Privacy Policy

  1. General Provisions

This Data Protection and Privacy Policy of Oliveira Paolucci Advogados (“Policy“) deals with the different ways in which personal data are processed and is guided by Brazilian legislation, more specifically by the General Data Protection Law (“LGPD“), and addresses the commitment of Oliveira Paolucci Advogados to the protection of personal data and sensitive personal data of the holders (“Holders“, “Holder“, “Data Holder“).

  1. Definitions

For the purposes of this Policy, the following definitions will be used:

“National Data Protection Authority” or “ANPD” is the administrative authority in charge of protecting personal data and the national public authority responsible for monitoring, implementing, and inspecting compliance with the LGPD in Brazil.

“Clients” are the individuals and/or legal entities who have or maintain a business and/or contractual relationship with Oliveira Paolucci Advogados.

“Staff” are all the employees, associates, service providers, and/or workers of Oliveira Paolucci Advogados, including directors, interns, apprentices, and any other person who has a direct link with Oliveira Paolucci Advogados.

“Administrative Committee” is a committee that specifically inspects compliance with this Policy and deals with Data Protection, composed of 2 (two) partners of Oliveira Paolucci Advogados.

“Consent” is the free, informed, and unequivocal manifestation by which the data Holder agrees to the processing of the holder’s personal data for a specific purpose.

“Controller” is a natural or legal person, under public or private law, who makes decisions regarding the processing of personal data.

“Anonymized Data” is any data relating to the Holder that has been stripped of any personal identifiable information and concerns the use of reasonable technical means available at the time of its treatment.

“Personal Data” is all information related to the identified or identifiable natural person, directly or indirectly.

“Sensitive Personal Data” is data classified as sensitive by the LGPD and is related to the characteristics of the individual’s personality and preferences, such as racial or ethnic origin, religious conviction, political opinion, membership of a union or religious, philosophical or political organization, and data related to health or sexual life and genetic or biometric data, when linked to a natural person.

“Person in Charge” or “PIC” is the person appointed by the Administrative Committee to act as a communicator or liaison between the controller, the data Holders, and the ANPD, which is responsible for coordinating and ensuring compliance with the Policy and applicable legal/regulatory requirements.

“Sensitive Information” is Personal Data and/or Sensitive Personal Data.

“Applicable Legislation” is all Brazilian legislation, including laws, regulations, requirements, orders, decrees, or other directives with the force of law that provide for the processing of personal data, in particular the LGPD.

“LGPD” means the General Data Protection Law, No. 13,709 of August 14, 2018.

“Data Operator” is a natural or legal person, governed by public or private law, who processes personal data on behalf of the Controller.

“Persons” are all natural or legal persons, whether clients, service providers, associates, interns, or employees of Oliveira Paolucci Advogados.

“Service Providers” are the persons or companies providing services, contractors, partners, or suppliers of Oliveira Paolucci Advogados.

“Products” are services provided by Oliveira Paolucci Advogados.

“Processing” is any operation carried out with Sensitive Information, including the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, or control of information, and its modification, communication, transfer, disclosure, or extraction.

“Holders” are any natural persons and/or holders to whom the sensitive information refers, such as customers, employees, and service providers.

  1. Scope

This Policy applies to Staff, Clients, and Service Providers who access, use, process, handle, collect, produce, receive, classify, use, access, reproduce, transmit, distribute, process, archive, store, delete, evaluate, control, modify, communicate, transfer or extract Sensitive Information, whether physically or electronically.

  1. Purpose

The purpose of this Policy is:

  1. to establish the main data protection requirements applicable to Oliveira Paolucci Advogados to ensure an adequate level of protection of Sensitive Information handled by its Staff;
  2. to ensure the internal areas of Oliveira Paolucci Advogados establish data protection programs and comply with the provisions of the LGPD and Applicable Legislation;
  3. to describe how Oliveira Paolucci Advogados treats and protects Sensitive Information and how the Holders may exercise their rights in relation to the treatment of said Sensitive Information;
  4. to define appropriate techniques and organizational measures against the unauthorized and unlawful processing of Personal Data and/or Sensitive Personal Data and their accidental loss or destruction, thus ensuring their due protection; and
  5. to establish, with respect to all Personal Data and/or Sensitive Personal Data, standards for accessing, using, processing, handling, collecting, producing, receiving, classifying, using, accessing, reproducing, transmitting, distributing, processing, archiving, storing, deleting, evaluating, controlling, modifying, disclosing, transferring or extracting such Sensitive Information.

The Personal Data of the Holders will be processed clearly and appropriately in accordance with the obligations and guarantees provided for in the Applicable Legislation.

