Bry Signer Terms of Use

Welcome to the “Bry Signer Terms of Use“!

These terms of service cover your use and access to the subscription services offered at https://www.easysign.bry.com.br, by BRy Tecnologia. This platform was developed and is operated by BRy Tecnologia S/A for use by BRy Tecnologia, its customers, and partners.

Application Controller: BRy Tecnologia, is the one who defines and controls the parameters and information processed by the application.

Application Operator: BRy Tecnologia S/A. This platform was developed and is operated by BRy Tecnologia S/A for use by the Controller, its employees, customers, and/or partners.

Subscribing User: You.

By using Bry Signer, you declare that you fully agree with this document.

Service Terms and Regulation

Authentication: is the electronic process that allows the electronic identification of a natural or legal person.

Electronic Signature: Are data in electronic format that are linked or logically associated with other data in electronic format and that are used by the signatory to sign, observing the appropriate signature levels for the acts provided for in Law 14.063/2020. Below is the description of the three levels of electronic signatures:

Simple electronic signature according to Law 14.063/2020, is the signature that:

• a) allows identifying its signatory;
• b) attaches or associates data to other data in electronic format of the signatory;

The advanced electronic signature according to Law 14.063/2020, is the signature that uses certificates NOT issued by ICP-Brasil or another means of proving the authorship and integrity of documents in electronic form, provided that it is admitted by the parties as valid or accepted by the person to whom the document is opposed, with the following characteristics:

• a) is associated with the signatory in a unique way;
• b) uses data for the creation of an electronic signature whose signatory can, with a high level of confidence, operate under its exclusive control;
• c) is related to the data associated with it in such a way that any subsequent modification is detectable.

The qualified electronic signature according to Law 14.063/2020, is the signature that uses a digital certificate issued by ICP-Brasil, under the terms of § 1 of art. 10 of Provisional Measure No. 2,200-2, of August 24, 2001.

Digital Certificate: According to Law 14.063/2020, the digital certificate is an electronic attestation that associates the validation data of the electronic signature with a natural or legal person;

ICP-Brasil Digital Certificate: According to Law 14.063/2020, the ICP-Brasil digital certificate is a digital certificate issued by a Certification Authority (CA) accredited in the Brazilian Public Key Infrastructure (ICP-Brasil), in accordance with current legislation.

Important! When signing documents using Bry Signer, the subscribing user declares and accepts as valid the signature using an electronic system capable of proving the authorship and integrity of the document, in the form of § 2 of art. 10 of Provisional Measure No. 2,200-2/2001.

Rules for Using Bry Signer

We aim to offer easy-to-use, secure services that guarantee the availability of your data to those who have the right to access it. In return, we trust that you will use the services responsibly. You agree not to use this service improperly.

For example, it is prohibited to use or attempt to use the service to:

• Investigate or test the vulnerability of any system component or network without prior authorization from the developer;
• Violate or otherwise bypass any security or authentication measure;
• Access accounts, tamper with or use non-public areas of the services or parts thereof, or shared areas of the services for which you have not been invited;
• Interfere with or disrupt any user, hosting server, or network, for example, by sending a virus, overloading, flooding, sending spam, or email bombing any part of the service;
• Access or search the services through any means other than the interfaces we offer publicly, for example, using practices known as data scraping or “scraping“;
• Abuse the services in a way that circumvents their usage limits;
• Use any information obtained in the API to send spam communications, promotions, or unsolicited or unauthorized advertisements;
• Send altered, misleading, or falsely identified information sources, including “spoofing“ or “phishing“;
• Promote or advertise products or services without prior authorization;
• Sell the services or service accounts through unauthorized channels;
• Violate the law in any way, including by storing, publishing, or sharing fraudulent, defamatory, deceptive, privacy-violating, or infringing material from the Controller, Operator, or third parties.

Responsibilities of the Controller and Operator of the Application

As the one defining the parameters and data collected and processed by the provided service, the company BRy Tecnologia, in accordance with the LGPD, also acts as a “Controller of Personal Data“, while BRy Tecnologia will be considered the data processor and infrastructure operator.

The controller will be responsible for the personal data of third parties provided by her when authenticating or sending invitations to subscribing users, and also for the content of the files uploaded or downloaded. To learn more about data processing, see the “EasySign Signer Privacy Policy“.

On the other hand, BRy Tecnologia as the developer and operator will be responsible for maintaining the infrastructure of this application and ensuring mechanisms of redundancy, scalability, and monitoring that aim to ensure stable, secure, and highly stable operation for its operations. Redundancy mechanisms are employed, within the limits of technical and economic reasonableness, to avoid interruptions in service and backup routines and “restore“ aimed at its quick recovery.

