|
1. - This agreement rules the processing of
personal data, including their protection and
movement, in the following websites and their
online services: (A) alogicadarede.com.br, (B) brazilianlawinenglish.com, braziliannews.net, business.art.br, (D) deconti.adv.br, decontilaw.com, decontilaw.com.br, decontilawoffice.com, direitoepandemia.com, direitoepandemia.com.br (E) educacaoparatodos.pro.br, (F) filosofiamoral.com, (G) globobroking.com, (I) intermediadores.com, (R) rafaeldeconti.adv.br, rafaeldeconti.com, rafaeldeconti.com.br, rafaeldeconti.pro.br, rdc.adv.br, rdc.pro.br
2. - If you navigate in one or more of the above
mentioned websites, and their online services,
remains clearly understood that you agree, in a
free and enlightened way, with the following
rules, being the online navigation a Consent to
the use of your personal data as estated in this
Term.
2.1. - The demonstration of the consent is based on the logging of the user’s
movement in our servers (syslog,
auth.log, mail.log, access.log,
other_vhosts_access.log, ssl_access.log),
as well as other digital files, such as, but
not limited to, e-mails and form structures
in php language, without the prejudice of
the use of other and new technologies to
the demonstration of the consent.
3. - Personal data that we use in our websites
and online services: IP data, and/or visited links,
and/or day and hour of visit, and/or an online
identifier when accessing private areas, and/or
browsers info, and/or text typed by the user in
forms, online contracts, and quizzes, and/or
name, and/or an identification number, and/or e-
mail.
3.1. - Purposes of use: cybersecurity,
marketing and branding campaigns
related to the above websites and their
online services, increase of user’s
experience, improvement of our tech
services by design based on metrics,
closing deals, and compliance with a
legal obligation to which the controller is
subject. Scientific and commercial
interests. Legal duties.
3.1.1. - If the purposes do not or
do no longer require the
identification of a data subject by
the controller, the controller shall
not be obliged to maintain, acquire
or process additional information
in order to identify the data
subject.
3.2. - Special data: the consent of the
clause 2 above is applied as given explicit
consent to the processing of personal data
revealing racial or ethnic origin, political
opinions, religious or philosophical
beliefs, or trade union membership, data
concerning health or data concerning a
natural person’s sex life or sexual
orientation.
4. - Processing we make are: collection,
recording, organisation, structuring, storage,
adaptation or alteration, retrieval, consultation,
use, alignment or combination, restriction,
erasure or destruction.
4.1. - It is part of the processing the
profiling’s process, which is the use of
data to analyse or predict aspects
concerning personal preferences,
interests, behaviour and movements on
the above websites and their online
services.
4.1.1. - The right to restriction of
processing only applies when: the
accuracy of the personal data is
contested by the data subject, the
processing is unlawful, the
personal data is required by the
data subject for the establishment,
exercise or defence of legal
claims, the data subject has
objected to processing.
4.1.2. - The right to object the
processing, be for profiling,
marketing, or other purpose, is a
right of the user.
4.1.3. - The user, by this Term,
accept that it is possible, in the
processing, the use of automated
individual decision-making,
mainly, but not only, in the closing
of agreements and deals.
4.2. - Storage limitation and accuracy of
data: we process the data until a
requirement of data exclusion made by
the user to the Controller, being the
accuracy of the user’s sent data of
liability of this one, observing the clause
3.1.1. above, as well as the right of the
user to change the given personal data,
what includes the right to rectify and
erasure.
4.3. - Data sharing: we do not share data
with third parties without the consent of
the data’s subject, observing the
possibility of third companies and
persons enter into agreement with us on
our marketing’s environment, what
includes the use of our websites, channels
and groups on social medias and mailing
lists.
4.3.1. - The data subject have the
right to data portability, that is
the right to transmit the personal
data to another controller.
4.3.2. - The transfer of personal
data to a third country or an
international organisation will
take place when: (i) the data
subject has explicitly consented to
the proposed transfer; (ii) the
transfer is necessary for the
performance of a contract between
the data subject and the controller;
(iii) the transfer is necessary for
the establishment, exercise or
defence of legal claims; (iv) and in
other specific situations
established in the Article 49, of
the Regulation (EU) 2016/679.