  1. Legal Basis for Processing Personal Data

Oliveira Paolucci Advogados undertakes to use the Personal Data and/or Sensitive Personal Data of the Holders in accordance with Applicable Legislation and this Policy, which may be used (I) internally for the correct fulfilment of the agreements signed with Service Providers, Clients, and Staff, (ii) compliance with all legal or regulatory requirements, or (iii) with the Consent of the Holders.

  1. Principles for Data Processing

The Personal Data will be processed according to the following minimum requirements:

  • When consented by the Holder;
  • When established by the LGPD, a personal data protection impact report (“RIPD”) will be prepared;
  • The Personal Data must be obtained fairly and lawfully with the right to information of the Data Holder, except if such information is not necessary considering the hypotheses established for its processing, and, if necessary, with the written consent of the Data Holder; and
  • The Personal Data will be collected only for specified, explicit, and legitimate purposes and may not be processed incompatibly for any other purposes. The Personal Data will only be made available or disclosed to third parties for the aforementioned purposes or in any other way permitted by Applicable Law.

Appropriate technical and organizational controls and procedures should be in place to ensure the security of Sensitive Information and to prevent unauthorized access or disclosure, which could potentially result in alteration, accidental or unlawful destruction, loss of the data, and against all other unlawful forms of Processing.

Security measures shall be designed to ensure a level of security appropriate to the risks posed by the Processing and nature of the data to be protected.

This Policy must be disclosed to all Staff, Clients, and Service Providers and made available for consultation at any time.

Sensitive Information must be properly managed and protected against theft, fraud, espionage, unintentional loss, accidents, and other threats, whereby all Staff, Clients, and Service Providers must adopt safe and consistent conduct with regard to the objectives of this Policy and must take proactive measures and make all efforts to protect Sensitive Information.

Awareness campaigns for Staff, Clients, and Service Providers regarding the security of Sensitive Information will be used to disclose this Policy and the inspection and control of these guidelines.

Sensitive Information of children and adolescents will only be collected and/or treated with the prior and express authorization (in writing) of the parents or guardians.

  1. Use and Processing of Sensitive Information

Oliveira Paolucci Advogados collects and processes personal data that is exclusively necessary and required for its business operations and legitimate interest in accordance with Applicable Legislation.

Oliveira Paolucci Advogados collects the personal data of the Holder when these data are entered or provided by the Holder through the service channels, human resources, websites, and applications of Oliveira Paolucci Advogados.

Oliveira Paolucci Advogados avoids processing Sensitive Personal Data whenever possible and only when necessary, in which case Sensitive Personal Data is collected and treated in full compliance with Applicable Legislation and according to specific terms previously made available to the Holders.

Any information collected may, with the Consent of the Holder, be used for advertising purposes, such as when sending information regarding the brands and/or Products of Oliveira Paolucci Advogados, partnerships, the advertising of events, or for conducting research related to its activities.

In most cases, Oliveira Paolucci Advogados will be assigned as Controller of the Sensitive Information of the Holders and will respect all obligations and responsibilities, as required by Applicable Legislation, and will be responsible for the management and communication with the Holders in case of requests or complaints.

In some situations, Oliveira Paolucci Advogados may share some Sensitive Information with other partner firms or companies that assist us in our activities. These third parties will be classified as data Operators.

Oliveira Paolucci Advogados is judicious and active when selecting its partner Operators and adopts every measure to ensure the security and non-disclosure of the Sensitive Information of the Holders and, thereby, demands that the Operators adopt the best and most effective measures to protect their privacy. In addition, Oliveira Paolucci Advogados will only share the Sensitive Information that is strictly necessary with its partners.

The Sensitive Information processed by Oliveira Paolucci Advogados will be restricted to the minimum data required to meet its purposes, including, but not limited to the following:

  • the protection of products and/or services of Oliveira Paolucci Advogados;
  • the detection, prevention, and resolution of fraud;
  • the handling of security incidents, privacy incidents, or any other illegal activity and their prevention;
  • compliance with legal, regulatory, or arbitration obligations;
  • performance enhancements and the security of networks and systems;
  • statistical analysis;
  • when identifying and correcting faults in the services and/or products of Oliveira Paolucci Advogados;
  • when increasing the quality of services and/or products of Oliveira Paolucci Advogados;
  • the development and distribution of new products and services;
  • research;
  • when specifically and emphatically consented by the Holder or its legal proxy for specific purposes;
  • when protecting the life or physical safety of the Holder or third parties; and
  • data must be processed to prevent fraud and ensure the security of the Holder and during identification and authentication when registering in electronic systems, except in the case of prevailing fundamental rights and freedoms of the Holder that require the protection of personal data.
  1. Sharing of Sensitive Information

Sensitive Information may be shared in the following situations:

with the Service Providers and/or Clients of Oliveira Paolucci Advogados, when required to ensure the provision or fulfilment of legal or contractual obligations with said Service Providers and/or Clients, for example;

  • with authorities, governmental or regulatory entities, or other third parties to comply with legal provisions or protect the Company’s interests in any conflict, including lawsuits and administrative proceedings; and
  • by court order or administrative authorities that are legally competent to request the sharing of Sensitive Information.

