LGPD Compliance Policy
1. introduction
Bureau de Tecnologia is committed to protecting personal data in accordance with the General Personal Data Protection Act (LGPD – Law No. 13,709/2018). This policy defines how we collect, use, store and protect personal data, ensuring the privacy and rights of data subjects.
2. Definitions
Personal Data: Information relating to an identified or identifiable natural person.
Data ProcessingAny operation carried out with personal data, such as collection, use, storage, sharing, deletion, etc.
Data Subject: Natural person to whom the personal data processed refers.
Controller: Entity that decides on the processing of personal data.
Operator: Entity that processes personal data on behalf of the controller.
3. Data Protection Principles
Bureau IT adheres to the following principles when collecting and processing personal data:
-
- Purpose: Personal data is collected for legitimate, specific, explicit and informed purposes.
- SuitabilityThe processing is compatible with the purposes informed to the data subject.
-
- NecessityWe only collect the data necessary to achieve the purpose of the processing.
-
- Free AccessWe guarantee data subjects easy access to their personal data.
-
- Data QualityWe keep personal data accurate, clear, relevant and up-to-date.
-
- TransparencyWe inform data subjects about how their data is processed.
-
- SecurityWe take measures to protect personal data against unauthorized access and accidental or unlawful situations.
-
- PreventionWe employ measures to prevent the occurrence of damage as a result of the processing of personal data.
-
- Non-discriminationThe processing of personal data may not be carried out for discriminatory, unlawful or abusive purposes.
-
- Responsibility and AccountabilityWe have demonstrated the adoption of effective measures to comply with personal data protection regulations.
4. Collection and Use of Personal Data
4.1 Data collection
-
- We collect personal data only when necessary to provide our IT services, comply with contractual, legal and regulatory obligations, or with the consent of the data subject.
4.2 Use of data
-
- We use personal data for the following purposes:
- Provision of IT BPO services.
-
- Implementation and management of technological strategies.
-
- Device monitoring and maintenance.
-
- Technological risk management.
-
- Developing an organizational culture geared towards innovation.
-
- Research and development of new technologies.
5. Sharing Personal Data
We only share personal data with third parties who offer sufficient guarantees of security and compliance with the LGPD. These third parties may include business partners, suppliers and legal authorities, as required.
6. Holders’ rights
We respect and guarantee the following rights of personal data subjects:
-
- Confirmation and Access: The right to confirm the existence of processing and to access your data.
- CorrectionRight to request the correction of incomplete, inaccurate or outdated data.
- Anonymization, Blocking or DeletionRight to request anonymization, blocking or deletion of unnecessary data or data processed in breach of the LGPD.
- PortabilityRight to request data portability to another service or product provider.
- DeletionRight to request the deletion of personal data processed with consent.
- InformationRight to be informed about the entities with which the data has been shared.
- Revocation of ConsentRight to revoke consent at any time.
7. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration or improper disclosure.
8. Data Retention
We keep personal data only for as long as necessary to fulfill the purposes for which it was collected, as required by applicable laws or regulations, or as authorized by the data subject.
9. Security Incident Response
In the event of security incidents involving personal data, we adopt immediate measures to mitigate the impacts and notify the affected data subjects and the National Data Protection Authority (ANPD), as required by the LGPD.
10. Training and Awareness
We promote regular training and awareness campaigns on personal data protection for all employees, ensuring knowledge and adherence to LGPD compliance practices.
11. Policy updates
This policy may be updated from time to time to reflect changes in personal data processing practices or as necessary to meet legal requirements. We will notify data subjects of any significant changes.
12. Contact
For questions, requests or complaints regarding the protection of personal data, please contact our Data Protection Officer (DPO) by e-mail: [email protected].