Availability is measured through monitoring by the Operator, verifying the status of service functionalities. The following are not included in the SLA calculation:

• Connectivity issues between client applications or environments and Operator services;
• Failures related to the client's specific request (invalid parameters, expired client certificates, etc.);
• Scheduled maintenance communicated with a minimum notice of 5 business days or with a minimum notice of 8 business hours by email and/or phone (for emergency cases);
• Fortuitous events or force majeure, where there is no express responsibility of the Operator in the origin of the problem;

Responsibilities of Subscribing Users

You are responsible for your conduct, for the updating and accuracy of your data, for password protection, for the third-party data you add when sending an invitation, and for the files and documents you share on the platform.

By accepting these Terms, you agree to the Rules for Using Bry Signer, as described in these Terms of Use. The content provided in accessing the services, such as a file submitted to a service, may be protected by the intellectual property rights of others. We ask that you only upload, download, or share content if you have the right to do so.

We may review your conduct and content to verify compliance with the Rules for Use, however, we are not responsible for the content that you and other subscribers post and share through the services.

Passwords are personal and non-transferable, so protect your passwords and/or digital access certificate to the services. Make sure that other people do not have access to them and keep your account information updated.

Finally, this service is not intended for and cannot be used by persons under the age of 18 who are not emancipated or legally represented. By using it, you are declaring that you are over 18 years old, emancipated, or properly represented by your legal representatives.

Support

For more information or questions about using Easy Sign, or operational problem solutions, send an email to atendimento@bry.com.br.

Dispute Support

We want to address your concerns without the need for formal judicial proceedings. Before filing a complaint against the controller or service developer, you agree to try to resolve the dispute out of court by contacting:

Contractor: BRy Tecnologia
CNPJ: 04.441.528/0001-57
Address: Rua Lauro Linhares, 2010 Torre, B, 8º andar - Trindade, Florianópolis - SC, 88036-002
Contact: (48) 3234-6696
Customer Service Channel: atendimento@bry.com.br

We will also try to resolve the case informally by contacting you by email. However, if the dispute is not resolved within 30 days after sending, the parties may file a lawsuit and agree to resort to mediation and arbitration first.

Applicable Law

These Terms are governed by Brazilian law, except for its principles governing conflicts of laws from different jurisdictions.

Documentation Updates

These “Terms“ may be revised from time to time, and the most updated version will always be published on Bry Signer.

Publication Date: December 8, 2023.

Bry Signer Privacy Policy

Welcome to the terms of use of Bry Signer!

Terms and Definitions

• API - API stands for Application Programming Interface. In the context of APIs, the word “Application“ refers to any software with a distinct function. The interface can be thought of as a service contract between two applications.
• Personal data - any information related to a data subject (natural person), which serves to identify or make an individual identifiable, such as name, CPF (Brazilian individual taxpayer registry number), date of birth, among others;
• Sensitive personal data - any information that can be used to identify an individual in a discriminatory manner, such as race and ethnicity data, sexual orientation; religious, philosophical, or political beliefs; health, genetic, and biometric data;
• Data subject - the natural person to whom the processed personal data refer;
• Controller of personal data - the natural or legal person who determines the purposes and control and has the decision-making power over the processing of personal data of the data subjects;
• Processor of personal data - an individual or legal entity, public authority, agency, company, or other body that processes personal data on behalf of the controller;
• Processing of personal data - any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;
• Compliance - adopting compliance practices means keeping business policies and guidelines in compliance with laws, regulations, and internal and external standards governing the activity. This set of disciplines in the field of data protection means implementing a governance program in the company to maintain ongoing compliance with legislation regarding privacy and data security;
• LGPD-BR - General Data Protection Law (Law 13,709/2018): Art. 1 This Law deals with the processing of personal data, including in digital media, by a natural person or by a legal entity, public or private, with the objective of protecting the fundamental rights of freedom and privacy and the free development of the natural person's personality;

Who is the controller and operator of this application

Bry Signer was developed by the software company BRy Tecnologia S/A, which, in addition to holding copyright to the source code, operates the API infrastructure.

Due to the choice and control of parameters, including the personal data processed by the application from the user's registration and authentication, being the responsibility of BRy Tecnologia, this will be considered the “Controller“ of personal data processing, while BRy Tecnologia will be the “Operator“ of personal data processed through the application.

