We are OEC, a privately held company that provides services in the segments of heavy civil construction and construction, assembly, and maintenance of industrial enterprises. Our company is based in Brazil with operations in other markets.
OEC has a culture that generates job opportunities for local populations and contributes to the sustainable development of each region, acting in the following areas: transportation and logistics, sanitation, energy, industrial engineering and urban development, and buildings.
Concepts and definitions
Applicable Law: all legislation that discusses privacy and personal data protection, in particular, Law No. 13,709/2018 (General Data Protection Regulations- “GDPR”).
PERSONAL DATA:information related to an identified or identifiable natural person. Those used to form the behavioral profile of a certain natural person are also considered personal data.
SENSITIVE PERSONAL DATA: personal data concerning racial or ethnic origin, religious conviction, political opinion, membership of a trade union or of a religious, philosophical, or political organization, data concerning health or sex life, genetic or biometric data when linked to a natural person.
PERSONAL DATA SUBJECT (“DATA SUBJECT”): natural person concerning the personal data that are the subject of the processing.
PERSONAL DATA CONTROLLER (“DATA CONTROLLER”):natural or legal person appointed by the Data Controller to act as a communication channel between the Controller, the data subjects and the National Data Protection Authority. They will be responsible for implementing the Compliance Program for personal data protection laws and conducting activities related to protection of personal data in the Internal Controls and Compliance System of the company.
PROCESSING OF PERSONAL DATA (“PROCESSING”): any operation performed with personal data, such as those related to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, control of information, modification, communication, transfer, dissemination, or extraction.
SITE: designates the electronic address https://www.oec-eng.com and its respective subdomains.
Collection and use of data
We be required to collect and process personal data to provide you with the services available on our website, as well as to comply with legal determinations. If you choose not to provide us with some of this data, certain features or services may not be available to you.
What personal data do we collect and for what purpose?
Provided by you
Mailling List Information
If you would like to join our mailing list and receive information about our company, you will need to provide us with your name, e-mail address, company you work for, and, if you wish, you can provide information about your profile and language preference, so that we can better target our communication to you.
If you want to contact our company to send a message, it will be necessary for you to fill out our form and provide us with your name, e-mail, phone number and text of the message, so that we can better direct your service and, thus, proceed to respond to your contact in the best possible way. Messages containing sensitive personal data will be eliminated and disregarded by our customer service team.
In order tofulfill a request from you as a data subject, you will be required to provide us with your first and last name, country of your document, CPF or ID number from your country, valid e-mail address, and a picture of your ID. This data will be used to ensure, to the maximum extent possible, your correct identification as the holder of the personal data that are the subject of a request. Submitting information for authentication minimizes the risk of fraud when fulfilling a request. Requests containing sensitive personal data will be deleted and disregarded by our Privacy Team.
What are Cookies?
Cookies are small digital files in text format that are stored on your device (computer, smartphone, tablet etc.) by your web browser and that store information related to your preferences, such as your preferred language, location, recurrence of your sessions, and other variables to make your experience much more efficient.
Cookies serve to enhance your experience, both in terms of performance and usability, since the contents provided will be targeted to your needs and expectations. They may also be used to perform anonymous, aggregated statistics that allow us to understand how you use the website, as well as to improve structures and content. Because they are anonymous statistics, it is not possible to identify you personally from this data.
Cookies can be classified as:
- Primary Cookies (1stParty): are set by website and automatically store some information about you, such as your language preference or login information; and
- Third-Party Cookies (3rdParty): are cookies from a domain different from our website domain that are collected to meet our advertising and marketing initiatives.
Regarding their lifespan, cookies can be:
- Session Cookies: are used during your navigation to the website and are definitely deleted when the browser is closed; and
- Persistent Cookies: are used during your navigation to the website, but remain saved on your device after you close your browser. These cookies can contain a fixed lifespan, i.e. deleted after a certain number of days, or undetermined, in which case you must delete the cookies from your device yourself.
What cookies do we use and for what purpose?