Sensitive Information will only be shared with the adoption of appropriate technical and organizational measures that ensure the confidentiality and integrity of Sensitive Information.

  1. International Transfer of Personal Data

Oliveira Paolucci Advogados may, in some circumstances and when necessary to ensure the best provision of products and services, submit Sensitive Information to overseas Clients and/or Service Providers or organizations in accordance with Applicable Legislation and with the contractual clauses.

  1. Use of Cookies

Oliveira Paolucci Advogados may also collect information automatically, such as characteristics of the access device, browser, IP (with date and time), IP origin, information about clicks, pages accessed, and search terms entered into our websites.

When collecting this information, Oliveira Paolucci Advogados will use some existing technologies that improve the Holder’s browsing experience based on their habits and preferences.

Cookies can contain browsing history and user preferences and can be managed by the Holders at any time by simply clearing browsing data when exiting our website.

  1. Links to Third-Party Websites and Applications

The websites and applications of Oliveira Paolucci Advogados may contain links to third-party websites and partner websites that cannot be controlled by Oliveira Paolucci Advogados. When visiting these websites and applications, the Holders will be subject to other terms of use and privacy policies, in which case this Policy will no longer apply.

This Policy is valid only for Oliveira Paolucci Advogados, its Staff, Clients, and Service Providers, and its rules do not apply to third-party websites and applications. The existence of these third-party links does not indicate any endorsement or sponsorship relationship between Oliveira Paolucci Advogados and these third parties, or any responsibility with respect to these third parties, including in relation to the collection and treatment of Sensitive Information and the use of cookies of these third parties.

  1. Anonymization of Sensitive Information

Oliveira Paolucci Advogados anonymizes Sensitive Information whenever required to guarantee the privacy of Holders or when required by Applicable Legislation, meaning that this Sensitive Information is replaced by irreversible unique identifiers. Through this anonymization, the Holder of the Personal Data cannot be identified.

Oliveira Paolucci Advogados uses Anonymized Data, whereby data sets or combinations thereof are processed by technologies and tools that allow the obtaining of useful statistical results.

  1. Security and Confidentiality

Oliveira Paolucci Advogados is concerned with ensuring security in the treatment of Sensitive Information based on three fundamental pillars: confidentiality, integrity, and availability of information. In this regard, Oliveira Paolucci Advogados adopts all the necessary security measures required to avoid any incident and uses resources to identify and correct vulnerabilities that may put the Holder’s privacy at risk.

Oliveira Paolucci Advogados also uses strict security procedures to prevent any unauthorized access to Sensitive Information and constantly safeguards the confidentiality and integrity of the information.

If the Holder has login and password to access the website or any platform of Oliveira Paolucci Advogados, said login and password are personal and non-transferable and cannot be shared with third parties, in which case the Holder is entirely responsible for the protection, secrecy, and good use of the Holder’s login and password.

Oliveira Paolucci Advogados uses the necessary and legally required resources to ensure the privacy of all collected Sensitive Information. The precautions adopted for this purpose include the following:

  • the use of standard and market methods to encrypt and anonymize Sensitive Information;
  • protection against unauthorized access to the company systems;
  • access is restricted to previously authorized persons of the location where the collected information is stored;
  • all persons who come into contact with personal data must undertake to maintain absolute confidentiality. Any breach of confidentiality will entail civil liability and the person responsible will be held liable in accordance with current legislation; and
  • inventory and logs indicating the time, duration, and identity of the person who accessed the data.

Notwithstanding the foregoing, Oliveira Paolucci Advogados cannot fully guarantee that Sensitive Information will not be subject to unauthorized access using methods created to obtain information illegally, in which case, Oliveira Paolucci Advogados will take all appropriate legal measures against violators.

Additionally, Oliveira Paolucci Advogados encourages the Holders to take appropriate measures to protect their Personal Data and their access passwords, considering that such information is personal, non-transferable, and the sole responsibility of the Holders.

  1. Storage Period

Sensitive Information will be stored by Oliveira Paolucci Advogados for the necessary period and purpose for which it was collected, during the business relationship with the Holder, and for the mandatory period required to comply with legal, contractual, or regulatory obligations.

