Welcome to the website of law firm Campos Mello Advogados, in cooperation with DLA Piper (www.cmalaw.com – “Website”).
Campos Mello Advogados (“CMA” or “We/Us”), whose head offices are located at Rua Lauro Müller, 116, 25º andar, Condomínio do Edifício Rio Sul Center, Botafogo, Rio de Janeiro, RJ – CEP: 22290-906, and at Av. Pres. Juscelino Kubitschek, 1455/12º andar, Vila Nova Conceição, São Paulo, SP – CEP: 04543-01, in the capacity of controller of your personal data, is committed to respecting and protecting your data privacy in compliance with best practices and with applicable law, especially Law no. 13,709/2018 (“General Data Protection Act” or “LGPD”).
We ask You to read this Policy carefully and to contact us as indicated at the end of this document if You have any question.
1. DATA WE COLLECT OR RECEIVE
In the course of your relationship with CMA, We will collect and handle your Personal Data (and occasionally sensitive Personal Data, depending on the context). The Personal Data categories we typically handle include, but are not limited to, the following, as applicable depending on your relationship with CMA:
(I) PERSONAL DATA PERTAINING TO CUSTOMERS:
- Identification, contact and other personal information: Full name, email, telephone, address, nationality, place of birth, marital status, occupation, identification document details (RG, CPF, OAB, CNH or similar document), gender, language, signature, security camera images and other information, as applicable;
- Professional information: name of the company You work for, title, business address and telephone;
- Financial information: Bank and compensation details, as applicable;
- Information regarding the provision of legal services: certain Personal Data will be handled in addition to the data mentioned above so that we can provide legal services to our clients in various areas and depending on the instructions provided by clients, on the data owners involved (such as the other party in lawsuits) and on the services to be provided. For example: document details (passport, voter registration card, PIS/PASEP, CTPS, NIS, NIT), information on personal and/or professional relationships, as well as other information relevant to the provision of our services;
- Sensitive Personal Data: Sensitive data such as trade union membership, race or ethnicity, physical disability, medical certificates or reports and occupational health certificates (ASO) may occasionally also be processed for the provision of legal services.
(II) PERSONAL DATA PERTAINING TO PARTNERS, ASSOCIATES, TRAINEES AND OTHER MEMBERS:
- Personal Information: We may collect miscellaneous information and documents about You and your dependents, as applicable, such as full name, nationality, place of birth, marital status, date of birth, email, address, telephone or other contact information, parents’ names; copies of employment and social security booklet (CTPS), RG and CPF, CNH, military service certificate, voter registration card, PIS/PASEP card or associated documents, National Social Information Database (CNIS), copies of public transit card, proof of residence, birth certificate, marriage or affidavit of domestic partnership signed at a notary’s office (as applicable); name, date of birth, kinship, birth certificate and CPF of dependents, your children’s recent school certificates (mandatory for children less than 7 years old for official family allowance purposes), as well as any other Personal Data You decide to disclose to CMA in the course of your relationship with Us, whether verbally or in writing (for example, in work emails);
- Other identification information: Vehicle license plate and model, as applicable;
- Identification and verification information for foreigners: Information on the year of arrival, details and documents such as passport, National Foreigner Registration card (RNE), visa type and date of issue.
