LGPD
Políticas de Privacidade
One of the principles of the General Data Protection Law (LGPD) is respect for privacy. The privacy of our data subjects ("you," "data subject") is very important to BRANDDI, and for this reason, we spare no effort to protect the personal data we process.
Thus, this Privacy Policy, available through our website and other channels, aims to explain simply, clearly, and objectively what types of data will be collected, when, and how they will be used.
When referring to personal data, we consider any information related to an identified or identifiable natural person, including identification numbers, location data, or electronic identifiers when linked to an individual. In summary, any personal information that can identify its owner.
This includes details such as name, address, email, phone number, among others. Sensitive data refers to personal data related to racial or ethnic origin, religious beliefs, political opinions, trade union membership, or membership in religious, philosophical, or political organizations, as well as data concerning health, sexual life, genetic, or biometric data when linked to a natural person.
1. GENERAL INFORMATION
1.1. Terms and Definitions
i. National Data Protection Authority (ANPD): A federal public administration body under the Presidency of the Republic, responsible for ensuring personal data protection, monitoring compliance, and applying sanctions in case of data processing violations under the LGPD.
ii. Cookies: Small data units stored by your browser on your computer's hard drive. Cookies are necessary for using the Platform.
iii. Controller: A natural or legal person, public or private, responsible for decisions regarding the processing of personal data.
iv. Operator: A natural or legal person, public or private, who processes personal data on behalf of the controller.
v. Personal Data: Information related to an identified or identifiable natural person.
vi. Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious beliefs, political opinions, trade union membership, or membership in religious, philosophical, or political organizations, as well as data concerning health, sexual life, genetic, or biometric data when linked to a natural person.
vii. General Data Protection Law (LGPD): The law governing the processing of personal data, including digital means, by natural or legal persons, whether public or private, regardless of where the data is processed or the company’s headquarters, as long as:
The processing occurs within national territory;
The processing aims to offer or provide goods or services to individuals in Brazil;
The personal data being processed was collected in Brazil.
viii. Information Security Policy (PSI): A document in which BRANDDI commits to protecting its proprietary and managed information, outlining guidelines for the company and operators regarding information security measures.
ix. Intellectual Property: Rights related to industrial property and copyright, including author rights and related rights.
x. Processing: Any operation performed with personal data, such as collection, production, reception, classification, usage, access, reproduction, transmission, distribution, processing, storage, elimination, assessment, control, modification, communication, transfer, disclosure, or extraction.
xi. Data Subject: The natural person ("you," "data subject") who merely accesses the website or fills out a registration form and agrees to the Privacy Policy.
1.2. Collected Data and Their Purpose
1.2.1. Data may be collected in various contexts depending on how you interact with BRANDDI.
Below are the main situations where we collect personal and sensitive data:
Registration on our website for full usage;
Sending emails or contacting us through other channels;
Submitting personal data to fulfill contractual obligations or preliminary procedures.
The data processed by BRANDDI may include but is not limited to your full name and email address. Third-party data used to provide services, such as notifications and communications by BRANDMONITOR, may be obtained from public databases, public administration bodies, credit protection services, among others.
We also automatically collect data through cookies. Cookies are small files installed on your device to collect information about your browser or device. They help us understand how and when the website is accessed and by how many users. Cookies allow us to customize content, improve user experience, and personalize product and service offerings.
We use cookies for different purposes:
Essential Cookies: Strictly necessary for our services and the correct functioning of our website, ensuring safe navigation, content scaling, and legal compliance by BRANDDI.
Analytical Cookies: Provide insights into browsing behavior and website usage. The collected data helps us better understand our audience and improve our content, services, and products.
If you want to check which cookies are installed on your device, delete them, or restrict their use, you can configure your browser settings.
1.2.1.1. Personal Data Processed by BRANDDI
Type of Data: Identification data of the data subject.
Purpose of Use:
Identifying the data subject;
Contacting the data subject to clarify questions and explain our services, if requested;
Fulfilling obligations resulting from website access;
Informing about news, content, events, and maintaining a relationship with the data subject;
Performing our services;
Responding to requests and inquiries;
Maintaining data in our database.
Legal Basis:
Execution of a contract or preliminary contract-related procedures at the data subject’s request;
Legitimate interest of the controller;
Legal rights exercise by BRANDDI in administrative or judicial procedures;
Data subject’s consent.
1.2.1.2. Data Subject’s Declaration on Data Processing
By interacting with our company, the data subject declares: (a) BRANDDI may process their personal data collected at the time of website access and/or contract form completion, as well as how the company and operators cooperate in data processing; (b) They are over 18 years old and have read and fully understood this policy, freely and unequivocally agreeing to the processing of their personal data; (c) If acting on behalf of a minor or company, they have the necessary authority to accept this Privacy Policy.
1.2.1.3. Accuracy of Provided Data
The data subject or legal representative is solely responsible for the accuracy and truthfulness of the data provided.
1.2.1.4. Data Verification
If false information is identified, BRANDDI may request clarifications from the data subject or legal representative.
1.2.1.5. Misuse and Rights Violations
If BRANDDI detects website misuse, document fraud, or intellectual property violations, the company may request explanations and take appropriate legal and administrative actions.
1.2.1.6. Changes in Data Processing Purpose
If data processing purposes change, BRANDDI will notify the data subject or legal representative in advance. If consent was required initially, the data subject may withdraw it if they disagree with the changes.
1.2.1.7. Data Sharing
The data subject or legal representative acknowledges that collected data may be shared: (a) With judicial, administrative, or governmental authorities when legally required; (b) Automatically in case of corporate transactions such as mergers or acquisitions; (c) With operators processing personal data on behalf of BRANDDI; (d) With third-party business partners, service providers, and suppliers.
