[gtran.slate]

DIGITAL TWIN SHOP PRIVACY POLICY

 

Last Updated: [REV_10/23/2025_10:40]

Digital Twin Shop (“We,” “Our,” the “Company”) is dedicated to protecting your privacy and the Personal Data of its users, customers, and partners (“You”). This Privacy Policy describes how we collect, use, store, share, and protect your personal information when using our automotive simulation data platform, websites, and other services (the “Services”).

By accessing or using our Services, you acknowledge and agree to the terms of this Privacy Policy.

 

1. Definitions and Scope

 

Term Definition
Personal Data Any information relating to an identified or identifiable natural person.
Data Subject (Titular) The natural person to whom the Personal Data refers.
Processing (Tratamento) Any operation performed upon Personal Data (collection, use, storage, sharing, etc.).
Controller (Controlador) Digital Twin Shop, the entity responsible for decisions regarding the Processing of Personal Data.
LGPD Brazilian General Data Protection Law (Lei nº 13.709/2018).
Services The Digital Twin Shop Platform, which stores, sells, and provides access to automotive simulation data.

 

2. Personal Data Collected

 

We collect data which falls into two categories:

 

2.1. Data Directly Provided by You (Registration/Purchase)

 

Type of Data Purpose of Processing Legal Basis (LGPD)
Identification and Contact Full name, email, phone number, job title, company. Contract Performance and Legitimate Interest.
Professional and Access User registration data (username and password), billing information, and company CNPJ (for corporate accounts). Contract Performance.
Financial Payment information (credit card/debit card, bank details) for processing data simulation purchases. Contract Performance.

 

2.2. Data Automatically Collected (Browsing)

 

We collect data generated automatically by your interaction with our website and platform.

Type of Data Purpose of Processing Legal Basis (LGPD)
Connection Data IP address, date and time logs of access. Legitimate Interest (Security, Fraud Prevention).
Browsing Data History of visited pages, clicks, device and browser information, location (if authorized). Legitimate Interest and Consent (for non-essential cookies).
Comment Data Name, email, IP, and browser user agent string (for spam detection). Legitimate Interest (Security and Anti-Spam/Fraud).

 

3. Specific Data Usage

 

 

3.1. Simulation Data (Non-Personal)

 

IMPORTANT: The automotive simulation data stored and commercialized by Digital Twin Shop is, by nature, technical information (vehicle metadata, virtual test results, 3D models) and, as a rule, is not considered Personal Data. It identifies assets (virtual prototypes, vehicles), not individuals.

 

3.2. Interaction and Content Data (Registered Users and Visitors)

 

  • Comments: When visitors leave comments on the site, we collect the data shown in the comments form, the visitor’s IP address, and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. After approval of your comment, your profile picture is visible to the public in the context of your comment1.

     

     

  • Media (Image Uploads): If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

  • Embedded Content: Articles on this site may include embedded content (e.g., videos, images, articles) from other websites. Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.

 

4. Data Sharing and Transfer

 

Digital Twin Shop is committed to not selling, renting, or transferring your Personal Data to third parties without your consent, except in the following situations:

  • Partners and Suppliers: With third-party companies that provide essential services for platform operation (hosting, payment processing, analytics, and spam detection tools). These third parties are contractually obligated to protect your data.

  • Legal or Judicial Obligation: To comply with legal requests, court orders, or regulatory requirements.

  • International Data Transfer: We may transfer your Personal Data outside of Brazil (e.g., cloud hosting servers). In these cases, we adopt contractual and technical safeguards to ensure the same level of protection required by the LGPD.

 

5. Cookies and Tracking Technologies

 

We use cookies and similar technologies to:

  • Ensure the essential functioning of the platform.

  • Save your login and screen preferences (login cookies last two days; screen options cookies last one year). If you select “Remember Me,” your login will persist for two weeks.

  • Save your comment information (name, email) for convenience (last one year).

  • Analyze and monitor website traffic and performance.

You can manage the use of cookies (except those strictly necessary) at any time through your browser settings or our Cookie Preference Center.

 

6. Data Retention and Deletion

 

  • Comment Data: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

  • Registered User Data: For users who register on our website, we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

  • General Period: We retain Personal Data only for the time necessary to fulfill the informed purposes and as required by law.

 

7. Data Subject Rights

 

As a Data Subject, you have the following rights regarding your Personal Data:

  1. Confirmation and Access: Obtain confirmation that we process your data and access it.

  2. Correction: Request the correction of incomplete, inaccurate, or outdated data.

  3. Deletion and Blocking: Request the anonymization, blocking, or elimination of unnecessary, excessive data, or data processed in non-compliance with the LGPD.

  4. Portability: Request the transfer of your data to another service or product provider.

  5. Revocation of Consent: Withdraw your consent for processing (when this is the legal basis), requesting the elimination of data processed based on it.

  6. Opposition: Object to processing carried out based on other legal bases, in case of non-compliance with the LGPD.

  7. Information: Be informed about public and private entities with which we share your data.

To exercise your rights, please use the DPO contact channel (section 9).

 

8. Data Security

 

We adopt technical and organizational security measures to protect your Personal Data against loss, unauthorized access, alteration, or destruction. These measures include encryption, firewalls, access control, and continuous monitoring, appropriate to the nature of the data we process.

 

9. Contact and Data Protection Officer (DPO)

 

For questions about this Policy, how we Process your Data, or to exercise your rights as a Data Subject, please contact our Data Protection Officer (DPO):

  • DPO: [DPO DEPARTMENT]

  • Email [dpo@digitaltwinshop.io]

  • Address: [DigitalTwinShop LLC.Onyx Office Plaza
    29777 Telegraph Road – Suite 4200 – Southfield, MI USA]

 

10. Changes to this Policy

 

Digital Twin Shop may update this Privacy Policy at any time. The “Last Updated” date at the beginning of the document will be revised. We recommend that you consult this policy periodically to stay informed about how we are protecting your data.