- Strictly Necessary Cookies
These cookies help make a site usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies, so they cannot be disabled.
|Persistent cookie, set by OneTrust’s cookie compliance solution. It stores information about the categories of cookies that the website uses and whether visitors have given or withheld consent for the use of each category. This allows site owners to prevent cookies, in each category, from being set in the user’s browser when consent is not given. It does not contain information that can identify the site visitor.
|Persistent cookie set by sites using certain versions of OneTrust’s cookie law compliance solution. It is set after visitors see a cookie information notice, and in some cases only when they actively close the notice. It allows the site not to show the message more than once to a user. The cookie contains personal information.
- Performance Cookies
These cookies help us understand how visitors interact with the website by collecting and reporting information anonymously. They are intended to analyze the use of the website and its performance.
|Persistent Google Universal Analytics cookie used to distinguish unique users by assigning a randomly generated number as a visitor identifier. It is included in each page request from a website and used to calculate visitor data, sessions and to generate analytical reports for the website.
|Google Universal Analytics persistent cookie used to store information about how visitors use a website and helps in the creation of an analytical report of how the website is performing. The data collection, including the number of visitors, the source they came from and the pages visited, is done anonymously.
|Google’s persistent conversion tracking cookie. Allows you to count visits and traffic sources, so that you can measure and improve your site’s performance.
- For more information about managing Cookies on Firefox, click here
- For more information about managing Cookies on Chrome, click here
- For more information about managing Cookies on Internet Explorer, click here
- For more information about managing Cookies on Safari, click here
- For more information about managing Cookies on Opera, click here
- For more information about managing Cookies on Microsoft Edge, click here
With whom do we share your data?
We may also preserve, use, share or disclose your personal data or other sensitive data if we reasonably believe it is necessary to:
- Compliance with a law, regulation, legal process or governmental request;
- Protect the safety of any person;
- Protect the security or integrity of our platform, including helping prevent spam, abuse or harmful agents on our services;
- Explain why we remove content or accounts from our services to address fraud, security or technical issues;
- Protect our rights or property or the rights or property of those who use our services.
Personal data and activity logs may be shared:
- Internally, within our business areas, to check and respond to your messages, for example;
- With judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or judicial order to do so; and
- Automatically, in case of corporate movements, such as merger, acquisition, and incorporation of OEC
Your personal data, collected on this website, is shared with Google Analytics to help us better understand the use of our services, and shared with YouTube, always relying on the policy of those platforms, regarding the processing of third-party data. We share your personal data with these partners under the condition that they use this data only on our behalf and in accordance with our instructions.
Unless our company receives a legal or judicial order, personal data will never be transferred to third parties or used for purposes other than those for which it was collected and reported in this Notice. Should you have any questions about with whom your personal data is shared, you may contact us through the service channels made available in this Notice.
Where do we store your data?
The personal data collected, and the activity records are stored in a safe and controlled environment, which may be in our servers located in Brazil, as well as in an environment of resource use or cloud servers (cloud computing), which may require transferring and/or processing of your personal data outside Brazil. Such transfers only involve companies that demonstrate compliance with the Applicable Laws, maintaining a level of compliance similar to or more stringent than that provided by the Brazilian Law.
How long will your data be stored?
We store personal data only if necessary to fulfill the purposes for which it was collected or to comply with any legal or regulatory obligations or to preserve rights.
Mailling List Information – your information will remain on our Mailling List until such time as you inform us that you no longer wish to receive communications and publications from us.
Contact Information – if you contact us via our form, we will keep the content of your message to respond to your request and record your request for 30 days or until your request has been fully addressed.
Authentication information – should you request your rights as a data subject, data collected to ensure, to the maximum extent possible, your correct identification will be stored until your request is fully met. All files attached to your request will be deleted within 30 days, after completion of your service. However, the messages exchanged during your service will be securely stored, so that we can prove the response made to your request.
Once the purpose of storing your data has expired, we will either delete it from our databases by performing a deletion routine, periodically, or continue to use it in an anonymized form for statistical purposes.
What do we do to keep your data secure?
To safeguard your privacy and protect your personal data, our company has a privacy program that contains rules of good practice, internal policies, and procedures, which establish organizational conditions, training, educational actions, and mechanisms to supervise and mitigate risks related to the processing of personal data.
Internally, personal data is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity, and relevance, in addition to the commitment to confidentiality and preservation of the privacy of your personal data, under the terms of this Notice.
It is necessary, however, to point out that no site is entirely safe and free of risks. It is possible that despite following all our security protocols, problems of leakage may occur, such as cyber-attacks by hackers or, also, because of the negligence or imprudence of a visitor.
