1. INTRO

Dias Carneiro Advogados (“Dias Carneiro”) recognizes the importance of the protection of personal data of all parties that interact with us, be them our clients, our suppliers, or just users of our website (“Users”). Therefore, we present below our privacy policy (“Privacy Policy”), which aims to provide transparency to our Users about the collection and processing of Personal Data..

Should, after reading this document, you still have doubts about how Dias Carneiro processes your Personal Data, please contact us at encarregado@diascarneiro.com.br.

In this Privacy Policy, the terms with capital letters will have the same meaning assigned to them by the Federal Law n. 13.709/2018 – Lei Geral de Proteção de Dados (“LGPD”).

2. DATA COLLECTION FROM OUR WEBSITE

2.1. Data collection. When you access our website, we can collect the following Personal Data:

Data Group Form of Collection What data is collected and processed
Access Data that are collected automatically Automatic collection from all Users who access the website • IP;
• Access logs;
• Data and hour of access;
• Pages visited and visiting time;
• Browser type.
Registration Data – “Work with Us” Section Data provided by the data subject, when he/she registers in the “Work with us” section. • Full Name;
• Year of Birth;
• City;
• State;
• Education;
• Languages and fluency levels;
• Any other Personal Data contained in CVs and other documents forwarded to Dias Carneiro.
Registration Data – “Contact” Section Data provided by the data subject, when he/she registers in the “Contact” section. • Name;
• Company;
• Phone;
• E-mail;
• Any other Personal Data that is entered in the message sent to Dias Carneiro.

2.2. Purposes. We will use your Personal Data only for the purposes and under the legal grounds indicated below:

Purpose Explanation Dias Carneiro Position in the Processing of Personal Data
Talent Acquisition Dias Carneiro will process Personal Data you provide through the “Contact Us” section to recruit new members. Controller.
Communications Dias Carneiro may use your contact information, including email and telephone number, to send notices, alerts, and other notices and communications. Controller.
Website enhancement and protection Dias Carneiro may use access data to detect possible fraud and security incidents related to the website. In addition, Dias Carneiro may use browser navigation data to improve the User experience and access logs to detect errors on the website. Controller.

2.3. Legal grounds. Dias Carneiro may process Personal Data collected through our website based on the following grounds: (i) a legitimate interest; (ii) when necessary for the execution of a contract, or of pre-contractual acts to which the User is a party; and (iii) based on the consent of the data subject.

3. DATA PROCESSING FOR LEGAL COUNSELLING

3.1. Data collected. Dias Carneiro may collect and process the following types of personal data in the performance of its services:

Which Form of Collection What data is collected and processed
Personal Data required to provide legal services “Dias Carneiro may collect and have access to Personal Data as a result of the following:
(i) Personal Data provided by the Data Subject;
(ii) Personal Data provided by our clients or any other third parties (such as consultants, among others) in any way connected to the Data Subject; or
(iii) Obtained from publicly available sources.”
“All Personal Data necessary to fulfill the purpose of providing legal services. This will include, without limitation: (i) qualification data of natural persons (name, nationality, ID, marital status, profession and residency address); (ii) information contained in publicly accessible databases such as public agencies, Courts, official press, publications, research services, and registry offices; (iii) data inserted in contracts; personal documents, among others.

DIAS CARNEIRO MAY PROCESS SENSITIVE PERSONAL DATA AND PERSONAL DATA OF MINORS, STRICTLY FOR THE PURPOSE OF PROVIDING LEGAL SERVICES, AS SET FORTH BELOW.”

3.2. Purposes. We will use your Personal Data only for the purposes and under the legal grounds indicated below:

Purpose Explanation Dias Carneiro Position in the Processing of Personal Data
Client Registration Dias Carneiro may use Personal Data to register new clients that retain us for legal services and to periodically update client records. Controller.
Provision of legal services. Dias Carneiro may use all kinds of Personal Data, always in observation of the principles of the LGPD, especially necessity and adequacy, to provide various legal services, including, without limitation, for the preparation of judicial and extrajudicial documents, drafting of contracts and legal opinions, analysis, estimates and projections, audits, among others.

• Can the Dias Carneiro use sensitive data or data of minors?
When necessary, depending on the demand presented by the client, Dias Carneiro may process sensitive personal data and/or data of minors.

