Privacy Police
SUMMARY
O LAUTENSCHLAGER ROMEIRO E IWAMIZU ADVOGADOS, escritório de advocacia inscrito no CNPJ/ME sob o nº 08.755.204/0001-44 (o “LRI ADVOGADOS”), tem o comprometimento com a segurança, privacidade e confidencialidade dos Dados Pessoais de seus colaboradores, clientes e fornecedores.
Recognizing and respecting the legal Personal Data Treatment according to the current regulations and other applicable provisions, LRI Advogados drafted this Privacy and Protection of Data Policy (hereinafter, the “Policy”), to be observed by all collaborators and suppliers.
LRI Advogados is committed to adopting all steps to preserve and warrant the protection of the Personal Data of every owner and in the collection, processing and use of Personal Data all applicable regulations shall be respected.
O LRI ADVOGADOS se compromete, ainda, a adotar medidas técnicas e administrativas aptas a proteger os dados pessoais de acessos não autorizados ou atos ilícitos relacionados à destruição, perda, alteração, comunicação ou divulgação, bem como para prevenir a ocorrência de danos em virtude do tratamento de dados pessoais.
Apenas funcionários autorizados podem ter acesso ao banco de dados do LRI Advogados. O acesso a informações pessoais é restrito e assegurado por boas práticas e rígidas normas de conformidade. O LRI Advogados se compromete a não vender ou repassar suas informações para terceiros sem o consentimento prévio conforme legislação aplicável.
I. INTRODUCTION
1.1 Applicable laws and regulations: This Policy is governed by the General Data Protection Law # 13,709/2018 (hereinafter “GDPL”), consistent with the provisions of the Constitution of the Federative Republic of Brazil, set out in its Article 5, subsection ‘LXXII’; the Habeas Data Law (hereinafter “Habeas Data”) # 9,507/1997; and, finally, of the Internet Civil Landmark, law # 12,965/2014 (hereinafter, collectively, “Applicable Regulations”).
1.2 Scope of application: This Policy applies to the Personal Data handled by LRI Advogados that are subject to the Treatment of Personal Data operations.
1.3 Subject matter: The purposes of this Policy is to demonstrate compliance with the duties established in the GDPL, and to regulate the Treatment of Personal Data procedures including, but not limited to, the collection, access, withholding and exclusion of such data by LRI Advogados.
1.4 Definitions: For the purposes of this Processing Policy, consistent with the GDPL, the following have the meaning as follows:
ANPD: National Data Protection Authority at the federal level, responsible for the surveillance, penalization and regulation of Personal Data protection matters.
Databank: Organized sets of Personal Data subject to Treatment.
Controller of the Personal Data Treatment: Individual or legal entity, public or private, which per se or jointly with a third party decides and is responsible for the Personal Data Treatment and the Databank (hereinafter “Controller”).
Consent or Authorization: expression of freewill, informed and unmistaken through which the owner agrees with the treatment of its Personal Data for a certain purpose.
Personal Data: Any binding information or associated with one or more specific or identifiable individuals. Some examples of Personal Data: name, personal identification documents, address, e-mail, phone number, marital status, health data, digital fingerprint, salary, financial information, among other.
Person in charge of the Personal Data Treatment: Individual or legal entity appointed by the Controller (hereinafter “Person in charge”) to figure as a communication liaison between LRI Advogados, the Personal Data owners and the National Data Protection Authority (hereinafter “NDPA”).
Personal Data Treatment Operator: Individual or legal entity, public or private, which per se or jointly with a third party conducts the Personal Data Treatment on behalf of the Controller (hereinafter “Operator”).
Complaint: Request made by the Personal Data Owner or by those which it or the Law authorizes to correct, update or exclude its Personal Data or cancel the authorization in the event established in the Law.
Personal Data Owner: Individual whose Personal Data is subject to Personal Data Treatment (hereinafter “Owner”).
Personal Data Treatment: Any operation or set of operations and technical procedures, whether automated or not, involving the Personal Data, such as collection, access, storage, registration, preservation, use, circulation, change or exclusion, among other (hereinafter “Treatment”).
1.5. Principle applicable to Personal Data Treatment: LRI Advogados shall apply the principles set out below, which shall direct and inspire the Personal Data Treatment.
Purpose: The Personal Data collected shall be used for a legal, authorized, specific and explicit purpose, which shall be previously informed to the Owner, clearly and sufficiently (GDPL, Article 6, subsection ‘I’).
Appropriateness: Personal Data Treatment compatible with the purpose informed to the Owner (GDPL, Article 6, subsection ‘II’).
Necessity: Limitation of the treatment to the minimum needed for the purposes thereof, covering the pertinent data, proportionally and without excess in regard to the data treatment purposes (GDPL, Article 6, subsection ‘III’).
Free Access: Warranty to the Owner of easy and free of charge consultation as to the form and duration of the treatment, as well as concerning the integrity of its personal data (GDPL, Article 6, subsection ‘IV’).
Quality: Warranty to the Owner of the accuracy, clarity, relevance and updating of the data, according to the necessity and to attain the purpose of its treatment (GDPL, Article 6, subsection ‘V’).
Transparency: Warranty to the Owner of clear, precise and easy accessible information concerning the treatment and the respective treatment agents, respecting commercial and industrial secrets (GDPL, Article 6, subsection VI).
Safety: Adoption of technical and administrative steps fit for protecting the personal data against unauthorized access and from the accidental or illegal incidents of destruction, loss, change, disclosure or dissemination (GDPL, Article 6, subsection ‘VII’).
Prevention: Adoption of steps to prevent damages pursuing from Personal Data Treatment (GDPL, Article 6, subsection ‘VIII’).
Non-discrimination: Impossibility of carrying out treatment for illegal or abusive discrimination purposes (GDPL, Article 6, subsection ‘IX’).
Liability and Submission of Accounts: demonstration by the agent of the adoption of efficient steps capable of proving respect and compliance with the Personal Data protection rules and also of the effectiveness of such steps (GDPL, Article 6, subsection ‘X’).
II. RIGHTS AND DUTIES
2.1 Owner Rights: According to Article 18 of the GDPL and other provisions of the Applicable Regulations concerning Personal Data protection, the Personal Data Owner holds the following rights:
(a) Obtain confirmation of the existence of treatment.
(b) Free access to its Personal Data that was subjected to Treatment, according to Article 9 and subsection ‘I’ of Article 18 of the GDPL
(c) Correction of Personal Data that is incomplete, inaccurate or outdated.
(d) Anonymity, blocking or exclusion of data that is unnecessary, excessive or treated in non-conformity with the GDPL.
(e) Portability of Personal Data to another service or product supplier, upon express request, according to the ANPD regulations, respecting the commercial and industrial secrets.
(f) Exclusion of the Personal Data treated with the owner’s consent, except in the cases established in Article 16 of the GDPL;
(g) Information of public and private entities with which the Controller shared use of the Personal Data;
(h) Information on the possibility of not consenting and the consequences of such denial;
2.2. Request of Rights Form: LRI Advogados has professionals trained to answer your questions and requests to exercise your Rights. You may fill out our Request of Rights Form (“Form”). It is important to emphasize that parents, mothers or persons responsible may exercise rights on behalf of children or teenagers, according to the applicable regulations.
2.3.1 Request of Rights Form Analysis: When we receive your request our privacy team shall analyze and answer you in two ways, stating that: (i) your request is legal and fit, hence it shall therefore be analyzed; or (ii) your request has been denied and, for certain reasons, cannot be granted. Do not worry for that even in the case of denial we shall inform to you the reasons why your request was not granted. All of our answers shall always be sent by the same means that you used to contact us, whether e-mail or letter.
(i) Perhaps it will be necessary to request you to provide specific information to confirm your identity and warrant that you may exercise your Rights. This is a safety step to warrant that the Data will not be disclosed to anyone that lacks authorization to receive it. This step is necessary considering foremost our concern with the information of children and teenagers that we treat.
(ii) If your request is accepted, we shall do our best to contact our suppliers and commercial partners that may have access to your Personal Data to likewise warrant correction, exclusion or any other right.
(iii) LRI Advogados may store and keep, in the form of registration, a log of the requests of Rights so that we may, if necessary, provide same to the relevant authorities.
2.3.2. Term for Answer: Received your request our team shall get back to you with an answer within 15 (fifteen) days. If clarifications or further information concerning your request is needed, we may send to you some questions so that we may answer your request satisfactorily, freezing the countdown of the deadline as of when we sent our questions, through to the date of receipt of your answer.
2.3.3 Non-grant of Request: In the case of a request not being granted LRI Advogados shall clarify the reasons that led to the denial of your request, including:
(a) preservation of trade secret and intellectual property of LRI Advogados.
(b) violation of rights and freedom of third parties.
(c) anonymous information that, therefore, is not Personal Data.
(d) obstruction of law and justice.
(e) lawful interests of LRI Advogados.
(f) repetitive, reiterated or excessive requests.
III. PERSONAL DATA TREATMENT
3.1 The Personal Data provided shall be treated for the rendering of legal assistance services purpose and for any other need related to carrying out the operations of LRI ADVOGADOS, namely:
(a) conduct general opinion surveys regarding our services;
(b) handle goods and services provided by third parties for LRI ADVOGADOS to carry out its business activities;
(c) answer questions, requests or complaints placed by the personal data owners and governmental authorities, and share the personal data with any other authorities that under the applicable regulations are entitled to receive and treat the personal data;
(d) provide contents through newsletters;
(e) provide institutional news;
(f) provide invitations, reminders and thanksgiving of events;
(g) to record a log of the cases and demonstrate the services rendered, preserving always the confidentiality between client and LRI Advogados;
(h) faturamento e cobrança de honorários advocatícios e despesas;
(i) enter your Personal Data in the information systems of LRI ADVOGADOS and in its commercial and operational databanks.
(j) plan business activities of LRI ADVOGADOS;
(k) any other activity similar to the foregoing that is necessary for LRI ADVOGADOS to attain its business purposes.
3.2 Databank Validity Period: The Personal Data in the possession of LRI Advogados shall be kept for the length of time necessary according to the purpose of the Treatment and/or the period necessary to fulfill a legal or contractual duty, according to Article 15 of the GDPL.
3.3 Withholding Period and Exclusion of Personal Data: LRI Advogados adopts a withholding of Personal Data policy that is consistent with the applicable law. Personal Data is stored only for the length of time necessary to meet the purposes for which same was collected, unless there is another reason to maintain it, e.g. fulfillment of any legal, regulatory, contractual duties among other, permitted under the law. We always conduct a technical analysis to define the withholding period fit for each type of Personal Data collected, considering the nature thereof, need to collect and purpose for which it will be used, as well as any withholding needs to fulfill duties or protect rights.
IV. COOKIES POLICY
4.1 Cookie é um pequeno arquivo adicionado ao seu dispositivo ou computador por sites que você visita. São amplamente utilizados para fazer os sites funcionarem, ou funcionarem de forma mais eficiente, bem como para fornecer uma experiência personalizada de acesso e fornecer informações aos proprietários do site. O LRI Advogados utiliza cookies para adaptar seu website de acordo com o uso de seus visitantes para entender melhor sua utilização por clientes e visitantes em geral. O LRI Advogados também utiliza outras tecnologias similares, inclusive endereços IP, arquivos de registro e sinalizadores da web, que também nos ajudam a adaptar seu website as necessidades dos visitantes.
4.2. When you visit our webpages some data is automatically stored in our servers. This so occurs for the sake of safety of our systems. The information includes connection to the computer owner data, the webpages that you visit in our website, date and duration of your visit to our webpages, navigator identification data and the operational system used, as well as from where you are visiting us. Personal information such as your name, address, phone number or e-mail address is not stored. If you spontaneously provide such information, e.g. in a request submitted to us, we shall store such information to process your request.
V. GOOGLE ANALYTICS
5.1 Provided free of charge by Google, Google Analytics is a statistics and surveillance service that has an informative nature, collecting access data, behavior and navigation of our website through the search engine of Google. The data provided consists in the target public that accesses the website, period of visitation and access, access behavior and data related to the acquisition of users via campaigns, social networks and advertisement.
VI. REVISIONS AND HISTORICAL RECORD
6.1 This PRI may be updated or amended in the future. Any change shall be shared with the Collaborators through a notice or training.
VII. FINAL COMMENTS
7.2 Considering that LRI Advogados carries out business at a global level, our staff is subject to the laws and regulations of several countries. Notwithstanding, this Privacy Policy applies specifically to Brazil and is subject to the applicable laws and regulations and any amendment thereof, according to the regulations amendments or in our internal processes, hence we suggest a reading of the contents thereof on a regular basis.
7.2 This Policy may be updated or amended in the future. Therefore, we suggest that you periodically visit this webpage to acknowledge the changes. Before using information for purposes other than those specified in this Policy we will request your authorization.
7.3 If you have any questions, comments or suggestions concerning this Policy, please contact the privacy team of LRI Advogados via e-mail to dpo@lrilaw.com.br