- Emergency contact information: Details of any emergency contacts You indicate such as name, telephone, email and relationship;
- Compensation and Associated Data: Payment, compensation, internship/scholarship or salary information with details on your compensation/employment package and on any benefits (if applicable), bank account details, tax information and third-party beneficiary information and bonus amounts, as applicable;
- Academic and Professional Background Information: Full name, age, nationality, occupation, education, professional experience, courses and training programs completed, as well as other information that may be included in your resume or requested during interviews and documents associated with the information provided such as diplomas and/or schooling certificates or university declarations;
- Work-Related Information: Business contact details (corporate email, telephone and address), duration and type of contract (as applicable), date of admission, photograph, details about your duties and title, department where You work at CMA, potential home office locations, hours worked per month, transfers, shifts, working hours, hours worked and employment terms and conditions; copy of professional identity or association registration card (such as OAB, if applicable); time sheet, vested vacation time and actual vacations taken, payroll deduction records; data pertaining to materials, tools and furniture We have given You (e.g., laptop, cell phone, chair), access privileges to IT systems and tools; shirt and/or uniform size (if applicable);
- Benefit-Related Information (if applicable): Benefits that You use (e.g., transportation voucher, food voucher, life insurance, medical assistance), without limitation to others that may be implemented or changed, means of transportation, plan chosen, benefit amount and dependents You have indicated;
- Information for training and development: Position, area/department, details on training and development needs, training programs completed, training costs (if applicable), evaluation reports and signature to verify attendance (if applicable);
- System access and navigation information: Passwords, logins, email addresses, online browsing and Internet Protocol (IP) data; device identifiers, network activities, IT logs, websites visited and email content and other information;
- Travel calendar and reimbursement of travel and other expenses: Full name, CPF, ID, email, travel destination and dates, name and email of the partner or manager, expense receipts (food, transportation, road tolls and other expenses), as well as other travel and expense information associated with any reimbursements You may request (as applicable);
- Photo, video surveillance and biometric images; Audio, video, image, biometric recordings, without limitation to any other data collected;
- Medical and Disability Data: Any Personal Data pertaining to absence records, medical forms, reports or certificates and disability records and any facilities or adjustments that may be reasonably necessary;
- Other Sensitive Personal Data: To the extent permitted by applicable law and in compliance with diversity and anti-discrimination statutory requirements or internal policies, We may collect information on diversity (such as social name, gender, sexual orientation, race or ethnicity), data on your physical or mental health such as preexisting illnesses, special needs (i.e., disabled persons), sick or workplace accident leave history, in addition to information provided by health professionals such as medical reports and certificates and data on dependents (such as vaccination booklets for children under 7 years old for official family allowance purposes);
- Data on Disciplinary Affairs and Complaints: Any Personal Data included in records pertaining to allegations, investigations and proceedings and their consequences;
- Performance Evaluation and Management Data: Position/duties, area/department, email, Personal Data for work target monitoring purposes, both for member bonus payment and for performance verification, feedback from partners, managers and other members, evaluations, and other performance management data;
- Data pertaining to statutory and regulatory obligations: As applicable, We may handle data such as name, parents’ names, date of birth, place of birth, gender, marital status, spouse’s name, number of children, address, telephone, email, copy of employment booklet, CPF, RG, and other data, in compliance with statutory and regulatory requirements and as ordered by competed authorities;
- Information Pertaining to Termination of your Employment/Contract Relationship: Date, reason for leaving, last salary, name of the member replaced, settlement (if any), severance pay details;
- File and Database pertaining to Former Members: CMA may keep information on former members in the format and for the time necessary to comply with applicable statutory requirements and for the proper exercise of rights in potential lawsuits.
(III) PERSONAL DATA PERTAINING TO BUSINESS PARTNERS, SERVICE PROVIDERS, SUPPLIERS AND OCCASIONAL WORKERS:
- Identification, contact and other personal information: Full name, email, telephone, address, nationality, marital status, occupation, identification document details (RG, CPF, OAB, CNH or similar document), gender, signature, photograph, security camera images and other information, as applicable;
- Professional information: name of the company You work for, title, business address and telephone;
- Compensation and associated data: bank account details, invoice, tax information and third-party information as needed for payment and bank transactions.
(IV) PERSONAL DATA PERTAINING TO WEBSITE USERS:
- Browsing Information: We collect information on your Website visits such as the browser You use, the domain name of Your Internet service provider and the type of operating system You use;
- Contact and Registration Information: When You complete our online contact forms (Contact Us / Office of the Ombudsman / Newsletter) You will be asked to provide personal information (such as your name, telephone, company and email address) so that we can answer any questions You may ask and register You in our systems to achieve the purposes described in this policy.
- User Communications: When You contact CMA, send us emails or messages through our communication channels (Contact Us / Office of the Ombudsman / Newsletter), we may retain your information to process your questions, respond to your requests and/or improve our services.
(V) PERSONAL DATA PERTAINING TO CANDIDATES FOR EMPLOYMENT AT CMA COLLECTED FOR SELECTION PURPOSES:
- Recruitment and selection information: During the selection process to fill in openings at CMA, we may collect information to evaluate your application, such as your Personal Data included in resumes and application forms, including personal profiles candidates post on job websites and platforms (such as Vagas.com, Linkedin and Catho) and/or on the Website, namely: full name, address, email, telephone or other contact information, nationality, age, date of birth, marital status, RG, CPF or other identification document, gender; interview notes, selection and verification records, for example, on schooling and academic information (such as study programs, university, graduation year), accolades, diplomas, prior professional experience (such as company name and title) and references, professional accreditations, courses, language skill levels, photograph.
