PRIVACY AND PERSONAL DATA PROTECTION POLICY
HRSA SOCIEDADE DE ADVOGADOS
1. INTRODUCTION.
1.1. It is our policy at HRSA | Sociedade de Advogados (“HRSA”) to respect privacy and protect personal data. If you are a client, employee, agent, service provider or visitor to our website, please carefully read this Privacy and Personal Data Protection Policy (“Policy”).
1.2. If you are our client, partner, employee, agent, service provider or maintain any other type of relationship with HRSA, please be aware that your personal data is processed in accordance with Law No. 13,709/2018 (“General Data Protection Law” or “LGPD – Lei Geral de Proteção de Dados”) and that, by engaging in a relationship with HRSA, you agree with the entire content of this Policy. Likewise, by using our website, you are expressing your agreement with the conditions and the entire content of this Policy.
1.3. This Policy has been developed in compliance with the LGPD and Law no. 12,965/2014 (“Internet Act”) to let you know (i) what personal data we collect, how and why they are processed; (ii) what your rights are under Brazilian law and regulations applicable to the protection of personal data and (iii) our obligations, applicable to online and offline interactions and to all our activities and services provided.
2. ABOUT HRSA.
2.1. HRSA (HADDAD, ROBERT E SERAFIM SOCIEDADE DE ADVOGADOS) is a law firm enrolled with the Brazilian Corporate Taxpayers’ Registry under no. 44.618.263/0001-34, with registered office in the city of São Paulo, State of São Paulo, at Rua Minas de Prata, No. 30, 15 th floor, suite 151, Vila Olímpia, ZIP 04552-080.
3. COLLECTION OF PERSONAL DATA.
3.1. Personal Data means any information related to a natural person, identified or identifiable person, including name, ID, address, e-mail, among others.
3.2. HRSA collects personal data whenever you:
- Access our website and provide us with your data through our forms;
- Share information relevant for the services provided by HRSA;
- Contact us through our service channels,;
- Through external partners and information providers, and
- Through publicly available sources, such as public or private databases.
3.3. We look for data collection sources that ensure the protection and confidentiality of your data in accordance with the practices described in this Policy, the law and other applicable regulations.
3.4. HRSA may collect the following data and information, among others:
- Identification data: name, Individual Tax ID (CPF), ID Number (RG), Driver’s license, Foreigner Registration Card, Passport;
- Contact data: e-mail, telephone number, address, in order to ensure security in the services provided and accuracy in the information you provide;
- Demographic data: gender, address, profession, date of birth;
- Service data: your interaction through our service channels (e.g., e-mail or messaging applications, such as WhatsApp) may be saved, as well as the content of your interactions.
3.5. Hiring the services provided by HRSA entails electronic message exchange (e.g., e-mails or messaging applications) for safety and administrative purposes, and it is essential for the performance and development of our activities.
3.6. Other possible ways for HRSA to obtain data, as appropriate, include access to public data published on social networks, as well as other publicly available sources, such as public databases and government agencies (e.g., Internal Revenue Service, Securities and Exchange Commission, and Boards of Trade), as well as administrative and judicial proceedings.
3.7. HRSA may also request copies of identification documents, labeled as sensitive personal data when containing images of a natural person, and which are necessary for the performance of certain services, as well as to carry out identification control of persons, if necessary.
3.8. Without the documents and information described above, the use of our services may be restricted or even made unfeasible. HRSA may, as the case may be, request other necessary documents in order to ensure the most adequate provision of the hired services.
4. USE OF PERSONAL DATA.
4.1. We collect your personal data primarily to enable the provision of the services we were hired for and to charge you for them. Subsidiarily, however, we may use your personal data to:
- Customize content and/or change our services and channels;
- Resolve issues and questions, ensuring the quality of our services and client support;
- Send important notices, such as announcements, changes in conditions and policies, among others; and
- Comply with legal and regulatory obligations.
