Introduction

This Privacy and Data Protection Policy provides for the main data processing activities carried out by NGX, in order to comply with the General Data Protection Law (LGPD – Law nº 13,709/2018), providing general guidelines on privacy and the protection of personal data of users, partners and collaborators of software provided by NGX, creating rules for the collection, use, reproduction, sharing, storage and elimination of personal data. 

Ways of obtaining and processing data

NGX may obtain data from its business partners, employees and end users of the platform, with the purpose of improving the performance of the platform provided. 

Business partner data may be obtained throughout the contracting process for the NGX platform to provide gaming and betting, in addition to other commercial and business negotiations.

Employee data can be obtained throughout the selection process and for the duration of the relationship with NGX, whether by sending a CV, filling out and updating a registration form, conducting interviews with those responsible, among other means. To this end, the employment contract will contain consent for NGX to obtain this information.

Platform user data may be obtained when entered in the registration on gaming and betting sites whose platforms are provided by NGX, such as, for example, in the following situations: i) creation of an Access Account; ii) registration update; iii) formalization of suggestions and complaints; iv) completing surveys, polls; v) interactions with NGX and companies that use its platform through specific forms and channels offered.

The information that NGX may collect includes, but is not limited to: 1) Name; 2) CPF number; 3) Email address; 4) Access password; 5) Telephone number; 6) City and State; 7) Information about the device's operating system and browser; 8) IP address; and 9) Interactions carried out.

Information relating to the results of bets, lottery games and online games on the platforms provided by NGX, as well as information relating to any deposits and transactions carried out by users and operators, may also be considered as data, for the purposes of this Privacy and Protection Policy of Data, submitting to all the rules contained herein. 

Other technologies may be used to obtain, organize and structure browsing data by users, as well as for behavioral analysis, however, they will always respect the terms of this policy and users' options regarding their collection and storage. 

NGX is not responsible for the veracity or accuracy of the information provided, nor for its outdatedness, and it is the responsibility of partners, users and employees to provide it accurately and up to date. 

NGX may also promote the anonymization of data, through the use of reasonable technical means available at the time of processing, through which data loses the possibility of association, directly or indirectly, with the individual. In the case of anonymization, the provisions of the LGPD, according to art. 12, caput, of Law No. 13,709/2018.

Use and processing of data obtained

The data collected from operators, platform users and employees may be used for the following purposes:

1) Identify and authenticate them appropriately;

2) Manage Account Access and registration;

3) Assist the software contracting company in the technical administration of the platform provided by NGX;

4) Provide and maintain the platform and its contents, including monitoring the use of the platform provided by NGX;

5) Respond appropriately to your requests and queries and provide support to users;

6) Keep your records updated for contact purposes by telephone, email, SMS, direct mail or other means of communication;

7) Improve use and interactive experience while browsing the platform;

8) Enable companies that use the NGX platform to distribute information to their users and employees about new features, features, content, news and other events that we consider relevant;

9) Carry out statistics, studies, research and surveys relevant to their behavioral activities when using the platform provided by NGX, carrying out such operations anonymously;

10) Protect NGX from rights and obligations related to the use of its platform;

11) Collaborate with and/or comply with a court order or request from an administrative authority;

12) Keep records and monitor the frequency and frequency of games played by users, in order to combat compulsive gambling and ensure responsible gaming;

13) Share data collected anonymously using cookie technology to allow business partners and other companies in your Economic Group to have access;

14) Share and transfer registration data to business partners, as long as it is for the specific purpose of enriching your database and preventing the occurrence of fraud and associated risks, respecting the privacy of customers, users and employees; and,

15) Build a database to carry out statistical studies and data collection, always respecting anonymity or anonymization;

16) Report to the competent authority any suspicion or confirmation of money laundering.

The database formed through data collection by NGX is the property and responsibility of the Company, and will not be sold and/or rented to third parties. However, it may be shared with entities in the same economic group as NGX, as well as for access and consultation by partners, and its use will be carried out within the limits described in this Privacy and Data Protection Policy. 

Registration of data processing operations

NGX will record the activities carried out by users on the gaming, betting and lottery platform, creating a record of their activities that will contain:

1) IP address of users;

2) Actions carried out by users on the platform;

3) Features used by users on the platform;

4) Session ID, when available; and,

5) MAC Address.

Other technologies may be used to obtain users' browsing data, however, they will always respect the terms of these Policies and users' options regarding their collection and storage.

Due diligence in the processing of personal data

The General Data Protection Law allows the processing of personal data in specific cases, especially:

1) With the consent of the holder of personal data;

2) To comply with legal or regulatory obligations by the company;

3) To protect the life or integrity of the data subject or third parties; or

4) When necessary to meet legitimate interests or those related to the company's activities;

In view of these hypotheses, NGX recommends that any processing of personal data of operators, administrators, collaborators and users of the platform be carried out with the prior and explicit consent of the holder in accordance with this Policy, which will preferably be obtained in writing or through a checkbox on the platform provided by NGX. In the case of employees, the employment contract will contain consent for data processing by NGX.

NGX is also available to provide mechanisms for revoking consent by the holder of personal data, especially when the information is not necessary for the execution of the Company's activities. 

Furthermore, operators, collaborators and users have the right to inspect their recorded data. If you find that your data is incorrect, incomplete, or cannot be used for its intended purpose, you have the right to request deletion or correction. 

Furthermore, in cases where consent is unnecessary, NGX recommends that holders of personal data be informed about the processing being carried out, as well as the purposes and grounds that justify it.

Finally, in all cases, NGX demands that data processing be limited to the minimum necessary to achieve the chosen purposes, covering only pertinent, proportional and not excessive data in relation to the purposes of processing.

Data storage and protection and security mechanisms

The collected data will be stored in a safe and controlled environment, observing the available state of the art. NGX will make every effort to, whenever possible, protect the data of users and employees, using the best techniques available to protect this information. 

However, considering that no system is infallible, NGX is exempt from any liability for any damages and/or losses resulting from failures, viruses or invasions of its platform's database, except in cases in which it has participated in such conduct.

The data of operators, users and collaborators obtained by NGX may be stored on its own server or on a third party contracted for this purpose, whether located in Brazil or abroad, and may also be stored using technology. cloud computing and/or others that are invented in the future, always aiming to improve and perfect NGX's activities. 

General provisions

The content of this Privacy and Data Protection Policy may be updated or modified at any time, according to NGX's purpose, such as for adequacy and legal compliance with a provision of law or standard that has equivalent legal force, and it is the responsibility of administrators, employees and users check it constantly.