5. - The Controller and Processor of the
mentioned data is Rafael Augusto De Conti, legal
entity enrolled at the Brazilian Federal Revenue
under the CNPJ/MF 12.589.085/0001-74, with
headquarter at Rua Álvares Penteado, no 185, sl.
501, Sé, São Paulo/SP, Brasil, CEP 01012-001,
represented by its agent Rafael De Conti, lawyer
registered in the Brazilian Bar under the number
OAB/SP no 249.808 (contact:
rdc@decontilawoffice.com), observing the
possibility of hire third processors, which ones
shall have the same diligence and obligations of
the controller, acting those as agents of this.
5.0. - The Data Protection Officer is Mr.
Rafael De Conti, above identified, being
an international lawyer with expertise and
knowledge of data protection law, as well
as practices and the ability to fulfil this
Term (juridical advisor on privacy law).
5.1. - The integrity and confidentiality of the data will be made by the availability for the user of encrypted
connections on the communications with
ours servers (SSL / https / SSH /
STARTTLS), as well as passwords for
private areas, anti-virus and backups,
being these mechanisms our Data
protection by design, taking into account
the state of the art, the cost of
implementation and the nature, scope,
context and purposes of processing.
5.1.1 - The controller shall
communicate any rectification or
erasure of personal data or
restriction of processing carried
out to each recipient to whom the
personal data have been disclosed,
unless this proves impossible or
involves disproportionate effort.
5.2. - The limits of liability shall
observes that ‘personal data breach’ can
be a unlawful destruction, loss, alteration,
unauthorised disclosure of, or access to,
personal data transmitted, stored or
otherwise processed, that are made by
hacking attacks, cyber criminals,
uncommon malwares. Also are further
than the limits of liability the system’s
server problem update and the codes bug
on servers softwares, being the Controller
and Processor, in relation to the softwares
providers, merely consumers.
5.2.1. - Users - The use of our
online services by European
union citizens, or persons in
European Union territory, is
unlikely to result in a risk to the
rights and freedoms of persons,
taking into account the nature,
context, scope and purposes of the
processing, not being necessary
designate in writing a
representative in the Union.
5.2.2. - Hired Third Parties -
Processing under the authority
of the controller: the processor
and any person acting under the
authority of the controller or of the
processor, who has access to
personal data, shall not process
those data except on instructions
from the controller, unless
required to do so by judicial/legal
obligation, observing international
agreements.
5.2.3. - The controller shall
document personal data
breaches, comprising the facts
relating to the personal data
breach, its effects and the remedial
action taken, as well as
communicate the personal data
breach to the data subject as soon
as possible, what can be made, if
the case, by a public
communication or similar measure
whereby the data subjects are
informed in an equally effective
manner. In case of data breaches it
is important the action taken by
the controller or processor to
mitigate the eventual damage suffered by data subjects, and,
always when necessary, the good
cooperation with the supervisory
authority, in order to remedy the
infringement and mitigate the
possible adverse effects of the
infringement
5.2.4. - Any effective, proved and
correctly measured damage,
which one is the result of direct
action of the controller/processor,
will be repaired, observing the
right to lodge a complaint with a
supervisory authority, right to an
effective judicial remedy against a
supervisory authority, right to and
effective judicial remedy against a
controller or processor, right of
data subjects to be represented
collectively, right of the
controller/processor to an
proportionate administrative
fines.
5.2.5. - Data protection impact
assessment:
- Subject: clause
a) systematic description of the
envisaged processing and the
purposes of the processing: 4, 3
b) necessity and proportionality
of the processing operations in
relation to the purposes: 3.1
c) risks to the rights and
freedoms of data subjects: low
d) measures envisaged to
address the risks: 5.1 3
5.3. - The data subject have the Right to
Withdraw the Consent contacting the
Controller and Processor such as estated
above, observing that the withdrawal of
consent shall not affect the lawfulness of
processing based on consent before its
withdrawal.
