Data protection

Privacy Policy

Mazzucco e Mello Sociedade de Advogados (“Mazzucco e Mello” or Firm”), aware of the importance and duty of privacy of personal information and documents entered by its external and internal users (“Data Subjects”) in the Firm’s different databases, including its internet portals and physical documents under its custody, acting as Controller of the processing of said personal data, establishes this Privacy Policy.
Applicable legislation

This Privacy Policy is governed by current Brazilian legislation, especially Law 13,709/18 (“General Data Protection Law”) and Law 12,965/14 (“Marco Civil da Internet”).

Definitions

For the purposes of this Privacy Policy, the following definitions are established:

Holder: natural person (clients, employees, partners, suppliers and providers) to whom the personal data that are subject to processing refer;

Personal Data: is information related to an identified or identifiable natural person. It may include, for example, name, address, email, telephone, debit/credit card number, IP address and geolocation data;

Sensitive personal data: special category of personal data relating to racial or ethnic origin, religious belief, political opinion, membership of a trade union or organisation of a religious, philosophical or political nature, relating to health or sexual life, genetic or biometric data relating to the natural person;

Anonymized Data: is information that, alone or in conjunction with other Anonymized Data, does not allow the identification of a person, considering the use of reasonable and available technical means at the time of its processing. It may include gender, age and generalized geolocation (such as the city in which the person is located) and statistical data;

Database: structured set of personal data, established in one or more locations, in electronic or physical support;

Processing of personal data: any operation carried out with personal data, such as those referring to: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction;

Controller: natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data;

Operator: natural or legal person, under public or private law, that processes personal data on behalf of the controller;

Person in charge / DPO: person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD);

User: people who access or interact with activities offered on the different internet portals owned by the Office and client companies;

Purpose of the privacy policy
The purpose of this Privacy Policy is to inform holders of Personal Data of the directives for the collection, processing, storage and protection of physical and digital information and documents (“Personal Data”), collected by the Office or on its behalf, or entered directly by its holders (external and internal) on its digital and physical platforms, clarifying how their Personal Data will be processed, as well as what their rights are and how they may be exercised.
Processing of personal data
The data collected by the Firm, including personal data, may be subject to processing and will observe the purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability and reporting, always in compliance with the principle of good faith, being incorporated into the corresponding physical and electronic records (“Record”) or in Databases over which the Firm will act as Controller. Mazzucco e Mello clarifies that any Personal Data collected will be processed only when there is a regular purpose and objective, with the consent of the Holder or under legal provision, in the cases provided for in the current legislation, including when necessary to meet the legitimate interests of the Firm, provided that they do not conflict with the fundamental rights and freedoms of the holder that require the protection of personal data. Data that undergo an anonymization process (“Anonymized Data”) during their processing will not be considered Personal Data for the purposes of this Privacy Policy, since they lose the possibility of association, directly or indirectly, with an individual, according to the current legislation.
Purpose of processing personal data

The processing of personal data by Mazzucco e Mello will have the following purposes:

  • Provision of services inherent to the Office’s activities to Holders;
  • Compliance with legal or regulatory obligations;
  • Execution of contracts or necessary preliminary procedures related to a contract to which the Holder is a party;
  • Serving the legitimate interests of the Office or third parties contracted by it, safeguarding the fundamental rights and freedoms of the holder that require the protection of Personal Data;
  • Relationship and provision of information about products and services contracted by the Office's clients;
  • Preparation of studies and campaigns aimed at facilitating the offer and provision of services other than those primarily contracted, assessing the Holder's interest in contracting new services or acquiring new legal services;
  • Regular exercise of rights in judicial, administrative or arbitration proceedings.
Types of personal data that may be collected by the customer
  • Registration and/or contact details;
  • Professional and/or legal data;
  • Identification data generated by official bodies;
  • Financial/payment data;
  • Identification data with the Office (Ex.: registrations for access to relationship portals);
  • Data on the Holder’s preferences (e.g.: data based on internet browsing, on own or related websites).
  • Data related to the offer of products and services sold by the Office.
Ways of collecting personal data
  • Provision directly by the Holder or his legal representatives: personal data entered, physically provided or forwarded when accessing one of our channels (websites or applications) or when consulting, applying for and/or contracting products and/or services provided by the Office;
  • Collected directly by the Office and with the consent of the Holder: data collected during commercial processes, marketing campaigns, authorized third parties, related or not to the prospecting of legal services by the Office;
  • Supply by contracted third parties: Personal Data received from third parties, acting in partnership with the Office, as service providers for enriching information collected directly by the Office, provided that expressly authorized by the Holder;
  • Collected from public databases: data from public databases, made available by authorities (such as the Federal Revenue Service, for example), credit or credit protection institutions or data made explicitly public by the Data Subject, such as on websites or social networks, safeguarding the fundamental rights and freedoms of the data subject that require the protection of Personal Data;
  • Automatically collected: automatic collection of information, associated with personally identifiable information, using technology tools, such as Cookies, which will be informed to the Holder.
Rights of the holder of personal data

The Holders are guaranteed the fundamental rights of freedom, intimacy and privacy, ensuring ownership of their Personal Data contained in physical and electronic records, files, records and other inherent information and documents that are archived and under the direct responsibility of the Office or its service providers duly contracted for this purpose, as well as their respective sources, it being understood that certain services provided on the websites may contain specific particular conditions in relation to data protection.

