Accessibility:

Request Quote
Accessibility:
Request Quote

General Data Protection Regulation

General Data Protection Regulation

GDPR (LAW 13.709/18)

The GDPR is Law 13.709/18 (General Personal Data Protection Regulation).

Article 1: This Law provides for the processing of personal data, including in digital media, by a natural person or by a legal entity governed by public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the personality of the natural person.

 

In practice, what changes with the GDPR in Brazil is the way companies, institutions and public bodies deal with personal data of customers/users, after all, the privacy of consumers and citizens is the target of the protection of the new Law. The GDPR in Brazil was strongly influenced by the European GDPR (General Data Protection Regulation – EU 2016/679) which regulates the protection of personal data in the European Union. It is a philosophical (Article 5) and principled (Article 6) Law.

GDPR in PIZZATTOLOG

Pizzattolog takes the security of personal data and full compliance with the GDPR very seriously, so we are committed to protecting the personal data of our employees, customers, suppliers and other stakeholders and ensuring compliance with all relevant legislation.

 

To this end, we have appointed the law firm LOPES & SANTOS SOCIEDADE DE ADVOGADOS, OAB/PR 4809, to be in charge of DPC – DATA PROTECTION CHARGE – as provided for in article 41 and following of the GDPR (BR), requests, guidelines and clarifications about the GDPR can be made by the email dpo@pizzattolog.com.br.

What is personal data?

According to article 5 of the GDPR, personal data is all information related to an identified or identifiable natural person. The Law also identifies sensitive personal data, is all personal data about racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.

 

It is worth remembering that data is protected by the GDPR regardless of its digital or physical nature (forms, etc). Practical examples of simple personal data: Name, RG, CPF, address, telephone, email, date of birth, IP address, location of an individual using GPS, etc. In turn, the data listed in article 5, II as sensitive personal data are those that in practice can lead the data subject to suffer prejudice or discrimination. Finally, we have the anonymized data that, in practice, go through an anonymization process (which means that the personal data is no longer associated with its holder through the deletion of information).

The processing of personal data in GDPR

Processing of personal data is any operation carried out with personal data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, treatment, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

 

We process personal data only in accordance with the Legal Basis (hypotheses) of the GDPR, which are:

(a) upon the provision of consent by the holder;
(b) for compliance with a legal or regulatory obligation by the controller;
(c) by the public administration, for the processing and shared use of data necessary for the execution of public policies provided for in laws and regulations or supported in contracts, agreements or similar instruments;
(d) for the performance of studies by a research body, guaranteeing, whenever possible, the anonymization of personal data;
(e) when necessary for the performance of a contract or preliminary procedures related to a contract to which the holder is a party, at the request of the data subject;
(f) for the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter under the terms of Law No. 9,307 of September 23, 1996 (Arbitration Law);
(g) for the protection of the life or physical safety of the holder or a third party;
(h) for the protection of health, exclusively, in a procedure performed by health professionals, health services or health authorities;
(i) when necessary to meet the legitimate interests of the controller or of a third party, except in the case where the fundamental rights and freedoms of the data subject prevail that require the protection of personal data.;
(j) for the protection of credit, including the provisions of the relevant legislation.

The Rights of personal data holders in the GDPR

The data subject has rights under the GDPR. These are:
  • Right to information;
  • Right of access to data;
  • Right of rectification;
  • Right of deletion (right to forget);
  • Right to anonymization or blocking of treatment;
  • DRight to notification of rectification or deletion;
  • Right to data portability;
  • Right to oppose automated decision-making.
These rights are respected by PIZZATTOLOG through appropriate procedures that allow the necessary action to be carried out according to the deadlines indicated in the GDPR.
Terms of Use
Privacy Policy