(VI) PERSONAL DATA PERTAINING TO GUESTS AND PARTICIPANTS IN OUR EVENTS:
- Identification, contact and other personal information: Full name, email, telephone, address, nationality, country, city, occupation, identification document details (RG, CPF, OAB, CNH or similar document), areas of interest, language and other information, as applicable;
- Professional information: name of the company You work for, title, business address and telephone.
2. SOURCES FROM WHICH YOUR PERSONAL DATA WILL BE COLLECTED
The data we collect is generally provided directly by You. However, depending on the owner and on the corresponding Personal Data, information may also be collected in other ways, such as from partners, managers, other CMS departments and, occasionally, other CMA members (as applicable). In certain circumstances, information may come from the company You work for or from a company we have engaged or from third parties (such as previous employers, regulatory authorities, service providers or other suppliers). Your data will also be collected when your access and use certain workplaces, platforms and systems, as well from sources accessible to the public.
3. FOR WHAT PURPOSES WILL WE HANDLE YOUR PERSONAL DATA?
We will collect and handle your Personal Data for a variety of purposes in compliance with applicable law and focusing primarily on our relationship with You and on managing our internal processes. Below We list the main purposes for Us to use your Personal Data, without limitation to other uses We may deem pertinent in compliance with applicable law:
- Work, relationship or contract performance management: We handle your Personal Data to manage your relationship with us, employment or contract relationships included. For example: to hire/engage You, manage access to CMA IT systems, feed our internal systems, contact member dependents or emergency contacts, as applicable, as well as any other day-to-day activity within the scope of your employment or contract relationship, as applicable;
- Salary, compensation or benefit payments, claims and management and reimbursement of expenses (as applicable): We will handle your Personal Data to make or process payments and to comply with tax and other applicable statutory and regulatory obligations. That includes performing bank transactions, managing and paying salaries, internship/scholarship stipends or compensation and other benefits to CMA members, such as food or transportation vouchers, in addition to other benefits extended to member dependents (such as health plan and life insurance), without limitation to others that may be implemented or terminated, as applicable; client invoicing and billing; paying suppliers of goods and services and other purposes;
- Access control: CMA handles your Personal Data to control access to CMA workplaces and restricted areas either through badges, biometrics or other means of control;
- Policy implementation: CMA handles your Personal Data to implement policies and procedures aiming at improving our relationship and process management;
- Compliance with statutory and regulatory obligations: We will process the information necessary to meet any statutory and regulatory requirement stemming from our activities or associated with our relationship, including requests received from government authorities; investigation requests; or, where required or permitted by applicable law, court order, government regulation or regulatory authorities (including in relation to, but not limited to, data protection, tax and labor issues). We will also handle any other Personal Data necessary to meet other statutory and regulatory requirements such as operating a whistleblower hotline and keeping health and safety incident records, as applicable;
- IT Monitoring: CMA handles Personal Data to monitor corporate emails, IT equipment, the internet, social networks, as appropriate. To the extent permitted by applicable law, CMA may monitor its IT systems and tools to protect and maintain the integrity of IT systems and infrastructure, to ensure compliance with CMA policies, to find information through searches, to guarantee the information security of our in-house processes and systems, to guarantee Website use security and for IT support purposes to minimize potential incidents, in compliance with applicable law;
- Internal and External Audits: To conduct business process audits to manage our projects and corporate governance and in compliance with statutory requirements. We may also process information to evaluate performance and verify target achievement and to manage our contract relationship;
- File, assert and defend legal claims: We may handle Personal Data for the purposes of filing, asserting and defending potential legal claims;
- Security, Protection and Investigations: We may process information to comply with regulatory or other obligations; to supervise members and other employees; to prevent, detect and investigate a wide range of activities and behaviors, whether associated with specific transactions or with the workplace in general, and to liaise with regulatory authorities; to manage complaints, grievances and incidents; to control access to premises, including the use of access control records; emission and monitoring equipment.
- Business transactions or outsourcing: CMA may handle your Personal Data to plan, audit and implement business transactions or service transfers involving CMA and/or that affect your relationship with CMA, such as mergers and acquisitions or employee transfers, in compliance with applicable law;
- Communications: We will handle your Personal Data for direct communication and newsletter and report circulation purposes, as well as to send You communications containing news, information and updates on our firm, services, special events, satisfaction surveys and other communications that may be of interest to You, in compliance with applicable law;
- Other Purposes: CMA handles your Personal Data to meet your requests and to support our services; to perform general business transactions, as applicable; to analyze, improve and customize the Website; to create Newsletter contact databases and mailing lists and for other purposes.