1.2.1.8. Data Ownership
The database formed from data collection is owned and managed by BRANDDI.
1.2.1.9. Commercial Restrictions
BRANDDI will not sell, rent, or loan personal data.
1.2.1.10. Data Access and Confidentiality
Only authorized employees, service providers, and business partners will have access to personal data, adhering to principles of proportionality, necessity, and confidentiality.
2. STORAGE METHOD AND RETENTION PERIOD
2.1. Data Storage and Retention Period
The data collected and activity records will be stored in a secure and controlled environment for the minimum period stipulated as per the example below:
2.2. Early Data Deletion
If requested by the Data Subject, the data may be deleted before the period set in item 2.1, subject to legal possibilities.
2.2.1. BRANDDI will make every effort to comply with the Data Subject's or legal representative's request as quickly as possible. However, the Data Subject or legal representative acknowledges that there are factors beyond the company's control that may impact the timeframe for data deletion or even prevent the immediate fulfillment of the request.
2.2.2. The Data Subject or legal representative acknowledges that their request may be denied by BRANDDI if, for example, it is impossible to verify their identity.
2.3. Extended Data Retention
The Data Subject or legal representative acknowledges that BRANDDI reserves the right to retain the data mentioned above for a longer period for (i) compliance with legal or regulatory obligations, (ii) research by an institution outlined in its social or statutory objectives, ensuring, whenever possible, the anonymization of personal data; (iii) transfer to a third party, provided that data processing requirements set forth in the LGPD are met; (iv) use of personal data for fraud prevention (art. 11, II, "a", of the LGPD); (v) use of personal data for credit protection (art. 7, X, of the LGPD); and (vi) to meet other legitimate interests, in accordance with article 10 of the LGPD. Once the legal period and necessity have expired, BRANDDI will delete the aforementioned data using a secure disposal method or retain it exclusively for its own use, prohibiting third-party access and ensuring the data is anonymized.
2.4. Data Location and Transfer
The collected data will be stored in structures provided by service providers contracted by BRANDDI or internally. In this case, the Data Subject or legal representative acknowledges that their personal data may be processed by third parties, business partners, service providers, subcontractors, and authorities, even in a foreign country, provided that compliance with this Privacy Policy, applicable legislation, or judicial determination is ensured.
2.5. International Data Protection
If personal data processing is carried out by a service provider located in another country, BRANDDI will include in contractual instruments the necessary guidelines to protect personal data.
2.6. Sharing with Service Providers
The Data Subject acknowledges that BRANDDI may transmit their personal data to other service provider companies.
2.7. Internal Data Access
Internally, personal data will only be accessed by professionals duly authorized by BRANDDI, respecting the principles of purpose, adequacy, and necessity, among others provided for in applicable legislation, as well as the commitment to confidentiality and privacy preservation in accordance with this Privacy Policy.
3. DATA SUBJECT RIGHTS AND COMMUNICATION CHANNEL
3.1. Data Subject Rights
The Data Subject has the right to obtain from BRANDDI, at any time and free of charge, in relation to their processed personal data, the following:
(a) confirmation of data processing;
(b) access to the data;
(c) correction of incomplete, inaccurate, or outdated data;
(d) anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data;
(e) data portability to another service or product provider, upon express request, subject to commercial and industrial secrecy;
(f) deletion of personal data processed with consent, except as provided in item 2.3;
(g) information on public and private entities with which BRANDDI has shared data;
(h) information on the possibility of not providing consent and the consequences of refusal;
(j) revocation of consent, as per art. 8, § 5, of the LGPD.
3.2. Communication Channel
BRANDDI's Data Protection Officer, LEGAL COMPLY CONSULTORIA EMPRESARIAL E DESENVOLVIMENTO LTDA, a private legal entity registered under CNPJ/MF no. 52.687.420/0001-91, is available to receive and address data subjects' requests and clarify any doubts through the following channel:
Email: contato@legalcomply.com.br
3.3. Electronic Communication
The Data Subject acknowledges that BRANDDI will use electronic means to communicate acts, disclosures, and/or service provisions, transmit documents, or keep them informed on any subject, except when electronic means are not possible.
3.3.1. Deadlines for performing or refraining from certain actions, stated in electronic messages sent by BRANDDI, will be counted from confirmed receipt.
3.3.2. An electronic message is considered received when the Data Subject receives notification from BRANDDI confirming the message's delivery.
3.3.3. The Data Subject must enable automatic confirmation of receipt for electronic messages.
3.4. The Data Subject must include BRANDDI's email in their list of trusted senders.
3.5. Data Retention for Rights Protection
For audit, security, fraud control, and rights preservation purposes, BRANDDI may retain the Data Subject's record history for a longer period if required by law or regulation or for rights preservation, as stated in item 2.3.
4. SECURITY
4.1. Commitment to Security
The security of personal information is important to BRANDDI. The company follows market standards and best practices to protect personal data from collection to deletion.
4.2. Protection Measures
BRANDDI employs reasonable and appropriate measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, and destruction, considering processing risks and data nature.
4.3. Responsibility and Security Notification
The Data Subject acknowledges that no transmission or storage method is 100% secure. BRANDDI commits to making its best efforts to protect the Data Subject's personal data but cannot guarantee absolute security. If a security breach compromises personal data, BRANDDI will notify affected Data Subjects and the ANPD within a reasonable timeframe, as required by the LGPD.
4.4. Security Contact
For security-related questions, the Data Subject should contact BRANDDI via the channels listed in item 3.2.
7. APPLICABLE LAW AND JURISDICTION
7.1. Jurisdiction
This Privacy Policy is governed and interpreted under Brazilian law, with the Data Subject's domicile court elected to resolve any disputes or controversies arising from this document unless a specific jurisdiction applies.
Update: March 20, 2024.