Privacy Policy - Pontotel
We, at Pontotel (AUTOMATIZAÇÕES SÉCULO XXI TRATAMENTO DE DADOS S.A.), are committed to protecting your privacy. Seeking to demonstrate compliance with the General Data Protection Law (Federal Law No. 13,709/2018 - "LGPD"), we produced this document to clarify what information is collected from users on our website https://www.pontotel.com.br, or on our applications (for iOS and Android, web management) – and how that data is processed and used to provide services.
By using Pontotel, you agree to the practices described in this Policy, aware that this document does not apply to services offered by other companies or individuals.
How we collect data
1. Data collection through the system
Pontotel offers a complete system for time recording, processing and management, to help employers control work schedules, comply with labor regulations and management processes, and therefore may collect personal identification information.
According to the LGPD, Pontotel acts as a data "processor," meaning it processes data on behalf of "controllers" who, in this case, are your employers. The processing of personal data and sensitive personal data occurs in accordance with instructions received from employers, unilaterally, based on their own internal needs, for control and management of how that information is used and shared through the platform. Therefore, the collection of some sensitive personal data is optional for the employer (as listed in Annex I).
Furthermore, the main purposes for processing data collected by Pontotel are based on meeting the legal obligations of our clients (Controllers) and ensuring fraud prevention through auditable authentication processes. Under no circumstances will your data be shared with third parties.
To provide our services, we justify the collection of personal data based on Art. 6, item I of the General Data Protection Law - LGPD, meaning data collection is necessary to comply with various legal obligations your employer has with you.
The collection and processing of sensitive data, such as photos and medical certificates, are optional and depend on decisions and configurations requested by employers.
a. About system data collection:
It is the obligation of the User and the employer to ensure the authenticity of data entered into the platform. Pontotel is not responsible for consequences arising from providing incorrect or illegitimate information.
If you are under eighteen years old, it is your employer's responsibility to obtain the necessary authorization from at least one of your parents or legal guardian for the collection and processing of your data by Pontotel.
b. About changing/deleting personal information through the System:
Pontotel's data officer, Mr. Pedro Henrique Lopes Silva, is responsible for monitoring activities involving data processing. He is also responsible for communication with employers and the National Data Protection Authority (ANPD), and any clarifications needed regarding the collection of your data may be requested via email: dpo@pontotel.com.br. In his absence, the position will be filled by Mr. Edson Aguilera-Fernandes, who can be contacted at the same email address.
If for any reason there is a need to request access, rectification, blocking, deletion, data portability or any other right based on Brazilian privacy laws, you must notify your employer (data controller). According to the law, your employer (data controller) must direct Pontotel (data processor) to establish new actions to be taken. All communications between data controller and data processor must be made by contacting the data officer (email: dpo@pontotel.com.br).
This process ensures Pontotel's commitment to information transparency and assistance to contracting employers regarding user requests about their data.
c. About storage and international data transfer:
In compliance with Art. 33, item I of the General Data Protection Law - LGPD and Resolution No. 19 of the ANPD, which governs rules for international transfer of personal data, Pontotel uses cloud service providers to store personal data or sensitive personal data.
International transfer of personal data occurs during the term of the service contract, exclusively for the purpose of storing and processing user data. Personal data collection is performed based on Art. 6, item I of the General Data Protection Law - LGPD, meaning it is necessary to comply with the employer's legal obligations. The cloud services used by Pontotel are located in the state of Virginia, in the United States of America. The responsibilities of processing agents are set forth in the Standard Contractual Clauses defined by the ANPD, available in the table below. These providers attest to compliance with the guarantees and rights of data subjects, in accordance with the General Data Protection Law - LGPD. Pontotel provides the channel dpo@pontotel.com.br for handling requests and questions from data subjects regarding the storage of their data.
