General Data Protection Law (LGPD)

LGPD – O que é?

The General Data Protection Law (LGPD), Law No. 13,709 of August 14, 2018, was instituted with the aim of regulating the collection and processing of personal data of data subjects on national territory.

As the Law states, "data processing" is considered to be any activity that uses personal data in its operation, such as: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of the information, modification, communication, transfer, diffusion, or extraction.

The Law reaches all business segments, including public entities. As such, it is applicable to any individual or legal entity, public or private, that carries out any data processing activity, whether the data is digital or physical. For this reason, it is essential that companies, as well as the public sector, seek mechanisms to protect the personal data of the owners.

The law presents the main definitions of terms and concepts that govern the area, differentiates personal data from sensitive personal data, presents the legal bases that justify the processing of personal data, and provides on the rights of data subjects, among others.

The LGPD also creates an enforcement structure and possible fines and sanctions laid out in the text of the law that can be applied by the National Data Protection Authority (ANPD).

Security Mechanisms

ALAS Technology maintains a strong concern and commitment to good practices and information security of the data subjects' data, although it does not make decisions regarding the treatment of data subjects' data, whose role lies with the Controller, as established by the LGPD.

The role of CPF.CNPJ is to mediate, in a secure manner, the collection of non-sensitive and publicly accessible personal data, using our unique technologies that structure and automate the information for productivity gains and make it available to our clients who, in the terms of the LGPD, are the Data Controllers. For this reason, we do not store or have a database of the queries performed, nor do we perform manipulations, alterations, insertions or deletions of data from the owners.

In the flow of information between authorized providers and our customers, end-to-end encryption (E2EE) is used to prevent interceptions. Mandatory SSL security protocol and CDN Cloud Flare protection against attacks are also part of our ecosystem. These are important and indispensable tools in the web segment.

Thus, always in compliance with the provisions of the General Law of Protection of Personal Data (LGPD), CPF.CNPJ follows all the steps and strict parameters in the services provided for the security of the holders with an action plan in case of violation.

The ALAS Technology team has a concept of good practices in dealing with people and personal data, and is also constantly improving itself in specialization courses on the subject.

Prevention Techniques

Directly and indirectly, all customers and titleholders consulted on our platform are protected by our Terms of Use and Data Protection Policy, which are accessible on all our pages and e-mails. Through them, natural and legal persons can protect themselves based on current laws.

Queries made on our platform are logged in order to be tracked or monitored in case of violation of LGPD or Terms of Use of the service.

Data such as: date and time, IP, CPF/CNPJ queried, package and query location, are associated with the company contracting our services as a source of record.

Action Plan

In case of violation to the rights of our customers and also to the owners of the data consulted in our platform, we will provide the competent entities, in an agile manner and when requested, all the necessary reports for the investigation process and mitigation of eventual damages to occur in the best way, as provided in our Terms of Use and Data Protection Policy.

Guaranteeing the Rights of Clients and Titleholders

The exercise of rights provided by national legislation, and in particular the General Law of Protection of Personal Data, are guaranteed through our service channels, so that the holder of the data may, for example, request the blocking of consultation of their data and/or the report of who consulted them on our platform, as established in the Terms of Use, as well as made available to customers the guarantee of access and rectification of their data.

Terms of Use and Privacy Policy

On the registration form, e-mail body and footer of all site pages, our Privacy Policy and Terms of Use are present, which provide information about the platform, mode of operation, and customer/holder guarantees.

Data Protection Officer

Nomeado como Encarregado de proteção de dados – “Data Protection Officer (DPO)”, nos termos da LGPD Dr. Sérgio Mourão possui vasto conhecimento jurídico, com foco na LGPD, e tem por objetivo atuar como um elo de comunicação entre os clientes, os titulares dos dados e a Autoridade Nacional de Proteção de Dados (ANPD).

E-mail para contato: [email protected]

Data Protection Policy

Appendix that integrates the terms of use and contracts.

FAQ

Also in accordance with the GDPR, we provide the table of frequently asked questions for knowledge of our procedures and means.

In agreement with GDPR, we available the table of frequently asked questions for knowledge of our procedures and terms.