Subscription service data and how we use it

Account and authentication data

The sending of signature requests will be directly requested by the Controller, and the subscribing user can sign the document through signature links, that is, the Operator (BRy Tecnologia) does not perform registration, authentication, or define user identification parameters. The only mandatory identification registration data collected by the integrating application is the subscriber's name. However, the Controller may decide to include more personal data for user registration and authentication, such as CPF (Brazilian individual taxpayer registry number), phone number, and email, in order to reinforce their identification.

Bry Signer Usage Data

During the use of Simple Electronic Signatures, some evidence, including “personal information“ such as the subscriber's name, CPF, email, device information such as IP, and geolocation data, as well as the graphical representation of the subscriber's signature or mark, may be requested, collected, and stored on BRy Tecnologia servers until its purpose is achieved, in order to ensure the proper identification of the user.

During the performance of Advanced or Qualified Electronic Signatures, the format and “name of the document“ submitted to Digital Signatures and the digital certificates used will be collected and stored, for the purpose of generating the “Signature Report“ of these documents.

The Controller may choose to send the links directly to the subscribing user, or may request that the Operator itself send the links; in this case, the API may process, in addition to the name, the subscribing user's email or phone number so that they receive the link and perform the signature.

Signature reports and evidence

The parameters or content of the Signature Report will be defined by the Controller and may include evidence data such as: name of the signed document and its cryptographic summary (hash), the name, CPF, and email of the signers, UTC time of the signature generated by the timestamp system, device information such as IP, geolocation data, public information from digital certificates if any signer used them, as well as the creation and completion time of the signature collection.

Audit trails and support

Audit trails or logs may store client request data, such as: browser data used by the user, geolocation, IP address of the device making the request, access date and time, and type of request made.

Storage and security

The infrastructure of easysign, operated by BRy Tecnologia, is currently hosted on its own servers or on third-party servers that are periodically audited, and may use international providers. Personal data, as a rule, is kept for contract execution purposes, however, even after the termination of the contractual relationship, it may be necessary to keep records and evidence that include personal data, in compliance with the legal obligations or interests of the Controller, the Operator, or third parties.

Generally, this personal data will be retained according to the following criteria:

• For as long as required by law;
• Until deletion request, in cases provided by law;
• For as long as necessary to fulfill predetermined purposes;

Authentication data will be collected and processed directly by the Bry Signer's signing Controller, and thus will not be processed or stored by the operator (BRy Tecnologia).

However, the files submitted for signatures will be stored in the easysign application operated by BRy Tecnologia for up to 24 hours after the expiration of the signature collection. However, these files may still be stored indefinitely by the Controller.

For security reasons, support log data is retained only for the duration of the treatment purpose. Data whose additional retention is necessary based on the provision of evidence will not be deleted until there is a legal obligation or legitimate interest in keeping them.

Data is stored in a secure and controlled environment for the time necessary to fulfill the purposes for which it was collected, including for the fulfillment of legal obligations for a minimum period of 06 months, imposed by Federal Law No. 12,965/2014, contractual executions, accountability, or even for any request from competent authorities.

We strive to protect the privacy of your account and other personal data we hold in our records, but unfortunately, we cannot guarantee total security. Unauthorized accesses or uses of accounts, weak passwords, improper sharing of links, hardware or software failures, among other factors, may compromise the security of personal data, so the collaboration of all involved in the treatment is necessary to maintain a safe environment.

Data Subject Rights

The General Data Protection Law identifies in its art. 18 the rights of data subjects that must be met by the Personal Data Controller. According to the Law, the data subject may exercise the right at any time, upon request:

• Confirmation of the existence of treatment;
• Access to their personal data;
• Correction of incomplete, inaccurate, or outdated data;
• Anonymization, blocking, or deletion of unnecessary, excessive, or data processed in non-compliance with the Law;
• Portability of data to another service or product provider;
• Deletion of personal data processed with the data subject's consent;
• Information about the possibility of not providing consent and the consequences of refusal;
• Withdrawal of consent, or opposition to the processing of their personal data;
• Data portability.

Rights Service

If you have any questions, suggestions, or if you wish to exercise any of your rights as a personal data subject, please contact us through the channels below:

Contractor: BRy Tecnologia
CNPJ: 04.441.528/0001-57
Address: Rua Lauro Linhares, 2010 Torre, B, 8º andar - Trindade, Florianópolis - SC, 88036-002
Contact: (48) 3234-6696
Service Channel: atendimento@bry.com.br

Publication Date: December 8, 2023.