HubSpot)
- Cloud hosting services (e.g., AWS, Google Cloud)
- Social media and advertising platforms (e.g., Facebook, Instagram, Google Ads)
When making these international transfers, we apply technical and contractual safeguards to ensure your data receives adequate protection in compliance with the LGPD. These safeguards include:
- Contracts with standard data protection clauses
- Verification of international providers’ privacy policies and certifications
- Preference for providers based in countries with data protection laws equivalent to Brazilian legislation
- Implementation of additional security measures when necessary
The countries where your data may be transferred mainly include the United States, EU countries, and other regions where our technology providers operate.
You may request more information about international transfers and the safeguards in place by contacting us via the channels listed in section 12.
6 - Data Storage
Collected data will be used and stored for the necessary duration based on the intended purposes and in accordance with applicable legal requirements, especially the LGPD. Thus, some data may be deleted sooner or later depending on the reason for its collection.
7 - Data Subject Rights
The LGPD grants data subjects various rights, including (but not limited to): full access to data; data correction; anonymization, blocking, and/or deletion of data; data portability; deletion of consent-based data; information about data sharing; awareness of the option to not provide consent; consent withdrawal; objection to unlawful data processing; and the right to file complaints with the ANPD or consumer protection entities.
8 - Types of Cookies
8.1 - First-party cookies: These are cookies set by COREBIZ and stored on our server.
8.2 - Third-party cookies: These are cookies set by trusted third parties in our application, such as Google and Facebook.
8.3 - Session or temporary cookies: These expire once you close your browser.
8.4 - Persistent or permanent cookies: These remain on your device until manually deleted.
8.5 - Necessary cookies: Enable efficient navigation and access to all pages. Without them, access may be slow or limited.
8.6 - Performance cookies: Help us improve website performance through anonymous data collection.
8.7 - Functionality cookies: Remember preferences anonymously without collecting usernames or passwords.
8.8 - Advertising cookies: Deliver targeted ads based on user interests and limit ad repetition.
8.9 - These cookies can only identify gender, age, and city; they do not collect personally identifiable information unless the user fills out a form.
User identification only occurs when a form is filled out; otherwise, browsing remains anonymous.
9 - Cookies Used on the Website
NECESSARY COOKIES
| COOKIE | DURATION | PROPERTY | DESCRIPTION |
|---|---|---|---|
| SIDCC | 1 year | Third-party (google.com) | Protects data against unauthorized access |
| _Secure-HSID | 6 months | Third-party (google.com and google.com.br) | Stores signed and encrypted records of the user's account, identifies login, authenticates users, prevents fraudulent operations, protects from unauthorized access. |
| AID | 1.5 years | Third-party (google.com) | Stores user activity on Google across devices, including for advertising purposes. |
| DSID | 15 days | Third-party (doubleclick.net) | Stores user activity on Google across devices, including for advertising purposes. |
| NID | 6 months | Third-party (google.com and google.com.br) | Remembers your preferences and other information (preferred language, search results, Google SafeSearch filter activation). |
PERFORMANCE COOKIES
| COOKIE | DURATION | PROPERTY | DESCRIPTION |
|---|---|---|---|
| 1P_JAR | 1 month | Third-party (google.com and google.com.br) | Stores login information and personalizes ads. |
| 1P_JAR | 1 month | Third-party (gstatic.com) | Stores login information and personalizes ads. |
| OTZ | 1 month | Third-party (google.com and google.com.br) | Traffic information, mainly for Google Analytics. |
| _fbp | 3 months | Owner (privacidade@vml.com) | Facebook access measurement pixel. |
| _ga | 2 years | Owner (privacidade@vml.com) | Google Analytics user storage cookies. |
| _gat_UA-141187517-11 | 15 minutes | Owner (privacidade@vml.com) | Used to throttle request rate. |
| _dc_gtm_ | 15 minutes | Owner (privacidade@vml.com) | Used to throttle request rate when Google Analytics is deployed via Google Tag Manager. |
