The Brazilian General Data Protection Law (LGPD) (no. 13,709/18) defines the following:
a. Personal Data: information related to an identified or identifiable natural person;
b. Database: structured set of Personal Data, established in one or several locations, in electronic or physical format.
c. Data Subject: natural person to whom Personal Data, which are the subject of Processing, refers to;
d. Processing: any operation performed with Personal Data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
e. Consent: free, informed and unambiguous expression by which the Data Subject agrees to the Processing of their Personal Data for a specific purpose;
f. Shared Use of Data: communication, dissemination, international transfer, interconnection of Personal Data or Shared Processing of Personal Databases by public bodies and entities in the fulfillment of their legal competences, or between these and private entities, reciprocally, with specific authorization, for one or more modalities of Processing allowed by these public entities or between private entities;
g. Data Protection Officer as a Service (DPOaaS): person appointed by Tendências to act as a communication channel between the controller, the Data Subjects, and the National Data Protection Authority (ANPD).
b. Any Processing of Personal Data directly or under the responsibility of Tendências will respect the following principles, in addition to those provided by Law and applicable regulations to its business:
i. Good faith;
ii. Legitimate, specific, explicit purpose;
iii. Compatibility of the Processing with its purpose;
iv. Restriction of the Processing to the minimum amount of Personal Data necessary;
3. CONSENT AND PURPOSE OF THE PROCESSING OF PERSONAL DATA
Tendências will require the Consent of the Data Subject for the Processing of Personal Data, except in cases where (i) it is required by Law to do so; (ii) the Processing of Personal Data is necessary for the provision of services by the Company to the Data Subject; (iii) Tendências needs the Personal Data to exercise or defend its rights; or (iv) there is a legitimate interest for the Processing of Personal Data.
a. Among the purposes of Personal Data Processing by the Company, the following stand out:
i. The provision of content and information published by Tendências of interest to the Data Subjects, through a website, newsletters, participation and invitations to events, reminders, among others;
ii. Contact, via the Company’s website, requested by the Data Subject in the appropriate form;
iii. The creation of a Database of job/internship candidates or for the provision of services/supply to Tendências;
iv. The composition of a Database of Company professionals, as well as its eventual work groups (internal or external), committees (internal or external), etc.;
v. The preservation of Tendências’ interests;
vi. The provision of contracted services and the performance of its activities;
vii. Compliance with legislation;
viii. Meeting demands from the Data Subject to Tendências.
c. The updating of Personal Data in the Database may be requested for the purpose of meeting specific objectives.
4. STORAGE OF PERSONAL DATA
a. Considering the specific purpose for the Processing of Personal Data, it will be stored for the time necessary to fulfill the respective purpose.
b. The provided Personal Data may eventually be shared with third parties to fulfill its purpose or to comply with orders from competent authorities, according to applicable law. In any situation, such sharing will be limited to the strict necessity to fulfill the purpose or comply with the authorities’ orders.
c. The Processing of Personal Data by the Company or its service providers with whom the Data may be shared (always respecting the purposes) will comply with technically recommended security standards to prevent and remedy any unauthorized access and incidents or illegal activities that may lead to the destruction, loss, alteration, communication, or dissemination of Personal Data.
5. RIGHTS OF PERSONAL DATA SUBJECTS
a. The LGPD guarantees the following rights to the Personal Data Subjects:
i. Confirmation and access to the Data;
ii. Correction of incomplete, inaccurate, or outdated Personal Data;
iii. Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data according to the provisions of the LGPD;
iv. Portability of Data to another service or product provider, upon explicit request, in accordance with the regulations of the national authority, subject to trade secrets and industrial secrets;
v. Deletion of Personal Data processed with the Consent of the Subject, except in the cases provided for in article 16 of the LGPD;
vi. Information on public and private entities with which the controller has Shared Data;
vii. Information about the possibility of not providing Consent and the consequences of refusal;
viii. Revocation of Consent regarding Processing activities that rely on this legal basis;
ix. Request for review of Automated Processing: request the review of a decision made solely based on Automated Processing of Personal Data that affects their interests, including decisions aimed at defining their personal, professional, consumption, and credit profile, or aspects of their personality.
6. FINAL PROVISIONS
a. In case of doubts, information or requests regarding the Processing of Personal Data, Data Subjects may contact Tendências through the email address firstname.lastname@example.org.
b. The Data Protection Officer (Data Protection Officer as a Service – DPOaaS) is Missão Compliance – GRC, TREINAMENTOS, INVESTIGAÇÕES E CONSULTORIA LTDA., located at Alameda Jaú, nº 48, cj. 31, Jardim Paulistano, São Paulo/SP, CEP 01420-000, registered under CNPJ number 31.766.485/0001-52. For more information, please contact the channel mentioned above.