1 . General Information and Definitions
We are committed to upholding the law on privacy when handling personal data. On this basis, this Privacy Policy provides definitions, information on the gathering and processing of personal data, information relating to the security of the personal data we handle, as well as other information that is relevant to the subject in question.
Below are some definitions of the technical terms used in this Policy, which are in accordance with the General Data Protection Law, to assist the reader:
The “LGPD” – Law No. 13709/2018, known as the General Data Protection Law;
“Personal Data” – Information that relates to an identified or identifiable person;
“Sensitive Personal Data” – personal data about racial or ethnic origin, religious belief, political opinion, membership of a union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to an individual;
“Handling” – any activity involving personal data, such as anything relating to gathering, production, classification, use, access, storage, deletion, transfer or dissemination, etc.
“Anonymization” – the use of reasonable technical means that are available at the time of processing to prevent data being associated to an individual;
“Subject” – the person who the personal data being processed refers to;
“Controller” – the individual or legal entity, under public or private law, who is responsible for decisions regarding the handling of personal data;
“Data Protection Officer” – the person appointed to act as a communication channel between the data subjects, the controller, and the National Data Protection Authority (ANPD);
“ANPD” – the government body responsible for overseeing, implementing and enforcing compliance with this Law throughout the country;
Any other important concepts required to properly understand this Privacy and Security Policy can be taken from the LGPD’s legal text.
2 . The Principles that are relevant when handling personal data
Any processing of personal data that is carried out by Tavares & Panizzi is based on the following principles, which all come from the LGPD:
“Purpose” – personal data must be processed for a specified purpose and the subject must be explicitly informed;
“Appropriate” – the processing must be appropriate for the purpose previously agreed and advised;
“Required” – the processing must be limited to only using whatever personal data is required to achieve its original purpose;
“Transparency” – clear and accessible information regarding how the personal data has been handled must be made available to the subject;
“Free access” – subjects must have easy and free access to the way their personal data is handled;
“Security” – personal data must use appropriate technical and organizational security measures when it is handled, in order to prevent any accidental or illegal incidents;
“Non-discrimination” – personal data cannot, under any circumstances, be used for discriminatory, unlawful or abusive purposes;
In addition to the principles listed and defined above, this Privacy and Personal Data Security Policy is based on all the principles contained in the LGPD and other regulations on the subject.
3 . Gathering, handling and security of personal data
In order to protect the personal data that it gathers and processes, Tavares & Panizzi use an appropriate internal and external security infrastructure, with regular training for employees to ensure best practice is followed in relation to the handling of personal data.
Tavares & Panizzi collects personal data (name, telephone, e-mail), with the express consent of the subject of the personal data or as a result of a legitimate interest (as provided by the LGPD), through specific requests, in order to provide important information relating to the services we provide and newsletters that contain news or communications that are strictly linked to the subject’s area of interest. We wish to emphasize that, in the situations mentioned above, we give the subject the opportunity to opt-out in a simplified form (self-exclusion).
We wish to emphasize that, specifically in relation to Cookies collected through the Tavares & Panizzi website, they are data files which are stored on mobile devices that enable IP addresses and other information about user preferences to be identified.
NECESSARY COOKIES: Tavares & Panizzi collects anonymous cookies through its website that are required for the basic functions and security of the website.
OPTIONAL COOKIES: In addition to the necessary cookies, Tavares & Panizzi also collects optional cookies, where they have been enabled by the user, which enable us to, for example, collect feedback and analyze the performance of the website and how the user interacts with the website, in order to improve the user experience.
Tavares & Panizzi enables the user, once they have registered their details on the website (name and email), to subscribe and receive publications and relevant legal information, as well as enabling them to send messages to the office.
Tavares & Panizzi does not sell Personal Data, however, in order to comply with contractual requirements and provide the contracted service, Personal Data may be shared with business partners, who will be subject to this Privacy Policy. Also, Tavares & Panizzi may share retained Personal Data in the event of a request from a competent authority.
In order to comply with the legal requirement of the Brazilian Civil Rights Framework for the Internet, we collect the date, time and IP address of all access made to the website and retain it the legal period of 6 months.
Tavares & Panizzi does not collect Sensitive Personal Data.
Tavares & Panizzi does not transfer any Personal Data abroad.
4 . The Rights of the Subjects of Personal Data
The LGPD, along with other regulations, provides the subjects of Personal Data with certain rights, as follows:
“Access” – to have access and to receive confirmation of your Personal Data that is being handled by us and which has been shared with other entities;
“Correction” – to be able to ask for your Personal Data to be updated or changed if it is incomplete, inaccurate or out of date;
“Portability” – to be able to ask for your Personal Data that is being handled by us to be transferred to any other service provider that you ask us to;
“Deletion” – the right to ask for your Personal Data to be deleted from our database, as far as legally allowed;
“Anonymization or blocking” – the right to ask, in the event that your Personal Data is handled in a way that is unnecessary or in violation of the law, for it to be anonymized or for its handling to be suspended;
“Revocation” – to be able to revoke your consent to the processing of your Personal Data;
If you wish to exercise any of the Rights listed above, you should contact us using the email provided at the end of this Privacy Policy.
5 . Updating the policy
This Personal Data Privacy Policy may be changed in order to update and improve its terms. Therefore, we recommend that you review the terms of this Policy on a regular basis.
6 . Contact
If you have any questions, requests or complaints, please contact us via e-mail at tavarespanizzi@tavarespanizzi.com.br, Tel (51) 3466-4177 or at the following address: Rua Victor Kessler, 194, Centro, Canoas/RS, Zip Code 92310-360. We wish to emphasize that we welcome and will investigate any and all complaints about the way we handle personal data and will provide feedback as soon as possible.