4.2. You agree and authorize HRSA to use, copy, reproduce, make available, transmit, process, share and translate into other languages, for any purposes, any and all testimonials, statements, opinions, impressions, comments and suggestions that you decide to make public on any HRSA social networks, whether or not associated with your name and profile photograph on such social networks, without any consideration due by HRSA.
4.3. HRSA, respecting your privacy, sends messages by electronic means, such as e- mail and messaging applications, to send newsletters and communications of interest to clients. Frequency may vary, depending on your interaction with any such communications.
4.4. HRSA processes data for as long as necessary or relevant for the purposes established in this Policy, subject to the cases of data storage provided for in the applicable legislation, particularly: LGPD, Internet Act, Consumer Defense Code and Civil Code.
5. RIGHTS AND DUTIES OF THE PERSONAL DATA SUBJECT.
5.1. If you are the subject of personal data collected by HRSA, you have the following rights, guaranteed by HRSA, in compliance with LGPD, the Internet Act and other Brazilian laws related to data protection:
- Access to personal data: you can request HRSA to provide you with the list of the personal data that has been collected from you;
- Correction of your personal data: you may request the correction and/or adjustment of your personal data, at any time, if you verify that any information is incomplete, incorrect or outdated;
- Blocking or eliminating personal data that is unnecessary, excessive or processed in violation of the General Data Protection Law: you may request that HRSA stops processing your personal data. The steps to be taken will be evaluated and implemented on a case-by-case basis, respecting the storage obligations as provided for by the Internet Act, the Consumer Protection Code and the Civil Code, also observing the statute of limitations for any judicial or administrative claims.
- Personal data portability right: you may request that HRSA provide you, or a third party expressly appointed by you, with your personal data;
- Right to delete processed personal data with the consent of the personal data subject: you may request the deletion of your personal data when the processing of such data is optional and has your consent as the legal basis, except for the maintenance of data necessary (1) for compliance with legal or regulatory obligations; (2) for study by research body, ensuring, whenever possible, the anonymization of personal data; (3) for compliance with any judicial or administrative order that requires them; and (4) in view of the duty of storage by the legal periods provided for in the Internet Act, Consumer Protection Code and the Civil Code;
- Right to information on personal data sharing: you may request HRSA to clarify with which third parties it shares your personal data; and
- Right to revoke consent at any time and right to refuse consent and the consequences of any such refusal: you may revoke your consent at any time, except that, depending on the nature of the personal data, it may lead to limitations concerning HRSA’s service provision. Revocation of consent shall not have retroactive effects.
5.2. If you need any assistance in exercising your rights, please contact us at: lgpd@hrsa.com.br.
6. STORAGE OF PERSONAL DATA.
6.1. All personal data is stored in a secure cloud environment of providers that have been chosen based on their compliance with data protection legislation.
6.2. HRSA will store your personal data for the duration of our contractual relationship with you, except in case of any legal or regulatory provisions otherwise. However, HRSA complies with the limitations set forth in the Internet Act, the Consumer Protection Code and the Civil Code, in case of contractual relationship with you, in order to protect your rights. In the absence of any such contractual relationship (such as, i.e., simple access to the website by the user), HRSA will maintain the information until further request for disposal of your personal data and in accordance with the applicable legislation, respecting, in any case, the data storage provisions set forth by applicable legislation.
7. SHARING PERSONAL DATA WITH THIRD PARTIES.
7.1. HRSA may share your personal data with its service provider partners to comply with legal obligations (e.g., with accounting firms), to enable the proper delivery of its services (e.g., with data storage service providers), to perform the contract with you, as well as to implement its compliance policies.
7.2. HRSA may collect information about you from identity verification entities, official agencies (e.g., IRS), publicly available agencies (e.g., Google), and data bureaus in order to provide the services you have hired as well as to detect any possible fraud.
7.3. HRSA may share your personal data with public authorities in case of administrative or judicial proceedings, in Brazil or abroad (in this case, ensuring the same level of protection as offered in Brazil), or by order of a competent authority, such as regulatory agencies, government agencies, in accordance with the provisions of applicable law and regulations. Such sharing of personal data shall not depend on any authorization from or prior communication to the data subject.
