WE TREAT DATA ETHICALLY

YAMÁ 's mission is to provide consumers with affordable products of the highest professional quality so that they can innovate, enhance and intensify their identity.

Our values consist of autonomy, trust, integrity, quality, respect, teamwork and transparency.

Therefore, it would be no different when we talk about personal data, we understand that all treatments carried out by YAMÁ must offer security, ethics and transparency and that our holders must be in control of their data!

‍Important: Any updates will be published on our website, and we encourage you to check our website periodically to ensure that you understand our updated practices!

In order to make it easier to read, here are some useful definitions for your interpretation:

General Personal Data Protection Law (LGPD): Aims to protect the fundamental rights of freedom, privacy and the free development of the individual's personality through rules on the protection of personal data.

Legal basis:

Legal hypotheses that authorize us to process personal data: it may be your consent, the need to fulfill a contract we have with you, or compliance with a legal obligation, for example.

Consent:

You authorize the processing of personal data on the basis of your free, informed and unequivocal consent to the processing of personal data for a specific purpose, as informed by us.

Legitimate Interest of the Controller or Third Party:

This is another possibility that allows personal data to be processed when necessary to meet our legitimate interests, such as certain communications.

Personal data:

Data relating to a natural person that is capable of identifying the person or making it possible to identify them.

Examples of personal data that allow you to be identified are: Name, CPF, ID, address, cell phone, e-mail, etc.

Sensitive Data:

Personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data relating to health or sex life, genetic or biometric data, when linked to a natural person.

Data Controller:

It is our Data Controller who acts as a channel of communication between YAMÁ, the Data Subjects and the National Data Protection Authority (ANPD), when it comes to the protection of your personal data.

YAMÁ:

The agent responsible for processing your personal data is INDÚSTRIA E COMÉRCIO DE PRODUTOS DE BELEZA YAMÁ LTDA., a company duly registered under CNPJ No. 61.647.921/0003-05, with its registered office in the city of Cotia, state of São Paulo, at Rodovia Raposo Tavares, No. 27505.

Platforms:

It is the site managed by or for YAMÁ.

Warning:

This is the privacy notice.

Products, Businesses and Experiences:

These are all the products, businesses, experiences and consumer journeys offered by YAMÁ, such as platforms, technologies and campaigns.

Technologies:

These are all the personal identification tools offered as a result of the use of our products, businesses and experiences.

Data Subject:

It is you, the individual to whom the Personal Data refers. Whether as a consumer, user of our products, businesses or experiences.

Treatment:

These are the uses we make of your Personal Data, including but not limited to the following activities: collection, storage, consultation, use, sharing, transmission, classification, reproduction, deletion, inactivation and evaluation.

Most of your personal information is usually provided directly by you.

Owners: individual customers and legal representatives and employees of customers (companies).

Below are some examples so that you can identify the situations in which we collect your data:

  • Forms that you fill in on our platforms or phone calls to get a quote or clarify any doubts about how the product resale process works;
  • When you contact us through our service channels to ask general questions about the products, make complaints or request exchanges;
  • When you interact with us through our advertisements made available on third-party platforms or on our social networks;
  • When you sign up to receive promotions and newsletters;
  • When our customers (companies) provide personal data about you (employees) so that we can present our products for resale in your establishment;
  • When you use our website, we may collect cookies, see item 4;
  • When you make your data publicly available on social networks such as Facebook and Instagram;
  • When your data is publicly available from public bodies, such as the Internal Revenue Service or Google;
  • When you visit our stands at events.

We only process personal data that is strictly necessary and for legitimate and specific purposes:

  • Make sales to MEI, Commercial Representatives or LTDA: Registration, identification and contact details, such as name, CPF, address, e-mail, financial details, telephone number;
  • Issuing invoices: Registration data, identification, contact, such as full name, address, telephone, e-mail;
  • Delivering the products purchased: Registration, identification and contact details, such as name and surname, CPF, e-mail address, telephone number and full address;
  • Clarify general doubts: Registration, identification and contact details, such as name and e-mail;
  • Clearing complaints and exchanging products: Registration, identification, contact and communications data, such as name, home address, e-mail, bank details and service history;
  • Carrying out sweepstakes and campaigns: Identification data, such as full name, address, e-mail address and telephone number;
  • Send promotions and newsletters: Contact details: e-mail;
  • Offer product recommendations, inform about the availability of a product that the customer has already shown interest in or that is on sale: Registration data, identification and profile, such as name, e-mail, date of birth, purchase history;
  • Grant credit: Registration and identification data, such as the full name of the company's legal representatives.

Please note: YAMÁ declares and guarantees that it does not process any personal data in a discriminatory manner and that it does not violate any of your fundamental rights and freedoms;

  • Prospecting MEI and LTDA customers and answering questions about the resale process: Registration, identification and contact details, such as name, business e-mail, business telephone number;
  • Provide a simple quote: Registration, identification and contact details, such as name, e-mail address, telephone number;
  • To protect YAMÁ's rights in administrative and judicial proceedings: Registration data, identification, contact, communication, such as name and surname, date of birth, CPF, home address, e-mail, telephone, bank details and purchase history.