Oliveira Paolucci Advogados will store the Sensitive Information according to all necessary and reasonable requirements to prevent its alteration, loss, and unauthorized access, as determined by Applicable Legislation and best practices.

To protect the privacy of the Holders, the Sensitive Information processed by Oliveira Paolucci Advogados will be automatically deleted when it is no longer required for the purposes for which it was collected, or when requested by the Holder, unless the extended storage of this Sensitive Information is expressly authorized or required by Applicable Legislation.

  1. Sensitive Information in the Relationship with Service Providers and Clients

Oliveira Paolucci Advogados, as the party responsible for the treatment of Sensitive Information, contractually requires that its Service Providers and Clients adopt all technical security measures and actions to ensure compliance with Applicable Legislation regarding the protection and privacy of Sensitive Information and, additionally, of this Policy.

  1. Data Protection Officer

The main functions of the Data Protection Officer (Local DPO) are the following:

  • to oversee compliance with Applicable Law and this Policy;
  • to receive complaints and communications from the Holders;
  • to prepare and send communications to Holders;
  • to clarify queries and take any necessary action to remedy issues;
  • to ensure the governance of the issues addressed in this Policy;
  • to provide guidelines to Staff, Clients, and Service Providers;
  • to update and disclose this Policy;
  • to perform the other tasks determined by Oliveira Paolucci Advogados or established in complementary standards;
  • to evaluate indicators;
  • to authorize exceptions to this Policy;
  • to promote awareness among the Staff;
  • to build test scenarios and execute action plans;
  • to prepare annual reports;
  • to refer occurrences; and
  • to promote and plan training.
  1. Exercise of Rights

In accordance with the provisions of the Applicable Legislation, Oliveira Paolucci Advogados provides communication channels for Clients, Service Providers, and Staff to confirm, submit queries, and/or consult, access, update, and correct their Sensitive Information, and request blocking, revoke Consent or anonymization, or delete their Sensitive Information, including information about the public or private entities with which Oliveira Paolucci Advogados shares their sensitive information.

Oliveira Paolucci Advogados undertakes to resolve such requests in the shortest possible time, depending on the complexity of the request.

The Holder must also be aware that any requests may be legally rejected either for formal reasons (such as failure to prove the Holder’s identity) or legal reasons (requests for deletion of data that must be maintained due to the legal obligation of Oliveira Paolucci Advogados or the free exercise of its right).

Data Holders should receive information about the processing of Sensitive Information at the time of its collection.

  1. How to Contact Us

All Holders may access, update, and edit their Sensitive Information, and request deletion of their data using the features available on the Oliveira Paolucci Advogados website, according to the terms and conditions established by Applicable Legislation.

In addition to this Policy, Oliveira Paolucci Advogados provides contact information and forms for matters regarding the protection of Sensitive Information for Holders in case of doubts and requests.

In case of doubts or comments regarding these concerns, the Holder may use the contact information and forms provided on the Oliveira Paolucci Advogados website.

  1. Updates

This Policy may be revised at any time and without prior notice to the Holders, in accordance with Applicable Legislation and organizational changes that may occur at any time, to maintain its relevance and effectiveness.

  1. Actions for Implementation

Oliveira Paolucci Advogados is responsible for the following:

  • training its Staff on the protection of Sensitive information;
  • creating awareness among its Staff, Clients, and Service Providers;
  • defining the periodicity and updating of training;
  • creating the Administrative Committee on risks related to data privacy;
  • evaluating all agreements with Clients and Service Providers for the inclusion of a contractual clause related to the LGPD;
  • internally evaluating procedures for the protection of Sensitive Information;
  • evaluating routine procedures, controls, and technologies;
  • developing controls and procedures to reduce the vulnerability of technology systems;
  • cloud data storage;
  • preventing information leakage;
  • regularly testing and scanning for vulnerabilities;
  • ensuring protection against malicious software;
  • assigning persons responsible for controlling technological incidents;
  • assigning a director for this purpose;
  • developing action plan with deadlines; and
  • ensuring compliance.
  1. Term and Revisions

The Data Protection Policy will enter into force on September 20, 2021, and will be valid for an indefinite period.

  1. Policy Violations and Sanctions

This Policy must be disclosed and enforced at all hierarchical levels of Oliveira Paolucci Advogados, including partners, associates, service providers, interns, lawyers, and any person who has any form of a commercial relationship with Oliveira Paolucci Advogados, or through our website or social media, and must be considered mandatory in terms of observance and compliance.

Failure to comply with the Policy will result in the termination and/or contractual rescission of the relationship maintained with Oliveira Paolucci Advogados.

To improve your experience, we use cookies and protect your data in accordance with the LGPD. By continuing to browse this site, you agree to the use of these cookies. For more information, visit our Privacy Policy.