To demonstrate Machado Meyer's commitment to the security and privacy of data/information collected from clients who have maintained or maintain a legal relationship with Machado Meyer.
2. DATE OF EFFECTIVENESS
The Policy is effective as of February 9, 2021, for an indefinite period of time, and may be revised and updated whenever necessary, according to the responsibility matrix provided in item 8 of this document.
3. TO WHOM IT APPLIES
The Policy applies to all individuals linked to clients who have maintained or maintain a legal relationship with Machado Meyer.
4. GENERAL GUIDELINES
4.1 The Policy will be published and disclosed internally on our intranet and externally on the website www.machadomeyer.com.br and will be available for review, according to the text below, directed to the specific audience - "CLIENT".
4.2 We explain in the Policy, clearly and transparently, to people who have worked or work for or on behalf of Clients, what is done with the Personal Data we process.
4.3 The topics below clarify for what purposes personal data is used, for how long, how you can access it, update it, and obtain additional information.
5. SPECIFIC GUIDELINES
5.1 We process Data of individuals who have worked or work for or on behalf of Clients, or their partners or shareholders, in the following categories:
- Registration data (name, RG, CPF, CNH, PIS, CTPS, passport, voter ID, education, e-mail, business address, home address, landline, mobile phone, language, position, company, profession, gender, date of birth, nationality, marital status, signature, photos, videos, CCTV image);
- Financial data (salary, as applicable in the context of the services provided to you);
- Sensitive data (union membership, physical disability, medical certificates, medical reports, occupational health certificates - ASO, occupational accident reports - CAT, and other data that may be provided under the contractual relationship established between the Client and Machado Meyer, in the context of the provision of legal services.
5.2 Machado Meyer, as the controlling agent, will make decisions regarding the personal data processed within the scope of the relationship established with you.
5.3 We process personal Data for the following purposes:
- Rendering of the services hired by the Client to defend its interests in judicial and extrajudicial proceedings;
- Use of specialized services to manage the proceedings;
- Maintaining custody of documents to support legal, tax, and business requirements;
- Records of the activities performed for the collection of fees;
- Registration of Clients and their respective contacts for use in the correct and timely issuance of invoices;
- Client Prospecting through research of contacts via internet and social networks;
- Security and physical access control to the office premises;
- Promote brand value and engage with new contacts and potential clients through sponsored events;
- Publication of relevant cases in legal directories that offer legal research and analysis, preserving Client confidentiality as appropriate;
- Comply with a legal or regulatory requirement.
5.4 We may share the Personal Data referred to in the Policy to render our services in the following instances:
- Independent research and legal analysis companies for publication of relevant Machado Meyer cases in legal directories , ensuring the maintenance of professional secrecy in relation to the Client;
- Competent public authorities (judicial and extrajudicial), government entities, regulatory or tax agencies for which Machado Meyer is subject to comply with a legal or regulatory obligation or under applicable local law;
- Operating agents who handle your Personal Data in accordance with Machado Meyer's instructions:
- Specialized service providers for the execution of the hiring and provision of services focused on you;
- Technology service providers;
- Event organizing agencies to offer the services you have requested or that may be of interest to you;
- Document safekeeping services companies; and
- Providers related to physical security whenever you access our office premises.
5.5 Machado Meyer uses cloud systems, for this reason it is possible that Personal Data may be transferred outside Brazil (currently, to Chile and the USA), since they are the backup countries for the data storage of our service provider. To ensure that your Personal Data is processed solely for the stated purposes, we have adopted safeguards and guarantees such as specific clauses, standard clauses, and global corporate standards.
5.6 The Personal Data collected and processed by Machado Meyer shall be stored until the purpose of the Processing is exhausted or when there is no longer a legitimate purpose or a legal and regulatory reason that allows Machado Meyer to retain it.
5.7 We adopt safety standards set forth in applicable laws and regulations, such as:
- Training, governance, internal security policies;
- Control of storage on internal or outside servers
- Software to encrypt data collected;
- Protection against unauthorized access;
- Authorized access only to specific persons to the place where your personal information is stored, provided that such access is essential for the performance of the intended activity;
- Confidentiality of the professionals who access the information/data;
- Application of administrative, disciplinary, and legal sanctions against employees and persons who unduly use your information, in violation of this Privacy and Information Security Policy;
- Absolute commitment to the principles laid down by the applicable laws and regulations, as well as the storage and deletion of data, the latter when requested;
- Access by Data Subjects to all of their information stored.