Pontotel does not share personal data, as cloud services do not have access to the stored and processed data. Nor are secondary transfers made with this data. All data processing procedures are detailed in this Policy.
| Provider | Location | Purpose | Compliance | Standard Contractual Clauses |
|---|---|---|---|---|
| Amazon Web Services (AWS) | USA (Virginia) | Storage | Cloud Compliance – AWS | Standard Contractual Clauses |
| Google Cloud Platform | USA (Virginia) | Storage and data processing | Cloud Compliance & Regulations | Standard Contractual Clauses |
| MongoDB | USA (Virginia) | Storage | Trust Center | Standard Contractual Clauses |
We note that, according to Pontotel's needs, provider data is updated periodically.
d. End of access:
Your access to the platform and storage of collected data will be determined by the duration of the signed contract or commercial terms negotiated between the employer and Pontotel. Therefore, Pontotel may block your access after contract termination or end of the negotiated term, regardless of prior notice, subject to contracted obligations, and no compensation of any kind will be owed to you as a result.
It is the responsibility of companies contracting the platform to back up all information they deem relevant before completing the service cancellation. After cancellation, and in accordance with Article 16 of the General Data Protection Law, Pontotel will delete all your data from the platform.
2. Data collection through the website
When accessing Pontotel's website, information will be collected in the following ways:
Information provided by the user – We collect personal identification information – such as name, phone, email, location, company and position – through registration on our website. Occasionally, requests for some information may be made through direct contact from Pontotel with users via email or phone.
Information provided by Partners, Ambassadors or Lead Referrers – The collection of personal identification information – such as name, phone, email, location, company – may be obtained through provision by the Partner, Ambassador or Lead Referrer, who will direct a registration link to be completed directly on Pontotel's website by the user. Occasionally, registration may be filled in directly by the Partner, Ambassador or Lead Referrer with information acquired through contact and obtaining user authorization, subsequently shared with Pontotel. Requests for some additional information may be made through direct contact from Pontotel with users via email or phone. The Partner, Ambassador or Lead Referrer shall be solely legally responsible, in all judicial or extrajudicial spheres, irrevocably and irreversibly, for information provided to Pontotel, whose purpose is to facilitate contact with a potential qualified lead through referral.
Commercial relationship history – We store information about all contacts made with our users, as well as our email interactions.
Website browsing information – When visiting our website, cookies may be inserted in your browser. You can accept or refuse the collection of non-essential cookies while browsing our website, through our consent banner or your browser settings. More information about cookies is available in the table below.
a. Consent types
| Consent Types | Functionality |
|---|---|
| Google Analytics | These cookies allow us to collect data about user behavior on the site so we can improve it. |
| Advertising Storage (Google Ads) | These cookies allow storage of advertising-related data, used to display relevant ads for you and your interests. |
| User Data for Advertising (Google Ads) | These cookies allow sending advertising-related data to Google, used to display relevant ads for you and your interests. |
| Ad Personalization (Google Ads) | These cookies allow ad personalization based on your data. |
b. Data sharing for integration purposes
Upon authorization from your employer (Controller), Pontotel will share your data with companies in the Sankhya Group, of which it is a part, for the purpose of integration between systems. Except for the situation mentioned, Pontotel will NOT share your data, unless necessary to comply with any applicable legislation, regulation, legal process or governmental request.
c. About changing/deleting personal information through the website:
You may opt out of receiving any type of commercial communication from Pontotel, and any requests related to data subject rights, in alignment with the LGPD, may be directed to contact via email dpo@pontotel.com.br.
It is important to note that by filling out any form again, the reinsertion of your information in our database will be characterized. Therefore, the cancellation request must be made again, if that is your wish.
Security of personal information and incidents
Pontotel commits to working diligently to protect its users from unauthorized access that may alter, disclose or destroy their information stored by us.
To protect your data, we adopt various technical and organizational measures based on recognized best practices. However, should a data protection incident occur, we will notify you within no more than 48 (forty-eight) hours from the moment we become aware of the breach. We will inform you about: (i) the nature of the breached data; (ii) the possible consequences of this breach; (iii) the measures that have been or will be taken by Pontotel to reverse or mitigate the effects of this incident.