In the event of a security incident that may generate material risk or damage to your data, we will notify you and all those affected, including the Supervisory Authority of the occurrence, in line with the provisions of the Applicable Law.
Rights of data subjects
What are your rights as a data subject?
We at OEC want you to be fully aware of all your rights as a data subject:
- RIGHT TO CONFIRMATION OF THE EXISTENCE OF PROCESSING: the power to question whether processing operations concerning your personal data are being carried out;
- RIGHT OF ACCESS: the power to request and receive a copy of all personal data collected and stored;
- RIGHT TO CORRECTION OR UPDATING: the power to request the correction or updating of personal data that are incomplete, inaccurate or out of date;
- TO LIMIT THE USE OF PERSONAL DATA: power to request the anonymization, blocking or deletion of your personal data that has been recognized by a competent authority as unnecessary, excessive or treated in non-compliance with the provisions of the GDPR;
- RIGHT TO ERASURE: power to request the deletion of your personal data unless there is a legitimate reason for its maintenance, such as a possible legal obligation to retain data or a study by a research body. In the event of deletion, the company reserves the right to choose the erasure procedure to be used, undertaking to use a means that ensure security and prevents data recovery;
- RIGHT TO BE INFORMED ABOUT DATA SHARING: to know the public and private entities and personal information with which the company has made shared use of data;
- RIGHT NOT TO PROVIDE CONSENT: to know about the possibility of not providing consent and the consequences of the refusal.
- RIGHT TO REVOKE CONSENT: power to revoke consent. However, it is stressed that this will not affect the legality of any treatment carried out prior to withdrawal. In the event of revocation of consent, it may not be possible to provide certain services. Should this be the case, the personal data subject will be informed.
How can I request my rights as a data subject?
Your personal data is yours and the Applicable Law guarantees rights, which may be exercised by you, by means of a request made through the Attention to Data Subject form, available on our website. In order for us to provide all the clarifications and make it possible for you to exercise your rights, when completing an application, you must: (a) properly identify yourself and (b) state the right that you would like to exercise.
In order to ensure your correct identification as the subject of the request, we may require documents or other information that can prove your identity. In this case, you will be informed in advance. We undertake to respond to all requests within a reasonable time and always in compliance with the Applicable Law.
We may also fail to respond to requests to exercise rights if such response would violate our intellectual property or trade secrets, or where there is a legal or regulatory obligation or justification for withholding personal data. In addition, we may fail to comply with the request if we need to retain personal data to enable our or a third party’s defense in disputes of any nature
Please be aware that our Privacy Notice applies only to our web site. However, our website contains links to other sites for the sole purpose of providing additional services to you. It is worth pointing out that if you click on any of these links, listed below and which are published on our website, you will be redirected to another environment, i.e. another web page. Therefore, you should read and accept the guidelines described in the Privacy Notice/Policy of that other site, to which this link has directed you.
Links published on our website, but which redirect you to other websites:
Children and our services
Our services are not intended for children, so you cannot use our services if you are under 12 years of age. You also need to be old enough to consent to the processing of your personal data, in your country.
Affiliates and transfer of ownership
If our company is involved in a bankruptcy, merger, acquisition, or asset sale, your personal data may be sold or transferred as part of that transaction. This Privacy Notice will apply to your personal data as it is transferred to the new entity. We may also disclose personal data about you to our affiliated companies to help operate our services and the services of our affiliates, including the serving of advertisements.
Review and change of the Privacy Notice
Our company reviews this notice annually and publishes any changes to this website. Each time the notice changes, you will be informed on your next visit to our website and new consents to the processing of your data will be requested at that time.
If you have any questions about our Privacy Notice, the data we collect about you, or if you would like to exercise any of your privacy rights, please do not hesitate to contact our Data Protection Officer (DPO):
To guarantee your correct identification as the holder of the personal data that are the object of the request, we may request documents or other information that can prove your identity. In this case, you will be informed in advance. Our company has 15 days from the date of your request to respond to your request.
How to contact the National Data Protection Authority?
If you wish to file a complaint or if you feel that our company has not satisfactorily addressed your request or need, you can contact ANPD – Brazilian National Data Protection Authority.
Email address for complaints:
Authority´s email address: