Privacy Notice

Privacy is a fundamental right and for OEC it is one of our core values, striving to adopt controls and tools to ensure the privacy of your data. This Privacy Notice, in accordance with our Data Privacy Policy is intended to explain how our company uses the personal data, which is collected about you when you enter this website. It is very important to us that you know what data is collected and what it is used for, so that you have full control over it, and also so that you can make the best decisions about the information you will share with us.

About us

We are OEC, a privately held company that provides services in the segments of heavy civil construction and construction, assembly, and maintenance of industrial enterprises. Our company is based in Brazil with operations in other markets.

OEC has a culture that generates job opportunities for local populations and contributes to the sustainable development of each region, acting in the following areas: transportation and logistics, sanitation, energy, industrial engineering and urban development, and buildings.

 Concepts and definitions

Applicable Law: all legislation that discusses privacy and personal data protection, in particular, Law No. 13,709/2018 (General Data Protection Regulations- “GDPR”).

PERSONAL DATA:information related to an identified or identifiable natural person. Those used to form the behavioral profile of a certain natural person are also considered personal data.

SENSITIVE PERSONAL DATA: personal data concerning racial or ethnic origin, religious conviction, political opinion, membership of a trade union or of a religious, philosophical, or political organization, data concerning health or sex life, genetic or biometric data when linked to a natural person.

PERSONAL DATA SUBJECT (“DATA SUBJECT”)natural person concerning the personal data that are the subject of the processing.

PERSONAL DATA CONTROLLER (“DATA CONTROLLER”):natural or legal person appointed by the Data Controller to act as a communication channel between the Controller, the data subjects and the National Data Protection Authority. They will be responsible for implementing the Compliance Program for personal data protection laws and conducting activities related to protection of personal data in the Internal Controls and Compliance System of the company.

PROCESSING OF PERSONAL DATA (“PROCESSING”): any operation performed with personal data, such as those related to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, control of information, modification, communication, transfer, dissemination, or extraction.

SITE: designates the electronic address and its respective subdomains.

Collection and use of data

We be required to collect and process personal data to provide you with the services available on our website, as well as to comply with legal determinations. If you choose not to provide us with some of this data, certain features or services may not be available to you.

We collect personal data that you provide directly to us, by completing forms on our website, or when you interact with our communication channels. But we also collect data, automatically, through the use of cookies or similar technologies, which have been consented to by you when you access our website.

 What personal data do we collect and for what purpose?

 Provided by you

 Mailling List Information

If you would like to join our mailing list and receive information about our company, you will need to provide us with your name, e-mail address, company you work for, and, if you wish, you can provide information about your profile and language preference, so that we can better target our communication to you.

 Contact information

If you want to contact our company to send a message, it will be necessary for you to fill out our form and provide us with your name, e-mail, phone number and text of the message, so that we can better direct your service and, thus, proceed to respond to your contact in the best possible way. Messages containing sensitive personal data will be eliminated and disregarded by our customer service team.

 Authentication information

 In order tofulfill a request from you as a data subject, you will be required to provide us with your first and last name, country of your document, CPF or ID number from your country, valid e-mail address, and a picture of your ID. This data will be used to ensure, to the maximum extent possible, your correct identification as the holder of the personal data that are the subject of a request. Submitting information for authentication minimizes the risk of fraud when fulfilling a request. Requests containing sensitive personal data will be deleted and disregarded by our Privacy Team.

Collected automatically

When visiting our website, some of your data is collected and stored automatically on your device by means of cookies. The use of cookies implies the collection of personal data, which is intended to keep you connected, understand how you use our services and thus making it easier for you to navigate through the website. This collection becomes legitimate from the moment you, upon entering the website, provide your consent to do so in our Preference Center.

How we use Cookies?

 What are Cookies?

Cookies are small digital files in text format that are stored on your device (computer, smartphone, tablet etc.) by your web browser and that store information related to your preferences, such as your preferred language, location, recurrence of your sessions, and other variables to make your experience much more efficient.

Cookies serve to enhance your experience, both in terms of performance and usability, since the contents provided will be targeted to your needs and expectations. They may also be used to perform anonymous, aggregated statistics that allow us to understand how you use the website, as well as to improve structures and content. Because they are anonymous statistics, it is not possible to identify you personally from this data.

Cookies can be classified as:

  •  Primary Cookies (1stParty): are set by website and automatically store some information about you, such as your language preference or login information; and
  •  Third-Party Cookies (3rdParty): are cookies from a domain different from our website domain that are collected to meet our advertising and marketing initiatives.

Regarding their lifespan, cookies can be:

  • Session Cookies: are used during your navigation to the website and are definitely deleted when the browser is closed; and
  •  Persistent Cookies: are used during your navigation to the website, but remain saved on your device after you close your browser. These cookies can contain a fixed lifespan, i.e. deleted after a certain number of days, or undetermined, in which case you must delete the cookies from your device yourself.

 What cookies do we use and for what purpose?

  •  Strictly Necessary Cookies

These cookies help make a site usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies, so they cannot be disabled.


Host Cookie Cookie Description Cookies used OptanonConsent Persistent cookie, set by OneTrust’s cookie compliance solution. It stores information about the categories of cookies that the website uses and whether visitors have given or withheld consent for the use of each category. This allows site owners to prevent cookies, in each category, from being set in the user’s browser when consent is not given. It does not contain information that can identify the site visitor. 1st Party OptanonAlertBoxClosed Persistent cookie set by sites using certain versions of OneTrust’s cookie law compliance solution. It is set after visitors see a cookie information notice, and in some cases only when they actively close the notice. It allows the site not to show the message more than once to a user. The cookie contains personal information. 1st Party


  • Performance Cookies

These cookies help us understand how visitors interact with the website by collecting and reporting information anonymously. They are intended to analyze the use of the website and its performance.


Host Cookie Cookie Description Cookies used

_ga Persistent Google Universal Analytics cookie used to distinguish unique users by assigning a randomly generated number as a visitor identifier. It is included in each page request from a website and used to calculate visitor data, sessions and to generate analytical reports for the website. 1st Party

_gid Google Universal Analytics persistent cookie used to store information about how visitors use a website and helps in the creation of an analytical report of how the website is performing. The data collection, including the number of visitors, the source they came from and the pages visited, is done anonymously. 1st Party

_gclxxxx Google’s persistent conversion tracking cookie. Allows you to count visits and traffic sources, so that you can measure and improve your site’s performance. 1st Party


We use a service provided by Google, called Google Analytics, which is a tool that monitors the traffic of any website. The main purpose of Analytics is to know and understand the behavior of visitors as they navigate through the pages of our website. To meet this objective, the service uses cookies.

How can you manage the use of cookies?

When you start your first experience on our website, you are asked to consent to the use of cookies. However, you can modify or revoke this consent at any time through the Preferences Center. Only for strictly necessary cookies, consent is not required, so their use cannot be disabled through this feature.

Also, most internet browsers are set up to automatically accept cookies, but you can change the settings to block their use. However, in some cases, because of the blocking of these cookies, some features of our website may not work as expected. Browsers that have incognito browsing only collect strictly necessary and functionality cookies. To find out how you can manage the use of cookies in your browser, click on the link below to learn about the main browsers:

  • For more information about managing Cookies on Firefoxclick here
  • For more information about managing Cookies on Chromeclick here
  • For more information about managing Cookies on Internet Explorerclick here
  • For more information about managing Cookies on Safariclick here
  • For more information about managing Cookies on Operaclick here
  • For more information about managing Cookies on Microsoft Edgeclick here

Data Sharing

 With whom do we share your data?

We may also preserve, use, share or disclose your personal data or other sensitive data if we reasonably believe it is necessary to:

  • Compliance with a law, regulation, legal process or governmental request;
  • Protect the safety of any person;
  • Protect the security or integrity of our platform, including helping prevent spam, abuse or harmful agents on our services;
  • Explain why we remove content or accounts from our services to address fraud, security or technical issues;
  • Protect our rights or property or the rights or property of those who use our services.

Personal data and activity logs may be shared:

  • Internally, within our business areas, to check and respond to your messages, for example;
  • With judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or judicial order to do so; and
  • Automatically, in case of corporate movements, such as merger, acquisition, and incorporation of OEC

Your personal data, collected on this website, is shared with Google Analytics to help us better understand the use of our services, and shared with YouTube, always relying on the policy of those platforms, regarding the processing of third-party data. We share your personal data with these partners under the condition that they use this data only on our behalf and in accordance with our instructions.

Unless our company receives a legal or judicial order, personal data will never be transferred to third parties or used for purposes other than those for which it was collected and reported in this Notice. Should you have any questions about with whom your personal data is shared, you may contact us through the service channels made available in this Notice.

Data Storage

 Where do we store your data?

 The personal data collected, and the activity records are stored in a safe and controlled environment, which may be in our servers located in Brazil, as well as in an environment of resource use or cloud servers (cloud computing), which may require transferring and/or processing of your personal data outside Brazil. Such transfers only involve companies that demonstrate compliance with the Applicable Laws, maintaining a level of compliance similar to or more stringent than that provided by the Brazilian Law.

How long will your data be stored?

We store personal data only if necessary to fulfill the purposes for which it was collected or to comply with any legal or regulatory obligations or to preserve rights.

Mailling List Information – your information will remain on our Mailling List until such time as you inform us that you no longer wish to receive communications and publications from us.

 Contact Information – if you contact us via our form, we will keep the content of your message to respond to your request and record your request for 30 days or until your request has been fully addressed.

Authentication information – should you request your rights as a data subject, data collected to ensure, to the maximum extent possible, your correct identification will be stored until your request is fully met. All files attached to your request will be deleted within 30 days, after completion of your service. However, the messages exchanged during your service will be securely stored, so that we can prove the response made to your request.

Once the purpose of storing your data has expired, we will either delete it from our databases by performing a deletion routine, periodically, or continue to use it in an anonymized form for statistical purposes.

 Information Security

 What do we do to keep your data secure?

To safeguard your privacy and protect your personal data, our company has a privacy program that contains rules of good practice, internal policies, and procedures, which establish organizational conditions, training, educational actions, and mechanisms to supervise and mitigate risks related to the processing of personal data.

Internally, personal data is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity, and relevance, in addition to the commitment to confidentiality and preservation of the privacy of your personal data, under the terms of this Notice.

It is necessary, however, to point out that no site is entirely safe and free of risks. It is possible that despite following all our security protocols, problems of leakage may occur, such as cyber-attacks by hackers or, also, because of the negligence or imprudence of a visitor.

In the event of a security incident that may generate material risk or damage to your data, we will notify you and all those affected, including the Supervisory Authority of the occurrence, in line with the provisions of the Applicable Law.

Rights of data subjects

 What are your rights as a data subject?

We at OEC want you to be fully aware of all your rights as a data subject:

  1. RIGHT TO CONFIRMATION OF THE EXISTENCE OF PROCESSING: the power to question whether processing operations concerning your personal data are being carried out;
  2. RIGHT OF ACCESS: the power to request and receive a copy of all personal data collected and stored;
  3. RIGHT TO CORRECTION OR UPDATING: the power to request the correction or updating of personal data that are incomplete, inaccurate or out of date;
  4. TO LIMIT THE USE OF PERSONAL DATA: power to request the anonymization, blocking or deletion of your personal data that has been recognized by a competent authority as unnecessary, excessive or treated in non-compliance with the provisions of the GDPR;
  5. RIGHT TO ERASURE: power to request the deletion of your personal data unless there is a legitimate reason for its maintenance, such as a possible legal obligation to retain data or a study by a research body. In the event of deletion, the company reserves the right to choose the erasure procedure to be used, undertaking to use a means that ensure security and prevents data recovery;
  6. RIGHT TO BE INFORMED ABOUT DATA SHARING: to know the public and private entities and personal information with which the company has made shared use of data;
  7. RIGHT NOT TO PROVIDE CONSENT: to know about the possibility of not providing consent and the consequences of the refusal.
  8. RIGHT TO REVOKE CONSENT: power to revoke consent. However, it is stressed that this will not affect the legality of any treatment carried out prior to withdrawal. In the event of revocation of consent, it may not be possible to provide certain services. Should this be the case, the personal data subject will be informed.

How can I request my rights as a data subject?

Your personal data is yours and the Applicable Law guarantees rights, which may be exercised by you, by means of a request made through the Attention to Data Subject form, available on our website. In order for us to provide all the clarifications and make it possible for you to exercise your rights, when completing an application, you must: (a) properly identify yourself and (b) state the right that you would like to exercise.

In order to ensure your correct identification as the subject of the request, we may require documents or other information that can prove your identity. In this case, you will be informed in advance. We undertake to respond to all requests within a reasonable time and always in compliance with the Applicable Law.

We may also fail to respond to requests to exercise rights if such response would violate our intellectual property or trade secrets, or where there is a legal or regulatory obligation or justification for withholding personal data. In addition, we may fail to comply with the request if we need to retain personal data to enable our or a third party’s defense in disputes of any nature

Notice/Privacy Policy of other websites

Please be aware that our Privacy Notice applies only to our web site. However, our website contains links to other sites for the sole purpose of providing additional services to you. It is worth pointing out that if you click on any of these links, listed below and which are published on our website, you will be redirected to another environment, i.e. another web page. Therefore, you should read and accept the guidelines described in the Privacy Notice/Policy of that other site, to which this link has directed you.

Links published on our website, but which redirect you to other websites:

  • Institutional:

 Children and our services

Our services are not intended for children, so you cannot use our services if you are under 12 years of age. You also need to be old enough to consent to the processing of your personal data, in your country.

Affiliates and transfer of ownership

If our company is involved in a bankruptcy, merger, acquisition, or asset sale, your personal data may be sold or transferred as part of that transaction. This Privacy Notice will apply to your personal data as it is transferred to the new entity. We may also disclose personal data about you to our affiliated companies to help operate our services and the services of our affiliates, including the serving of advertisements.

Review and change of the Privacy Notice

Our company reviews this notice annually and publishes any changes to this website. Each time the notice changes, you will be informed on your next visit to our website and new consents to the processing of your data will be requested at that time.


 If you have any questions about our Privacy Notice, the data we collect about you, or if you would like to exercise any of your privacy rights, please do not hesitate to contact our Data Protection Officer (DPO):


To guarantee your correct identification as the holder of the personal data that are the object of the request, we may request documents or other information that can prove your identity. In this case, you will be informed in advance. Our company has 15 days from the date of your request to respond to your request.

How to contact the National Data Protection Authority?

If you wish to file a complaint or if you feel that our company has not satisfactorily addressed your request or need, you can contact ANPD – Brazilian National Data Protection Authority.

Email address for complaints:

Authority´s email address: