LGPD: Brazilian General Data Protection Law

Introduction

 
This policy outlines how Valasys Business complies with LGPD: Brazilian General Data Protection Law as an unswerving commitment to protect the privacy and data of its customers, stakeholders, and employees alike.
 
The areas where Valasys Business collects, processes, and holds personal information are described in this policy. All our procedures satisfy the requirements of Brazilian law regarding the protection of personal data.
 
We comply with the LGPD: Brazilian General Data Protection Law that governs the storage, protection, and management of personal information in Brazil.
 
Complying with the data protection law we have implemented specific procedures and trained our staff, and stakeholders to respect individuals’ rights and maintain the security and integrity of their personal data.
 
Compliance with Brazil’s Lei Geral de Proteção de Dados (or LGPD) acts as the starting point for positive development, security, and economy of information; Valasys Business was an early adopter of GDPR which automatically simplified compliance with LGPD.
 
Operative in B2B Media Publishing & services space, we are committed to strictly complying with LGPD for the collection, storing, and transfer of personal data and any other type of personal information, including in the context of interaction on the internet. For example, through our application or by clicking on an offer that you receive via e-mail or a text message. We will also use your personal information to provide our services, marketing communications, and administrative purposes. We comply with LGPD by ensuring that all individuals have full transparency over the processing of their personal data for all purposes and any sensitive types of data (i.e., health status, race, political opinion).
 

The Scope of LGPD

 
LGPD is a comprehensive Brazilian data protection law that covers the activities of data controllers and processors and creates requirements for the processing of information of data subjects. It includes provisions on a variety of issues such as data protection officer (‘DPO’) appointments, Data Protection Impact Assessments (‘DPIA’), data transfers, data breaches, and the establishment of the Brazilian Data Protection Authority (‘ANPD’).
 
The LGPD aims to protect personal data and safeguard customers’ interests in the process. It defines the conditions under which companies can collect, process, store and use personal information. The central objective of this data protection law that entered into effect on 18th September 2020, is to ensure the integrity of personal data in Brazil by overseeing their processing and publication with additional regulation to enforce the law in regards to entities that collect, process, store or use personal information.
 
Complying with LGPD we have rigorous guidelines to safeguard the interests of our Brazilian customers, regardless of our extraterritorial presence which primarily takes into consideration the following facets:
 

Personal Data

 
LGPD defines personal data as information that, by itself or combined with other data, could result in the identification of a natural person. This can include things like name and address, but it also includes other information like bank transactions and phone bills.
 
We, at Valasys Business, are committed to safeguarding our customers’ personal data (any item or information that is linked to an identifiable natural person and, if it is retained, could identify or uniquely identify them). This includes data that is collected as part of a business transaction, as well as personal information that you disclose verbally in person or online. We also take care of sensitive data, health data, biometric data, and ‘pseudonymisation’ (Article 13(§ 4º) of LGPD).
 

Data Subject Rights

 
Article 18 of the LGPD is entitled “Data subject rights.” It contains nine fundamental rights that are similar to those outlined in Article 7 of GDPR. These include the right to be informed, right of access, right to object, right to rectification and erasure of data, right not to be subject to automated decision-making or profiling, and the right to data portability.
 
We are committed to guaranteeing these fundamental rights to our customers unequivocally:
 
The right to obtain confirmation as to whether or not personal data concerning him is being processed for payment of fees or services
  • The right to have an access to data
  • The right to rectification of old, incomplete, or incorrect data
  • The right to anonymize, block or delete superfluous data or data that hasn’t been processed as per LGPD
  • The right to file an express request for data portability to another product or service provider
  • The right to delete personal data after consensual processing anytime
  • The right to obtain information about entities with whom the data has been shared (including both public and private)
  • The right to be informed about any possibilities of content denial and the underlying repercussions
  • The right to retract consent
 

Principles

 
Under Article 6 of the LGPD Valasys Business foresees that any activities of the processing of personal data should be performed observing the principles designed to protect fundamental rights and freedoms under LGPD viz.: good faith, purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, and accountability.
 
Appointment of Data Protection Officer for Extenuating Data Processing & Controlling Guidelines
 
Complying with Article 41(§ 3º) of LGPD, Valasys Business has appointed a DPO for managing and monitoring compliance with the new rules on data protection. The DPO is a position paramount within our organization as the most critical adviser in this field.
 
The DPO also ensures that all the supervisory authorities are well attenuated with the norms of LGPD and comply with them. The duties of the DPO consist of: accepting complaints and communications from data subjects, providing clarifications, taking measures and instructions; receiving communications from the supervisory authority, reporting data breaches, and ensuring effective enforcement protocols in case any deviations from the compliance are observed; instructing employees and contractors of the entity on practices related to personal data protection; carrying out any other tasks established by a controller or in supplementary rules.
 
If at all any breaches occur, the outlaw would be subjected to a fine as mentioned under Article 52 of LGPD that will be applicable to the controller and / Valasys Business (as the case may be).
 

Departures from the Policy

 
Occasionally, we may find it necessary to depart from this policy. If this happens, then we will always consult the Data Protection Officer before taking any action.
 
Valasys Business does not normally seek to depart from or amend areas of this policy that would create disproportionate burdens on our ability to process your data. However, we reserve the right to make limited departures from this policy in exceptional circumstances. This may include where a legal exemption allows us to do so for one specific purpose (e.g. the processing of personal information for fraud protection). The guidelines mentioned under Valasys Business’s comprehensive Privacy Policy statements will serve as the ultimate obligatory principles under the circumstances of any dispute or departure.