• Can Dias Carneiro share Personal Data with third parties while providing services?
Yes, as necessary, while providing services, Dias Carneiro may share Personal Data with third parties. For example, we may use the services of paralegals, couriers or translators, technical assistants, accountants, experts, and consultants, who may have access to Personal Data. Dias Carneiro will always inform our clients when such services are used, and the Client may oppose the sharing of such information with third parties.

Furthermore, Dias Carneiro may, depending on issue presented, share Personal Data with publicly accessible databases, such as when filing various petitions before Courts and public administration agencies.

Finally, when necessary, we may also share Personal Data with our comercial partners abroad, for cases or services involving other jurisdictions. In this situation, the Client will also be informed about this sharing.

Controller.
Communications Dias Carneiro may use the contact Personal Data of its clients to send alerts and other communications that we believe may be of interest to the client, to promote our services, and, eventually, to invite clients to events or to send gifts. Controller.
Invoicing and collections Dias Carneiro may use the Personal Data to invoice our services and to collect payments. Controller
References Dias Carneiro may use Personal Data to of clients so they can act as referrals, mainly for legal directories and rankings. Controller

Data provided by the Client related to third party Data Subjects. Some of the Personal Data processed by Dias Carneiro may be obtained directly from the Client and may relate to a third party, which may include the Client’s own clients, employees, partners, or other third parties. In sharing such data with Dias Carneiro, the Client shall at all times ensure that (i) such data is of lawful and legitimate; (ii) such data is shared with Dias Carneiro in compliance with the requirements of the applicable law, including with the designation of an appropriate legal grounds for processing; and (iii) the Client retains full responsibility for any and all irregularities in the aforementioned statements that may in any way harm Dias Carneiro, the performance of its services, or its processing of personal data.

3.4. Data of Minors Provided by the Client. To share Personal Data of minors with Dias Carneiro, the Client must have secured consent from the minor’s parents or legal guardians and/or all necessary authorizations to (i) process such personal data; (ii) to share such personal data with Dias Carneiro; and (iii) for such personal data to be processed by the Dias Carneiro, assuming full responsibility for any irregularity regarding the legitimacy of the processing.

3.5. Legal Basis. Dias Carneiro may process Personal Data based on the following grounds: (i) a legitimate interest; (ii) for the execution of contracts, or pre-contractual acts to which the User is a party; and (iii) consent.

4. HOW WE STORE THE INFORMATION COLLECTED

4.1. Dias Carneiro shall take measures in line with best industry practices to keep Personal Data secure, including security and protection measures compatible with the nature of the data collected, used, and stored. However, Dias Carneiro cannot guarantee that such security measures are error-free or free from interference from third parties (hackers, among others). By its nature, despite Dias Carneiro’s best efforts, any security measures may fail, and any data may become public.

4.2. All information collected will be stored with high security standards in our own servers or in third party servers subject to similar security obligations, located in Brazil and abroad. Personal Data, when operationally feasible, will be encrypted and its access controlled by means of individual user/password systems and with access registration.

4.3. Users acknowledge and agree that Dias Carneiro may contract domestic or foreign processors to process personal data. Such processors, national or foreign, will be contractually subject to the same security and confidentiality requirements applicable to Dias Carneiro.

5. RIGHTS OF THE DATA SUBJECT

5.1 Dias Carneiro provides tools for data subjects to exercise their legal rights over Personal Data, as provided in Article 13 of the LGPD. In this section, we describe these rights and how you can exercise them.

5.1.1. Confirmation of the existence of processing: Users can confirm whether Dias Carneiro processes their Personal Data;

5.1.2. Access to Personal Data: Users may access their Personal Data, including by requesting a copy of the processed data;

5.1.3. Correction of incomplete, inaccurate, or outdated data: Users may request amendment or correction of their Personal Data that is incorrect;

5.1.4. Portability: Users may request the portability of their data to another service provider;

5.1.5. Deletion of Personal Data: When the processing by Dias Carneiro in based on consent, Users may request the deletion of their Personal Data, by means of the service channels indicated in this Policy;

5.1.6. Information on Sharing: Users may request information about which public and private entities Dias Carneiro has shared their Personal Data.

5.1.7. Information about the possibility to not consent: Users hereby receive and further may request, through the appropriate service channels, information about the possibility of not consenting to the processing of Personal Data and potential consequences thereof. This will include Dias Carneiro possibly not being able to provide legal services;

5.1.8. Revocation of consent: Users may at any time and at their discretion revoke the consent previously granted for the processing of their Personal Data. In this situation the processing carried-out until such moment shall remain valid.