The Holder also has the following rights, specifically in relation to his/her Personal Data, in accordance with current legislation:

  • confirmation of the existence of processing of your Personal Data;
  • access to your Personal Data;
  • correction of your incomplete, inaccurate or outdated Personal Data;
  • anonymization, blocking or deletion of your Personal Data that is unnecessary, excessive or processed in non-compliance with current legislation;
  • portability of your Personal Data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets;
  • deletion of your Personal Data processed with your consent, except for legal exceptions;
  • information on public and private entities with which the Office shared your Personal Data;
  • information about the possibility of not providing consent and the consequences of refusal; and
  • revocation of consent for the processing of your Personal Data, in accordance with current legislation.
Contact channel with data controller / DPO

To ensure that the Data Subject can exercise these rights relating to their Personal Data, the Office, in compliance with legal provisions, has a Personal Data Governance area, accessible solely and exclusively through the following direct service channel:

Contact email: leonardo.neri@br-mm.com

The Holder may formalize a request, at any time, directed to the channel above and/or others eventually made available for this purpose and duly communicated.

The Office will process the Data Subject’s request and provide whatever is requested promptly, always complying with the legal and regulatory deadlines determined by the National Data Protection Authority (“ANPD”).

Personal data protection measures

The Office informs that it adopts all security measures usually practiced by the market and appropriate, aiming at the protection of Personal Data against unauthorized access, alteration, disclosure or destruction.

These measures include internal reviews of our data collection, storage and processing practices and security measures, including encryption and appropriate physical security measures to guard against unauthorized access to systems where we store personal data.

The Holder is solely and exclusively responsible for any and all passwords required by the electronic systems made available by the Office, and his/her password is personal and non-transferable. He/she must ensure its use and adopt all reasonable security measures when accessing the electronic systems made available by the Office.

However, the Holder must be aware that the security measures relating to the world wide web, the internet, are not entirely secure, and are subject to actions by malicious third parties and, therefore, the Holder, when accessing the Office's digital platforms, must ensure that all security measures are installed on their access equipment, such as, but not limited to, firewall and antivirus.

The Office does not request passwords from Holders, nor changes and/or updates to registrations, except through its own official communication channels, and no third parties are authorized for this purpose.

The Office undertakes to promptly communicate to the Data Subject and the ANPD (National Data Protection Authority) the occurrence of any security incidents that may entail any relevant risks or damages, collaborating with any investigations and acting effectively to repair any losses.

Sharing of personal data

The Office may share Personal Data with other companies in the same group, whether controlling or controlled by the latter, directly or indirectly, always with respect to the same purposes that were indicated in this Policy and in current legislation.

Additionally, the Office will share data with partner companies and suppliers duly contracted and authorized for this purpose ('Operators'), in the development and provision of legal services made available to the Data Subject, considering contractual safeguards to guarantee the security of Personal Data and the Data Subject's rights, allowing only the processing of Personal Data for specific purposes and in accordance with the Controller's instructions.

The Office will share the information and respective documents and Personal Data in the cases provided for by law and/or with the prior consent of the Holder, in which case the Office will request express authorization to share all information and documents.

Additional considerations

The Holder guarantees that the Personal Data provided to the Office are true and legitimate, free from any defects in consent, and also undertakes to immediately communicate to the Office any changes thereto.

Except in fields where otherwise indicated, answers to questions about Personal Data are optional, and their absence does not imply a reduction in the quality or quantity of the corresponding services.

The Office may decide to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, are impractical, or for which access is not otherwise required.

The Office will provide Data Subjects with adequate resources so that they can, in advance, agree with this Policy or any other relevant information before giving their consent to the storage of their Personal Data.

Changes to this policy

This Privacy Policy may, at Mazzucco e Mello's discretion, be updated and/or changed at any time, without prejudice to the rights of Data Subjects guaranteed by current legislation, and such update will be explicitly announced by the Firm, through its communication channels, including the respective highlight in the Policy itself. Any updates and/or changes that affect the rights of Data Subjects and/or obligations of the Firm, as well as those arising from current legislation, may be subject to specific communication.