De Luca, Derenusson, Schuttoff & Advogados, a law firm registered with the National Corporate Taxpayer’s Register of the Ministry of Economy (CNPJ/ME) under nº 14.380.112/0001-20, with head office at Rua Fidêncio Ramos, no. 195, 10º andar, Vila Olímpia, São Paulo/SP (“DDSA” or “Office“), in view of its commitment and zeal to protect its clients, partners and associates’ personal data and privacy, make this Privacy Policy (“Policy“) available, in accordance with the terms of Law No. 13709/2018 – General Data Protection Law (“LGPD“) and other applicable rules and legislation (“Applicable Law“), in order to inform and clarify the conditions under which Personal Data is processed.
“Personal Data” shall mean any data that makes it possible to identify an individual, directly or indirectly, including information such as: name, Identity Card (R.G.), Individual Taxpayer’s Register (CPF), profession, telephone, email, address, etc.
This Policy is intended to provide clear information on how Personal Data is processed by DDSA, within the scope of providing legal services to its clients, administration and operation of its framework or from access to the local network by visitors.
DDSA acts as controller of Personal Data, so it is responsible for defining the appropriate purposes for the processing of Personal Data. The Office may rely on the support of specialized operators to carry out the procedures for collecting, processing and storing Personal Data.
This Policy was built considering the following basic principles:
(i) DDSA will not intentionally accumulate or maintain Personal Data other than those relevant to the performance of its activities and will adopt the necessary measures to ensure the protection of Personal Data under its custody and control.
(ii) All Personal Data of employees, associates, clients or service providers held by DDSA is considered as confidential, so that appropriate precautions will be taken in order to prevent inappropriate or unauthorized disclosure of such Personal Data;
(iii) Personal Data held by DDSA will not be used for purposes contrary to the fulfillment of the purposes that enabled DDSA to receive or have access to such Personal Data, unless otherwise permitted by Applicable Law;
(iv) Personal Data will not be transferred to third parties, except when required by the type of service provided, and since such third parties maintain the confidentiality of Personal Data and only use them for the purposes they were provided.
DDSA may process the Personal Data of its associates and employees for the purpose of compliance with contractual obligations and legal obligations (tax, corporate, accounting, administrative and others).
Additionally, DDSA may process the Personal Data of its clients and/or their agents for the purpose of: (i) publication of newsletters and communication on relevant matters; (ii) communication regarding financial and operational routines; (iii) provision of legal services and/or compliance with contractual obligations; or (iv) compliance with legal obligations (tax, accounting and others).
The data subject’s consent may be requested for specific cases of processing or due to a change in the way Personal Data is processed, making the collection necessary. Any consent granted to DDSA may be revoked at any time, in which case DDSA may terminate or limit the provision of services if necessary.
The website www.ddsa.com.br collects cookies to provide a good browsing experience and to keep improving its services. Personal Data is collected by the providers of the respective tools (WPML Language, WordPress and Google Analytics) with their privacy policies and is not stored or processed by DDSA. You will have the option of not accepting the collection of cookies, which will not prevent browsing, but may compromise some functionality.
All information provided to DDSA is considered confidential and will not be disclosed, except for the performance of legal services, observing the inherent secrecy of law and professional ethical precepts.
Access to Personal Data is allowed to the Office’s lawyers, employees and consultants, in accordance with data protection and privacy principles such as minimization, proportionality, necessity and relevance.
Personal Data may be shared according to its purpose with operators hired to support the processing and able to act at an adequate level of information security.
Also, DDSA may share Personal Data in order to comply with a legal obligation or court order, making information available at the request of judicial or governmental entities.
It is possible that some of these third parties are located outside the Brazilian territory. In this case, DDSA will make sure that this transfer of Personal Data is made, as a rule, to countries that offer an adequate degree of protection, as determined by the LGPD, or based on any authorizing hypothesis provided for in such legislation.
DDSA website allows integration with social networks and third party websites as a resource for visitors. The use of information and Personal Data by these websites observe their own privacy policies.
Personal Data will be stored in DDSA database contained in servers, cloud platforms and/or applications from service providers, digital and physical files, with security measures being observed to prevent unauthorized disclosure and use, improper processing and to avoid damage.
Personal Data will be kept in the system for the period necessary for processing and will be discarded when its purpose is exhausted. The data subject may request the exclusion of Personal Data at any time.
Storage and elimination will be carried out according to the life cycle of the personal data, within defined internal deadlines, depending on the type of data and context of the Office’s relationship with the data subject, and as provided in the Applicable Law.
The LGPD provides that the data subject will have the right to privacy and protection of his/her Personal Data, and the data subject may, at any time, and as applicable, request:
(i) Confirmation of the processing existence;
(ii) Information about the processing of your Personal Data;
(iii) Access (subject to some exceptions for the protection of third party rights);
(iv) Corrections of Personal Data stored by DDSA, being the data subject responsible for keeping their information correct and updated;
(v) Anonymization, blocking or elimination (unless there is a reason for its maintenance or retention, such as compliance with a legal obligation or to protect the rights of DDSA and/or third parties);
(vi) Portability (subject to exceptions and limitations, in accordance with Applicable Law);
(vii) Revocation of consent, with interruption of processing, in case it is the only applicable legal basis; and
(viii) Complaint, before the National Data Protection Authority (“ANPD”) or other competent authority, against DDSA’s Personal Data protection and privacy practices.
For any of the requests above, use the email address dpo@ddsa.com.br. Requests, information and contact will be made through the sender’s electronic address after verification of the identity of the data subject, with the necessary measures being subject to the legal deadlines.
DDSA declares that it takes the necessary technical and organizational measures to protect Personal Data and to comply with information security standards appropriate to the size of its operation and activities it provides, and may call the ANPD in case of any cybersecurity incident or leakage of Personal Data involving its website or database.
It is highlighted that the Office’s power of action is limited, not being free from external factors, such as unauthorized use of accounts, hardware or software failure, as well as other factors that may compromise the security of Personal Data, requesting, therefore, to all subject to this Policy to promptly inform in case they identify or become aware of an event that compromises or may compromise the security of Personal Data.
All the content available in DDSA virtual environment, including its website, will be understood as exclusive intellectual property of DDSA, unless otherwise expressly stated, including content developed by employees and contractors, according to internal policy.
Intellectual property includes images, information, elements of trademarks and service marks, logos, graphics and company names used in connection with the website or services.
This Policy does not transfer intellectual property ownership, as well as does not licenses or assigns any right of use and reproduction to a visitor, client or third party that provides data to the Office.
The content of the intellectual property cannot, under any circumstances, be used by third parties and be altered or reproduced or copied without prior authorization.
Any questions related to this Policy, as well as to the processing and protection of Personal Data by DDSA, may be sent to our person in charge (“DPO”) through the contact address: dpo@ddsa.com.br
This Policy may be subject to periodic reviews, at any time and at the discretion of the DDSA, in order to keep its content updated with the legislation and best practices in the protection of Personal Data and privacy.
This Policy was last reviewed/updated on: September 14, 2022.
PROCESSING