5.2. Exercise of rights. The rights listed above and others provided for in applicable law may be exercised by you in relation to your Personal Data by means of a request addressed to encarregado@diascarneiro.com.br.

5.3. Information on the deletion of data. Please note that for certain types of Personal Data, due to legal, contractual or administrative obligations Dias Carneiro may potentially not be able to comply with a deletion request. In this case, when applicable, Dias Carneiro will inform the User about such impossibility, proceeding with the exclusion of all other requested information that may be deleted. Notwithstanding, by complying with eventual requests for exclusion, Dias Carneiro may be unable to provide its services, in whole or in part. Also, after the exclusion of Personal Data, Dias Carneiro may continue to use them, in a non-individualized and anonymized way, that is, without any personal identification, for the purposes provided in this Privacy Policy.

5.4. Data Retention. Dias Carneiro may retain Personal Data for a period superior to the legally required, in compliance with orders from public authorities, to defend itself in legal/administrative procedures, and in cases where Personal Data has been anonymized.

6. SHARING DATA WITH THIRD PARTIES

6.1. Data Processors. Dias Carneiro may engage third parties to support the provision of its services, such as cloud storage servers. Dias Carneiro, as Controller, will require appropriate levels of security and confidentiality from such processor partners.

6.2. Other Third Parties. In addition to the cases already mentioned in this Privacy Policy, Personal Data may also be transferred to third parties, including controllers, in the following cases:

6.2.1. New Business. Personal Data may be transferred during an acquisition, sale, merger, corporate reorganization, or any other change of control of Dias Carneiro. In this case, Dias Carneiro will ensure that the person, natural or legal, who will access or take control over the data processed under this Policy will also be bound by its terms, ensuring the continuity of the protection of Personal Data, and communicating the data subject and Clients in advance, if this transfer implies any change in the Privacy Policy.

6.2.2. Regular exercise of rights by administrative, judicial, or extrajudicial means. Dias Carneiro may share Personal Data with third parties such as law firms, consulting firms, collection agencies, accounting firms, and the like, for the purpose of exercising their own rights, regardless of the means chosen to do so.

6.2.3. Judicial or Administrative Requests. Dias Carneiro may share Personal Data in the event of a judicial or administrative order.

6.2.4. Granting of powers in legal procedures or Termination of Services to a Client. Dias Carneiro may transfer Personal Data to new counsel or legal advisors of the Clients, should the Client’s so require, and for total or partial transfer of the services to other firms or lawyers.

6.2.5. With the authorization of the Data Subject. In all other cases, should it be necessary to share the information, such will only occur in full accordance with the law.

6.3. Legal Basis for Sharing. The sharing of data with such third parties will always be done (i) with the consent of the Data Subject, (ii) for the regular exercise of Dias Carneiro’s rights, (iii) to comply with legal obligations, (iv) for the performance of a contract, or (v) based on the legitimate interest of Dias Carneiro.

7. COOKIES

7.1. Implemented Cookies. We use cookies to measure performance of our website (such as those of the Google Analytics service), which collect data such as pages visited, time spent on each page, interactions with the page, among other data.

7.2. Purpose and rejection of cookies. The data collected by cookies is used solely to measure the impact of and engagement with our website. Our website can be used even if the user disables the implementation of cookies through the settings of his web browser, following the instructions below, as appropriate. However, disabling cookies in our virtual environment may impact and/or limit the browsing experience on such systems.

8. OTHERS

8.1. The Data Controller of the Law Office is Dr. Vanessa Pareja Lerner, who may be contacted via e-mail at encarregado@diascarneiro.com.br.

8.2. In case of doubts about this Privacy Policy, please contact Dias Carneiro. to clarify any questions by emailing encarregado@diascarneiro.com.br.

8.3. The terms of this Privacy Policy are governed by and shall be interpreted in accordance with the Laws of the Federative Republic of Brazil and in accordance with the general provisions of other policies of Dias Carneiro and terms of use of systems, of which this Privacy Policy is an integral part.

9. PRIVACY POLICY UPDATES

9.1. In order to ensure the privacy of Data Subjects, and the security of their Personal Data, Dias Carneiro will regularly review its Privacy Policy and adapt it as necessary. If changes to this Privacy Policy are implemented, Dias Carneiro will inform Clients and Data Subjects, as applicable.

Last Update, July 30, 2021.