CSBA and the GDPR
The General Data Protection Regulation – (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) will come into force on 25 May 2018.
CSBA - Sociedade de Advogados, SP RL, (CSBA) has adopted a policy of protection of privacy and protection of personal data in compliance with the aforementioned Regulation. CSBA handles stores and protects your data, complying with the provisions of the GDPR and further applicable legislation.
CSBA - Sociedade de Advogados, SP RL (CSBA) is committed to the privacy and protection of the personal data of the holders of such data.
In order to ensure its commitment to the privacy of its users, CSBA has adopted the best practices in personal data security and protection, under the terms best described below.
In this regard, and in order to ensure that all personal data are processed and protected in accordance with the new General Data Protection Regulation, we ask you to read the new Privacy and Data Protection Policy carefully.
In addition, it is important to clarify that simply browsing or accessing the CSBA website does not necessarily imply cookies or the collection of your personal data.
1. Personal Data
Personal data corresponds to any information, regarding an identified or identifiable natural person, of any nature and regardless of the means.
An identifiable natural person is someone who can be identifiable, directly or indirectly, in particular by reference to an identifier (e.g. an identification number, location data, electronic identifiers or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural or social nature of such a natural person).
CSBA in the exercise of its activity handles the following categories of personal data belonging to the respective owners that are natural persons:
Personal and Professional Formation Data;
Images and sound recording data.
Depending on the purpose of collecting data, the following personal information may be gathered: (i) name, (ii) date of birth, (iii) contact details (telephone and email address), (iv) company represented, and (v) required information that is relevant to assess the suitability of candidates to work at CSBA, namely professional experience and academic qualifications, related to employees, clients, third parties that relate to individual clients or companies (employees or other), as well as counterparties in legal proceedings or in business areas.
The personal data of the holders are collected through email, letters, contracts, business cards, fax and newsletter subscription.
2. Purpose of Data Processing
CSBA collects the personal data of the holders based on the activity of advocacy and consultancy that it carries out.
The interest in this collection is legitimate, since the information collected is intended to provide legal services, compliance, communications with clients, drafting of contracts, preparation of procedural documents, sending of relevant information, appointment of corporate bodies, management of events among others.
CSBA collects images and sound recording data for the purpose of protecting its premises and any persons, including but not limited to its employees.
CSBA also collects personal data for the purposes of invoicing and accounting management of individual and collective Clients.
CSBA also collects personal data of its employees for purposes of salary processing.
CSBA also collects third party information through curricula reception.
3. Retention Period
The length of time during which personal data are stored and retained will vary in accordance with the above-mentioned Purposes.
In this regard, it should be made clear that personal data may be kept for the period necessary to fulfill the purpose for which they are intended.
The personal data collected is kept by CSBA as long as the relationship between CSBA and the Client exists, plus 20 years.
All other personal data are retained under the applicable law.
4. Data Transfer
CSBA does not convey / transfer personal data to third parties, except when (i) expressly instructed or authorised by the respective holders of such data, (ii) in cases where such transmission is essential for the performance of the service or mandate, (iii) in cases where such transmission is required by law.
However, CSBA declares that such conveyance / transfer when occurring is made within the legally imposed limits.
Any entity subcontracted by CSBA will treat the personal data of users, on its name and on its behalf, undertaking to take the necessary technical and organizational measures in order to protect personal data against accidental, unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of unlawful processing.
5. Data Security
CSBA has adopted a policy of privacy protection and personal data protection in compliance with the aforementioned Regulation, namely in order to protect personal data, preventing the destruction, loss, disclosure or unauthorised access to such data.
Personal data will be processed and stored in computerised form and paper means.
If, for any reason, there is a breach of security that causes, accidentally or unlawfully, the unauthorised destruction, loss, alteration, disclosure or access, to personal data, CSBA undertakes, under the terms of the applicable legislation, to notify the competent authorities without undue delay and, where possible, within 72 hours of becoming aware of such occurrence.
In addition, and iunder the terms referred to in the immediately preceding paragraph, CSBA undertakes to report the violation of the personal data to the respective holder of the data, in accordance with the applicable legislation.
Notwithstanding the security measures adopted by CSBA, it should be pointed out that users should also take additional security measures, in particular to ensure the existence of an up-to-date active firewall, antivirus and antispyware.
6. Rights of Data Holder
• Transparency of information, communications and rules for exercising the rights of data holders;
• Data holders have the right to certain information, such as the identity of the data controller, the data protection officer relevant contacts, the purpose of the data processing and the legal basis for processing;
• Data holders are entitled during the period of data retention, to correct the data, to delete these data or these data to de object of portability, and also the right to submit a complaint to the Control Authority (CNPD);
• Right to rectification of data;
• Right to erasure data ("right to be forgotten");
• Right to limit treatment;
• The right to portability of personal data;
• Data holders are entitled in certain circumstances to oppose the processing of data;
• The data holder has the right not to be subject to decisions taken solely on the basis of automated processing, including profiling, that has effects in his/her legal area or that significantly affects him/her in a similar way.
• The data holder has the right to withdraw consent at any time and in an easy way.
• The holder of the personal data has the right to obtain, from the person responsible for his / her treatment, the deletion of his / her personal data, which, in turn, will have to delete them, whenever one of the following reasons applies: (i) the data are no longer necessary for the purpose for which they were collected or processed; (ii) the holder withdraws consent, where the consent is the legal basis or the holder opposes the treatment and there are no prevailing legitimate interests justifying their maintenance.
7. Responsible for the Processing of Personal Data
CSBA has an appointed controller for the processing of the personal data.
8. Exercise of the Rights of the Personal Data Holders
9. Access to Third Party Websites