General Data Protection Law (LGPD)

LGPD – What is it?

The General Data Protection Law (LGPD), Law No. 13.709, of August 14, 2018, was established with the objective of regulating the collection and processing of personal data of data subjects in national territory.

According to the Law, "data processing" is considered any activity that uses personal data in the execution of its operation, such as: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

The Law affects all business segments, including public entities. Therefore, it is applicable to any individual or legal entity, under public or private law, that performs any data processing activity, whether this data is in digital or physical media. For this reason, it is essential that companies, as well as the public sector, seek mechanisms to protect the personal data of data subjects.

The law presents the main definitions of terms and concepts that govern the area, differentiates personal data from sensitive personal data, presents the legal bases that justify the processing of personal data, provides for the rights of data subjects, among others.

The LGPD also creates a supervisory structure and possible fines and sanctions provided for in the text of the law that may be applied by the National Data Protection Authority (ANPD).

Security Mechanisms

ALAS Technology maintains a strong concern and commitment to good practices and information security of data subjects' data, although it does not make decisions regarding the processing of data subjects' data, whose role belongs to the Controller, as established by the LGPD.

The role of CPF.CNPJ is to safely intermediate the collection of non-sensitive personal data and public access, using our unique technologies that structure and automate information for productivity gains and make them available to our customers who, under the terms of the LGPD, are the Data Controllers. For this reason, we do not store or have a database of the queries performed, nor do we perform manipulations, changes, insertions or deletions of data subjects' data.

In the flow of information between authorized suppliers and our customers, end-to-end encryption (E2EE) is used to prevent interceptions. Mandatory SSL security protocol and Cloud Flare CDN protection against attacks are also part of our ecosystem. These are important and indispensable tools in the web segment.

Thus, always in accordance with the provisions of the General Personal Data Protection Law (LGPD), CPF.CNPJ follows all steps and rigorous parameters in the services provided for the security of data subjects with an action plan in case of violation.

The ALAS Technology team has the concept of good practices in dealing with people and personal data and also constantly improves itself in specialization courses on the subject.

Prevention Techniques

Directly and indirectly, all customers and data subjects consulted on our platform are protected by our Terms of Use and Data Protection Policy, which are accessible on all our pages and emails. Through them, natural and legal persons can protect themselves based on current laws.

Queries made on our platform are recorded so that they can be tracked or monitored in case of violation of the LGPD or Terms of Use of the service.

Data such as: date and time, IP, CPF/CNPJ consulted, package and location of the query, are associated with the contracting company of our services as a source of registration.

Action Plan

In case of violation of the rights of our customers and also the data subjects consulted on our platform, we will provide the competent entities, in an agile manner and when requested, all the necessary reports so that the entire investigation and mitigation process of any damages occurs in the best way, as provided in our Terms of Use and Data Protection Policy.

Guarantee of Customer and Data Subject Rights

The exercise of rights provided for in national legislation, and in particular the General Personal Data Protection Law, are guaranteed through our service channels, so that the data subject may, for example, request the blocking of their data consultation and/or the report of who consulted them on our platform, as established in the Terms of Use, as well as providing customers with the guarantee of access and rectification of their data.

Terms of Use and Privacy Policy

In the registration form, email body and footers of all website pages, our Privacy Policies and Terms of Use are present, which provide information about the platform, mode of operation and guarantees for customers/data subjects.

Data Protection Officer

Appointed as Data Protection Officer (DPO), under the terms of the LGPD, Dr. Sérgio Mourão has extensive legal knowledge, focusing on the LGPD, and aims to act as a communication link between customers, data subjects and the National Data Protection Authority (ANPD).

Contact email: [email protected]

Data Protection Policy

Annex that integrates the terms of use and contracts.

FAQ

Also in agreement with GDPR, we provide the frequently asked questions table for knowledge of our procedures and means.