Attention: YAMÁ declares and guarantees that it does not process sensitive personal data in the activities listed here, with processing being based on the authorizing hypotheses provided for in art. 7 of the LGPD, with emphasis on:

  • (i) Execution of the contract and procedures preliminary to the contract to which the holder is a party, at the holder's request;
  • (ii) Compliance with a legal or regulatory obligation of the controlling shareholder;
  • (iii) Regular exercise of rights in judicial, administrative and arbitration proceedings;
  • (iv) Legitimate interest of the controlling shareholder or a third party; and
  • (v) Consent, always observing legal requirements.

Cookies are files installed on a user's device that allow the collection of certain information, including personal data in some situations, in order to fulfill various purposes, such as the proper and secure functioning of electronic pages and to enable the provision of services in the digital environment.

Cookies are categorized from different perspectives:

  • Cookies in agreement with the Manager:
    • Own or first-party cookies: these are cookies set directly by our website, i.e. domain https://www.yama.com.br/, to record settings, user browsing preferences and generate statistical reports.
    • Third-party cookies: these are cookies created by a domain other than the one you are visiting. They derive from the functionalities of other domains that are incorporated into the website.
  • Cookies according to need:
    • Necessary cookies: these are essential for the website to function correctly. For this reason, it is not possible to disable them.
    • Non-necessary cookies: these cookies are not essential to the functioning of the site and, therefore, if you disable them, the site will continue to operate correctly. However, through them we can identify the source of your access to our site, your preferences, how you use our site, enable you to share content from the site on social networks.
  • Cookies according to Purpose:
    • Analytical or performance cookies: these make it possible to collect data and information on how users use the site, which pages they visit most often on that site, the occurrence of errors or information on the performance of the site or application itself.
    • Functionality cookies: these are used to provide the basic services requested by the user and make it possible to remember website or application preferences, such as user name, region or language. Functionality cookies may include first-party, third-party, persistent or session cookies.
    • Advertising cookies: these are used to collect information from the user for the purpose of displaying advertisements. More specifically, by collecting information on the user's browsing habits, advertising cookies allow them to be identified, profiles to be built and personalized ads to be shown according to their interests.
  • Cookies according to the Information Retention Period:
    • Session or temporary cookies: these collect and store information while you are accessing the site and are discarded once the session has ended, i.e. after you close your browser. They are used regularly to store information that is only relevant to the provision of a service requested by you or for a specific temporary purpose, as is usually the case with a list of products in a shopping cart on a website.
    • Persistent Cookies: the data collected through these cookies is stored and can be accessed and processed for a defined period that can vary from a few minutes to several years.

    YAMÁ limits the duration of first-party cookies according to the purpose for which they were collected and are processed.

    To find out the details of each cookie or change your options, go to the "Cookie" icon at the bottom left of the page.

    FIND OUT ABOUT THE COOKIES WE USE:

    REQUIRED:

    • Domain: .youtube.com - Name: VISITOR_PRIVACY_METADATA: manage user choices about cookies on Youtube - Expiry date: 06 months
    • Domain: https://www.yama.com.br/ Name: fedops.logger.sessionId: local storage.
    • Domain: https://www.yama.com.br/ Name: _uetsid_exp: local storage.
    • Domain: https://www.yama.com.br/ Name: __uetvid: local storage.
    • Domain: https://www.yama.com.br/ Name: __uetvid_exp: local storage.
    • Domain: https://www.yama.com.br/ Name: __uetsid: local storage.
    • Domain: https://www.yama.com.br/ Name: _platform_app_1380b703-ce81-ff05-f115-39571d94dfcd_6fd0a333-d94f-4efd-9284-063a7a7cb32a: armazenamento local.
    • Domain: https://www.yama.com.br/ Name: _debug: local storage.

    PERFORMANCE:

    • Domain: https://www.yama.com.br/ Name: ___ga_8D1ERCHD6G: used by Google Analytics to maintain the session - Expiration date: 01 year and 01 month
    • Domain: https://www.yama.com.br/ Name: _ga: used by Google Analytics to calculate users, sessions and campaign data by identifying users through ID - Expiration date: 01 year and 01 month

    ADVERTISING:

    • Domain: https://www.yama.com.br/ Name: _fbp: used by Meta to provide the service of advertising products, which includes the auction of data for the offer of advertisements by third parties (real timing bidding) - Expiration date: 03 months
    • Domain: .youtube.com Name: YSC: used by Youtube to track video views of Yamá content - Expiration date: Session
    • Domain: .youtube.com Name: VISITOR_INFO1_LIVE: used by Youtube to keep track of user preferences on videos on the site. It is also possible to identify whether the user is using the new or old version of the Youtube interface - Expiry date: 06 months
    • Domain: .youtube.com Name: _gcl_au: used by GoogleAdSense to generate efficiency for Yamá ads/propagandas - Expiration date: 03 months

    You can still opt out at any time and you can delete cookies from applications using your preferred browser settings.