5.4. - The communication with the
controller shall be made in the terms of
clause 5 above, observing that the answer
can be given, taking into account the
complexity and number of the requests,
until 3 months of the receipt, observing,
also, that the controller can refuse to
provide the request, demonstrating the
manifestly unfounded or excessive
character of this one.
5.4.1. - Where the controller has
reasonable doubts concerning the
identity of the natural person
making a request on personal data,
the controller may request the
provision of additional
information necessary to confirm
the identity of the data subject.
5.4.2. - The controller shall
provide a copy of the personal
data undergoing processing. For
any further copies requested by
the data subject, the controller
may charge a reasonable fee based
on administrative costs, observing
that the right to obtain a copy of
own personal data shall not
adversely affect the rights and
freedoms of others, including
commercial secrecy.
5.5. - The Record of processing
activities under responsibility of the
Controller, is constituted by the
following informations:
- Subject: clause
a) the name and contact details of the
controller: 5
b) the purposes of the processing: 3.1
c) a description of the categories of data
subjects and of the categories of personal
data: 3, 3.2.
d) the categories of recipients to whom
the personal data have been or will be
disclosed: 4.3
e) transfers of personal data to a third
country or an international organisation:
4.3
f) envisaged time limits for erasure of the
different categories of data: 4.2
g) general description of the technical
and organisational security measures: 5.1
5.6. - The Categories of processing
activities carried out by a processor is
constituted by the following informations:
- Subject: clause
a) the name and contact details of the
processor: 5
b) the categories of processing carried
out on behalf of each controller: 4
c) transfers of personal data to a third
country or an international organisation:
4.3
d) general description of the technical
and organisational security measures: 5.1
5.7. - The Code of Conduct is constituted
by the following principles:
- Subject: clause
a) fair and transparent processing: 3, 4
b) the legitimate interests pursued by
controllers in specific contexts: 3.1
c) the collection of personal data: 3
d) the pseudonymisation of personal
data: not necessary
e) the information provided to the public
and to data subjects: this Term
f) the exercise of the rights of data
subjects: 4.1, 4.2, 4.3, 5.3
g) the information provided to, and the
protection of, children: no content for
childrens
h) the measures and procedures to ensure
security of processing: 5.1
i) the notification of personal data
breaches to authorities and data subjects:
5.2.3
j) the transfer of personal data to third
countries or international organisations:
4.3, 5
k) out-of-court proceedings and other
dispute resolution procedures: 6
5.8. - The Binding corporate rules is
related to the transfer of personal data to
third countries and international
organizations, and can be accessed at this
link: https://deconti.adv.br/0/en/ct-ue/binding-corporate-rules
6. - Any disputes over this agreement, not solved
by negotiation, shall observes as Jurisdiction the
Brazilian legal system, specifically in the Civil
Court of the Federative State of São Paulo, at the
city of São Paulo.
6.1. - Assessment of Data Protection in
Brazil (GDPR, Art. 45, 2):
https://deconti.adv.br/braziliandataprotection
6.2. - We understand as the Big
Principles of Data Protection: (i) try to
reconcile the right to the protection of
personal data with the right to freedom of
expression and information; (ii)
understand the right to secrecy according
each context.
7. - This agreement was made intended to be in
Compliance with the best tech rules, in special
with: the Regulation (EU) 2016/679 (European
Union General Data Protection Regulation –
GDPR, https://deconti.dv.br/0/rules/eu/CELEX_32016R0679_EN_TXT.pdf or https://gdpr-info.eu/).
Summary Table
- Subject: clause
- Controller of Data: 5
- Data Protection Officer: 5
- Purposes and legal basis for processing:
3.1
- Categories of personal data: 3
- Transfer of personal data to a third
parties: 4.3
- Period of Storage of the data: 4.2
- Existence of automated decision-
making, including profiling: 4.1
- Existence of the right to the user change
the own personal data: 4.2, 5.3
- Existence of the right to withdraw
consent at any time: 5.3
- Existence of the right to withdraw
without affecting the lawfulness of
already processed data: 5.3
- Existence of the right to object: 4.1.2
- Existence of automated individual
decision-making: 4.1.3
- Place of Data’s storage: São Paulo/São
Paulo/Brazil and
Montreal/Quebec/Canadá
- Jurisdiction: 6
|