The following specific purposes also apply to the Personal Data of candidates for jobs at CMA and of CMA members:
- Recruitment and Selection: CMA handles Personal Data for recruitment and selection purposes, including job application documents, resume, photograph, interview evaluations, as well as other data provided by candidates in resumes, application forms and during selection interviews; and also to create and maintain an application database for future openings at CMA, through the Website and other platforms;
- Candidate admission: CMA uses Personal Data provided during the recruitment and selection phase, as well as other data requested (such as admission medical exam, photograph, completed Registration Form, identity document, professional affiliation card, voter registration card, CTPS and others) to admit the candidate as a CMA employee, to assign an email address, sign the contract, open a salary bank account, register in the working hours control system and for other purposes associated with the admission process, as applicable;
- Time and attendance management: CMA handles its members’ Personal Data to record for management purposes entrance and exit times, overtime, annual vacations, illness-related and other absences, as applicable; for HR registration and system management purposes;
- Management of sick, maternity and other leaves: CMA may have certain statutory obligations and needs associated with illness-related member absences, in which circumstance CMA must handle Personal Data to monitor and manage member absences, for example, for illness benefit payment purposes and, if applicable, to implement rehabilitation measures, as well as to plan the allocation of work during the relevant member’s absence, as applicable;
- Performance management: CMA handles its members’ Personal Data to effect and operate performance evaluations and analyses;
- Course, training program and event management and implementation: CMA handles Personal Data to assess its members’ professional performance, as well as to manage their participation in in-house or external courses, training programs and in events so as to plan the allocation of work in general, evaluate promotions and bonuses, manage member planning and comply with statutory requirements associated with formal qualifications (for example, safety training);
- Diversity and well-being: CMA handles your Personal Data to conduct programs and actions aimed at member equality, diversity, integration and well-being and at improving our work environment;
- Occupational health and medical services: CMA handles its members’ Personal Data for medical evaluation purposes and to continuously monitor health and well-being, including statutory periodic occupational exams.
Certain purposes also apply to the Personal Data of our customers and business partners, as follows:
- Provision of our Services: We will handle Personal Data to provide the advice and/or litigation and/or non-judicial legal services requested/engaged by our clients, including, but not limited to: analyzing, drafting, reviewing and negotiating contracts, instruments or other legal documents; defending our clients’ interests in administrative, judicial and/or arbitration proceedings; conducting or participating in legal audits to verify statutory corporate compliance or compliance risk analysis; reviewing case information provided by clients to draft answers, memos or legal opinions, and other options;
- Legal publications: We also use client and business partner Personal Data to indicate them as reference contacts that can evaluate and/or recommend CMA services to companies that publish legal publications such as benchmarking and feedback surveys;
- Client database analysis: We may handle personal information to analyze our customer database, including, for example, to find out the main industries we serve, our geographic client distribution and other options.
- We periodically review our data collection, storage and processing practices to ensure that we only collect, store and process personal information necessary to provide or improve our services and for smooth Website operation.
4. WHEN WILL WE HANDLE YOUR PERSONAL DATA?
We will handle your Personal Data only on those circumstances allowed under LGPD, such as:
- Contract performance or performance of preliminary procedures regarding a certain contract;
- Statutory or regulatory obligation;
- Proper exercise of rights in judicial, administrative or arbitration proceedings;
- Protection of the life or physical safety of the owner or of third parties;
- To serve our legitimate interest or that of third parties; or
- With the consent of the data owner.
In most circumstances, your sensitive Personal Data will be handled in satisfaction of the following statutory requirements:
- When the Personal Data owner specifically and clearly consents thereto for specific purposes;
- When essential for CMA to comply with statutory and regulatory obligations;
- For the proper exercise of rights, including contract rights and in judicial, administrative and arbitration proceedings;
- In protection of the life or physical safety of the data owner or of third parties;
We will make sure that You are informed in a transparent manner and that further action will be taken when necessary to guarantee the lawfulness of our data handling activities.