5.8 While our best efforts are put into preserving your privacy and protecting your Personal Data, it is important for you to know that no transmission of information is ever completely secure.
For this reason, Machado Meyer cannot fully guarantee that all the information it receives and/or sends will not be subject to unauthorized access and performed through methods designed to obtain information improperly, such as viruses or database intrusions.
5.9 In the event of a breach of Personal Data in our custody, we guarantee we will make every effort to remedy the consequences of the event.
5.10 In order to ensure your privacy and the protection of your data, Machado Meyer will facilitate the exercise of the rights described in article 18 of Law 13,709/2018, General Personal Data Protection Law, as applicable, which are:
- confirmation of the existence of Processing;
- access to the data;
- correction of incomplete, inaccurate, or outdated data;
- anonymization, blocking, or elimination of unnecessary or excessive data or data processed in violation of the provisions of the General Personal Data Protection Law;
- portability of data to another Provider of a service or product, upon express request, in accordance with the regulations of the national authority, subject to commercial and industrial secrets;
- erasure of personal data processed with the consent of the Data Subject, except in the cases provided for in article 16 of the General Personal Data Protection Law;
- information on public and private entities with which the controller has shared the use of Data;
- information about the possibility of not providing consent and the consequences of refusal; and
- revocation of consent, pursuant to paragraph 5 of article 8 of the General Data Protection Law.
5.11 To meet the above requests, we will undertake all reasonable efforts within the shortest time possible, but you should be aware that the following may occur:
- Possible delay in service due to justifiable factors, such as the complexity of the request;
- Rejection of your request for formal (e.g., if you are unable to prove your identity) or legal reasons (e.g., request for deletion of Data that may be kept by force of law or regulation; request for copy of a document that will only be provided if there is explicit consent; request for portability due to lack of specific regulation for the activity performed by Machado Meyer).
5.12 For any case of impossibility of meeting your request, Machado Meyer will provide due reasons.
5.13 You may contact Machado Meyer's Data Protection Officer (DPO by e-mail click here to make the requests mentioned in the previous topic.
5.14 Should any questions remain after reading this Policy in its entirety, you may contact our Data Protection Officer (DPO) at the following e-mail address click here.
6. TERMS AND DEFINITIONS
Individual or legal entity, public or private, Brazilian or foreign, current or potential purchasers, or users of products offered by Machado Meyer.
Any information relating to a directly or indirectly identified or identifiable individual.
Sensitive personal data
Special category of personal data concerning racial or ethnic origin, religious belief, political opinion, membership in a trade union or a religious, philosophical, or political organization, concerning health or sex life, genetic or biometric data concerning individuals.
Individual to whom the Personal Data refers, such as, for example, the persons to whom this policy applies: persons who worked or work for or on behalf of clients, suppliers, or who are its shareholders and who maintained or maintain a business relationship with Machado Meyer.
Data Protection Officer
Person appointed by the Controller and Operator to act as a communication channel between the controller, the data Holders, and the National Data Protection Authority (ANPD)
Designates the electronic address www.machadomeyer.com.br and its subdomains
Any operation performed with personal Data, such as those relating to the: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, discarding, assessment, or control of the information, modification, dissemination, transfer, diffusion, or extraction.
- Code of Conduct
- Information Security Policy
- Physical Security Policy
- Document Management Policy
- Data Protection Standard
- Procedure for the enforcement of Data Holders' Rights
- ISO 27701
- Federal Law No. 13,709/2018 (General Personal Data Protection Law)
- Federal Law No. 12,965/2014 (Brazilian Civil Rights Framework for the Internet)
- Federal Law No. 8,078/1990 (Consumer Protection Code) and other applicable laws for the activity provided by Machado Meyer.
8. RESPONSIBILITY MATRIX
|Executive Board|| |
|Information Security and Privacy Committee|| |
|Information Security|| |
|Responsible Person for personal data Processing (Data Protection Officer - DPO)|| |