    For more information on how to manage cookies in browsers go to:

    If you use another browser, we suggest that you identify the cookie management support and make the adjustments you deem appropriate.

    Please note: You can always decide whether or not to integrate this information.

    It is important to remember that we do not control the policies and practices of any other third-party sites or mechanisms.

    It's also worth pointing out that you can and should be the protagonist of the marketing preferences that you will be subject to in relation to interactions on social networks.

    We therefore encourage you to always consult your privacy options and set them as you wish.

We store your personal data securely, in YAMÁ's technological infrastructure or that contracted by us, according to the security standards applicable to the hypothesis, and in a way that favors the means to exercise your rights provided for in the LGPD.

All data processing and storage routines are carried out in Portugal, i.e. there is no international data transfer. Data hosting and processing are carried out by companies that guarantee the continuous operation of the infrastructure, with redundancies and monitoring, and preventive maintenance and incident response, in accordance with international security and business continuity standards, including ISO27001.

The storage period complies with the purpose, legal or regulatory requirements and the exercise of rights in proceedings.

For a better understanding of data disposal, see item 07 of this notice and for safety measures, see item 08.

In order to provide our services to you, guarantee safety and the best experiences, we rely on suppliers to help us in our mission.

All personal data collected is only shared when there is an appropriate legal basis.

Our suppliers include, for example, companies in the following industries:

  • (i) data hosting;
  • (ii) security of the owner and assets;
  • (iii) authentication and validation of registrations;
  • (iv) advertising, marketing, digital and social media data and tools;
  • (v) logistics and product delivery;
  • (vi) collection, default and anti-fraud advisory services;

In addition, we enter into contracts with privacy and information security obligations to minimize risks for the data subject.

Your personal data will be deleted when the purposes for which it was collected have been fulfilled, in compliance with the applicable temporality tables, our Data Retention Policy and the rules for the end of processing, deletion and hypotheses for data retention, under the terms of articles 15 and 16 of the LGPD.

    • Use of an advanced Next Generation firewall with a hacker detector and anomalies caused by a robot attempting to break into the network;
    • Antivirus with artificial intelligence (EDR);
    • Encryption on all company computers;
    • Advanced network segregation according to active user access;
    • Backups with periodic restoration tests with total security to guarantee business continuity;
    • Use of secure protocols for data exchange, such as HTTPS and TLS, among others, with access to sites using a digital certificate and remote access by secure means using VPNs with encryption and authenticity, which guarantee the privacy and security of connections;
    • Quality and security assessment carried out by artificial intelligence(SAST), among others, of all YAMÁ-owned software source code.

    In addition, Pentest and vulnerability testing of security servers is carried out periodically by an independent company that complies with international penetration testing standards, including NIST 800-115, OWASP, OSSTMM and ISSAF/PTF.

    Transparency about the processing of your personal data is a priority for YAMÁ.

    In addition to the information provided in this Privacy Notice, you can also exercise the rights provided for in the General Data Protection Act, including:

    • Confirmation that personal data is being processed;
    • Access to personal data;
    • Blocking, anonymizing or deleting data that is unnecessary, excessive or processed in breach of the LGPD;
    • Revocation of consent, where applicable;
    • Correction of incomplete, inaccurate or outdated personal data;
    • Deletion of personal data processed with consent or that is unnecessary, excessive or when it believes that any point of the LGPD has not been complied with;
    • Information about the hypotheses and with which companies, partners and other institutions we can share, or receive personal data concerning you;
    • Information on the refusal of consent and its consequences when applicable;
    • File a complaint with YAMÁ or the applicable Data Protection Authority if the Data Subject has reason to believe that any of his/her Personal Data protection rights have been violated;
    • Review of automated decisions.

    If you wish to exercise your rights, please visit our form below.

    The exercise of your rights is free of charge and YAMÁ will assess the possibility of immediate assistance, and if this is not possible, you will be informed of the reasons or the necessary deadlines.

    You can also opt out/unsubscribe from advertising e-mails using the unsubscribe icon provided in the e-mail you receive.

    IMPORTANT!

    Before providing any personal information, we may need to take steps to verify your identity, this may include collecting additional personal data provided it is strictly necessary for this purpose.

    You can contact us by e-mail or by post. City of Cotia, State of São Paulo, at Rodovia Raposo Tavares, nº 27505

      Data Controller: Renato Luiz Poleti

      E-mail: dpo@yama.com.br

      To exercise your rights, please fill in the form below.
      This data will be used exclusively to analyze your request and will be kept until we meet your needs and/or comply with any legal requirements.
      Your message was sent successfully!
      Something went wrong! Try again.