7.4. HRSA may carry out international transfers of personal data, under contracts with technological service providers located outside the country, or under the request of personal data protection authorities or foreign government entities, in accordance with applicable law. Such sharing of personal data shall not depend on any authorization from or prior communication to the data subject.
8. DATA PROCESSING.
8.1. HRSA has incorporated all the requirements of the General Data Protection Law and other applicable laws for the protection of personal data, considering the following premises:
- Data Minimization: In all processing of personal data, whether physical or digital, HRSA seeks to collect and process personal data that is minimally necessary and appropriate for the applicable purposes, as described and informed to the data subjects (meeting the principles of purpose, adequacy and necessity).
- Transparency: HRSA ensures that any and all processing of personal data is known to the data subjects regarding collection, purpose, conservation and storage time.
- Confidentiality: HRSA has established organizational and technical measures aimed at confidentiality of personal data under its responsibility, managing and controlling access only to authorized persons and adopting security measures to mitigate risks.
- Prevention and security: HRSA carries out periodic risk assessment and there by updates technical information security measures to ensure adequate protection of personal data.
- Free access and data quality: HRSA ensures personal data subjects have simple and free access to their personal data, and takes reasonable steps to ensure that the data presented to data subjects is clear, accurate and up-to-date.
- Non-discrimination: HRSA ensures that all processing of personal data is done without discrimination of any kind.
- Relations with third parties: In its relations with third parties involving the sharing of personal data, HRSA ensures that any such third parties comply with the applicable duties and obligations on the protection of personal data.
- Accountability and liability: HRSA implements effective measures for the protection of the personal data of data subjects that can provide evidence of compliance with applicable standards for the protection of personal data.
9. USE OF COOKIES AND SIMILAR TECHNOLOGIES.
9.1. HRSA uses essential cookies to control, monitor and track any vulnerabilities, incident risks and information security incidents in order to act preventively and provide a secure environment for our clients.
9.2. If you do not agree with the use of cookies, you may not access HRSA’s website. If you agree with this Policy, whenever you access HRSA’s website, you will see a window warning our website visitors on the use of cookies and you must click “continue”, it will not be necessary to give any other consent for the use of cookies.
10. SECURITY POLICIES.
10.1. HRSA adopts organizational and technical measures aimed at information security and has professionals who assist in the implementation of these measures to protect personal data against unauthorized disclosure, access, change, and accidental or illegal data loss or leak.
10.2. Notwithstanding the measures taken to ensure information security, the systems used by HRSA are not immune to hardware or software failures, cyber attacks and/or other force majeure or act of God events that may compromise the security of your personal data.
10.3. In the event of a security incident resulting in the unauthorized destruction, loss, change, access or leak of personal data, HRSA will notify the interested party within a reasonable period of time and will adopt the necessary measures to mitigate damage and hold those involved accountable. In any case, HRSA shall report the incident to the competent authorities.
11. CONTACT.
11.1. If you have any questions and/or need to address any issues related to this Policy, please contact us at the following e-mail address: lgpd@hrsa.com.br.
12. CHANGES TO THIS POLICY.
12.1. HRSA may review this Policy from time to time in order to improve its provisions. Whenever changes are made, HRSA will make the updated version available on the website. Any changes to this Policy will be effective immediately upon its publication on the HRSA website.
13. APPLICABLE LAW AND JURISDICTION.
13.1. This Policy is governed and interpreted by the laws of the Federative Republic of Brazil.
13.2. The courts of the district of São Paulo/SP are hereby appointed in order to settle any disputes that might arise in connection with this Policy.
14. GENERAL PROVISIONS.
14.1. This Policy will be in effect for an indefinite term.
14.2. Any tolerance by either party in demanding perfect compliance with the obligations of the other party shall not constitute a waiver, novation, amendment, of any of the rights or obligations established under this Policy.
14.3. The invalidity or partial unenforceability of this Policy shall not affect the remaining provisions not deemed invalid or unenforceable.