To ensure asset protection and the trust of our clients, Pontotel rigorously follows LGPD standards and ISO 27001 recertification requirements, being subject to regular audits. The comprehensive approach includes rigorous access management, data encryption, device protection, regular backups with recovery testing, constant training for our employees on topics related to information security, data privacy, business continuity, information classification and access passwords, conducting phishing tests and other penetration tests and vulnerability management performed by specialized third parties.
These measures ensure the confidentiality, integrity and availability of information, providing a secure environment.
Platform Use
By accepting this policy, you acknowledge that we are not responsible for: (i) the absence of compliance by your employer with their legal obligations to you, regarding the necessary authorizations for the use of your data by the platform; (ii) any incomplete, inaccurate, outdated, or untruthful information entered into the platform by you or your employer, and consequently for failures and errors in processing that data; (iii) any type of damage that may result from unauthorized third-party access to our platform, due to failures exclusively attributable to you or third parties, and which are beyond any reasonable control of Pontotel.
By using the Pontotel system and accepting the policy, you acknowledge that your platform access credentials are your sole and exclusive responsibility and must not be shared with third parties. Therefore, you are solely responsible for unauthorized access made through your credentials.
Requests regarding your data
Any questions regarding our privacy policy, or regarding your data, may be clarified by contacting us via email to Pontotel's data officer, Mr. Pedro Henrique Lopes Silva, dpo@pontotel.com.br. In his absence, the position will be filled by Mr. Edson Aguilera-Fernandes, who can be contacted at the same email address.
We are located at Avenida Rebouças, 2516, 14th floor, HY Pinheiros Building - Pinheiros - ZIP: 05402-400.
Privacy Policy Updates
The Privacy Policy may undergo updates, which will be made available on this page. Therefore, we recommend periodic visits to check for any updates or changes.
Before using information for purposes other than those defined in this Privacy Policy, we will request your authorization.
The version number and date of the Privacy Policy will be updated in case of changes.
São Paulo, September 11, 2025.
Automatizações Século XXI Tratamento de Dados S.A.
| Version | Date | Changes | Description | Responsible |
|---|---|---|---|---|
| 01 | 07/2024 | Initial Version | N/A | Pedro Henrique Lopes |
| 02 | 07/2025 | Review | Cookie management update | Gabriela Laborda |
| 03 | 09/2025 | Review | Alignment with ANPD Resolutions No. 18 and 19 | Gabriela Laborda |
| 04 | 12/2025 | Review | Alignment with ANPD Resolution No. 19 | Gabriela Laborda |
ANNEX I - LIST OF DATA PROCESSED BY THE PONTOTEL PLATFORM
| Data Group | Data | Source | Purpose of Use |
|---|---|---|---|
| Time Tracking | Clock-in time | Time Tracking | Work shift delimitation |
| GPS Location (optional) | Time Tracking | Audit, fraud reduction and management | |
| Photo (optional) | Time Tracking | Audit, fraud reduction | |
| Pin / Identifier / Email | Time Tracking | Employee selection | |
| Audio (optional) | Time Tracking | Audit, fraud reduction | |
| Employee Registration | Name | Employee Registration | Portaria 671 reports |
| CPF (Tax ID) | Employee Registration | Report identification | |
| Pin | Employee Registration | Registration identification | |
| Work schedule | Employee Registration | Legal reports | |
| Employer | Employee Registration | Legal reports | |
| Admission date | Employee Registration | Workday calculations | |
| Photo (optional) | Employee Registration | Recognition and audit | |
| Code (optional) | Employee Registration | Management reports | |
| Email (optional) | Employee Registration | Management reports | |
| CTPS (optional) | Employee Registration | Management reports | |
| Phone (optional) | Employee Registration | Management reports |