| _gid | 1 day | Owner (privacidade@vml.com) | Google user storage cookies. |
| _hjIncludelnSample | Until logout | Owner (privacidade@vml.com) | HotJar user storage cookies. |
| _hjid | 1 year | Owner (privacidade@vml.com) | HotJar user storage cookies. |
| locale | 2 days | Third-party (facebook.com) | Stores location data. |
ADVERTISING COOKIES
| COOKIE | DURATION | PROPERTY | DESCRIPTION |
|---|---|---|---|
| 1P_JAR | 1 month | Third-party (google.com and google.com.br) | Stores login information and personalizes ads. |
| 1P_JAR | 1 month | Third-party (gstatic.com) | Stores login information and personalizes ads. |
| ANID | 2 years | Third-party (google.com and google.com.br) | Builds a user interest profile and shows relevant, personalized Google ads. |
| APISID | 2 years | Third-party (google.com and google.com.br) | Used by Google to store user preferences. |
| DSID | 15 days | Third-party (doubleclick.net) | Stores user activity on Google across devices, including for advertising purposes. |
| DV | A few minutes | Third-party (google.com) | Builds a user interest profile and shows relevant, personalized Google ads. |
| HSID | 2 years | Third-party (google.com and google.com.br) | Used by Google to store user preferences. |
| IDE | 2 years | Third-party (doubleclick.net) | Used by Google DoubleClick to record, report, and evaluate user actions with ads and show targeted ads. |
| NID | 6 months | Third-party (google.com and google.com.br) | Remembers your preferences and other information (preferred language, search results, Google SafeSearch filter activation). |
| OGPC | 1 month | Third-party (google.com) | Enables Google Maps functionalities. |
| SAPISID | 2 years | Third-party (google.com and google.com.br) | Used by Google to store user preferences. |
| SEARCH_SAMESITE | 6 months | Third-party (google.com and google.com.br) | Builds a visitor user interest profile to show relevant and personalized Google ads. |
| SID | 2 years | Third-party (google.com and google.com.br) | Used by Google to store user preferences. |
| SSID | 2 years | Third-party (google.com and google.com.br) | Used by Google to store user preferences. |
| _SECURE-3PAPISID | 2 years | Third-party (google.com and google.com.br) | Builds a user interest profile and shows relevant, personalized Google ads. |
| _SECURE-3PSID | 2 years | Third-party (google.com and google.com.br) | Builds a user interest profile and shows relevant, personalized Google ads. |
| _SECURE-APISID | 6 months | Third-party (google.com and google.com.br) | Builds a user interest profile and shows relevant, personalized Google ads. |
| _Secure-HSID | 6 months | Third-party (google.com and google.com.br) | Stores signed and encrypted records of the user's account, identifies login, authenticates users, prevents fraudulent operations, protects from unauthorized access. |
| _fbp | 3 months | Owner (privacidade@vml.com) | Facebook access measurement pixel. |
| _ga | 2 years | Owner (privacidade@vml.com) | Google Analytics user storage cookies. |
| act | Until logout | Third-party (facebook.com) | Tracks users by Facebook for advertising purposes. |
| c_user | 1 year | Third-party (facebook.com) | Tracks users by Facebook for advertising purposes. |
| datr | 2 years | Third-party (facebook.com) | Tracks users by Facebook for advertising purposes. |
| fr | 3 months | Third-party (facebook.com) | Tracks users by Facebook for advertising purposes. |
| locale | 2 days | Third-party (facebook.com) | Stores location data. |
| presence | Until logout | Third-party (facebook.com) | Tracks users by Facebook for advertising purposes. |
| sb | 2 years | Third-party (facebook.com) | Tracks Facebook users with cookies (fr) used for advertising purposes. |
| spin | 1 day | Third-party (facebook.com) | Tracks users by Facebook for advertising purposes. |
| wd | 1 week | Third-party (facebook.com) | Tracks users by Facebook for advertising purposes. |
| xs | 1 year | Third-party (facebook.com) | Session Cookie. |
10 - Privacy Policy Updates
This Privacy Policy may be modified or updated whenever necessary.
We recommend checking the latest version under section 11 of this document during your visits.
11 - Versions
First version of COREBIZ Privacy Policy – February 2022
12 - Contact
Address: AL Rio Negro, 1030, Condomínio Stadium Escritório 206, Alphavile Centro Industrial, Barueri – SP, ZIP CODE 06.454-000, Email - privacidade@vml.com
Corebiz Privacy and Cookies Policy