5. SHARING YOUR PERSONAL DATA
We shall not disclose or sell your Personal Data or your access details or provide them for purposes other than those described in this Policy and/or in violation of applicable law. To the extent permitted by law and in satisfaction of applicable statutory requirements, the Personal Data collected may be shared with the following for processing and storage support purposes:
- Any international affiliate of our partner law firm (“DLA Piper”);
- CMA offices located in Brazil (São Paulo, Rio de Janeiro and Brasília);
- Internally with our authorized members and employees as necessary to manage our business and our relationship with You. Our administration personnel, members of our People and Management, Finance or IT teams or specific members of other departments may when necessary access certain Personal Data in furtherance of our relationship or business partnership;
- National authorities or government entities that request Personal Data in compliance with statutory and regulatory obligations, whenever applicable. We will when necessary also share your Personal Data with administrative, law enforcement and judicial authorities in relation to judicial or administrative issues, investigations and other applicable proceedings involving You and/or CMA;
- Service providers, business partners or third parties with whom we work, to meet our legal and regulatory obligations, to provide services to CMA, to develop our activities and business, for information storage and security purposes, without limitation to other applicable purposes. We may share certain data with companies that help us in our recruitment, selection and hiring process (such as LinkedIn, Catho, Vagas.com and educational institutions); financial institutions and companies in charge of paying salaries and compensation; companies that manage benefits such as health and life insurance plans, dental plans, medical exams, food and groceries vouchers, transportation vouchers, labor outsourcers; software, providers of IT support and cloud hosting services; correspondents, witnesses, opposing parties and their counsel, translators; postal or courier service providers; national or international legal publications; and other third parties.
We and the associated third parties shall use all security procedures and measures required by applicable law when handling shared data.
We may also use third-party apps in our daily work activities, such as WhatsApp or other online meeting apps. In those circumstances, we cannot be held liable or give any guarantee regarding data handling by the relevant third party. It is important to note that You will be subject to their privacy and security policies, over which we have no influence or control.
6. COOKIES AND TRACKING TECHNOLOGIES
7. DATA STORAGE AND RETENTION
We designate specific (physical and electronic) locations to store your Personal Data, access to which will be restricted and controlled. If data needs to be stored outside the country, for example, in cloud systems and computing environments, Personal Data will be guaranteed a level of protection identical to that which would be used if it were stored in servers located on Brazilian soil.
CMA shall also keep your Personal Data is kept as up to date as possible and shall delete or anonymize as soon as possible any data deemed irrelevant or excessive.
By making your Personal Data available to other third parties that You may access through our Website or through hyperlinks to other websites, You understand and agree that you must contact those third parties directly if your Personal Data is improperly retained, needs to be updated, corrected or deleted.
The Personal Data You provide to Us is collected, used and protected at the highest security and confidentiality standards and is used only for the purposes for which it was collected, as described in this Policy. We shall implement appropriate technical and organizational measures to protect your Personal Data against unlawful or unauthorized handling or accidental loss, destruction, damage, theft, use or disclosure, when your Personal Data is processed under our control, in compliance with applicable law and best practices.
If any security incident involving your Personal Data occurs causing significant risk or damage, CMA shall report the incident and promptly use best incident correction and mitigation practices, as described in our Security Policy Information and Incident Response Plan.
All our members and contractors shall be committed to our information security policies and to the secrecy and confidentiality of the data CMA handles. That obligation will survive the lapse of the relevant relationship with CMA.
9. MINORS AND INCOMPETENT INDIVIDUALS
Data from children and adolescents who are dependents and beneficiaries of CMA members or who are CMA interns will always be handled in the best interest of the relevant minor and only for specific institutional purposes associated with that minor’s employment or contract relationship with CMA. Personal Data from minors will be handled as required under LGPD and in compliance with the Children and Adolescents Act.
10. INTERNATIONAL DATA TRANSFER
Our firm works in cooperation with global law firm DLA Piper. The personal information You or other people provide Us is received and processed by Us and may be transferred internationally to DLA Piper worldwide. We shall respect the applicable statutory requirements either through the use of the statutory standard contract clauses or through other safeguards, as applicable. In the absence of specific and complementary regulations on the subject in the relevant country, we may adopt template clauses and use templates or instructions applicable under European regulations.
11. PERIODIC COMMUNICATIONS
We may send you transactional communications and notices about the Website, our services and content or as necessary for support purposes and for us to contact You. We may also send you periodic communications such as newsletters, information notices, communications from our firm and other communications that may be of interest to You.
You may unsubscribe to those communications at any time by following the opt-out instructions included in our message or by writing us directly at firstname.lastname@example.org.
12. THIRD-PARTY CONTENT
When You use our Website You may access third-party content (“Third-Party Content”) either directly on our Website or through links to third-party websites. We have no control over Third-Party Content and therefore we cannot be held liable or give any guarantee regarding that content. It is important to note that You will be subject to their privacy and security policies, over which we have no influence or control.
13. PUBLIC INFORMATION
Some of your activities on the Website and on our social networks are public, such as the information, comments and content You post directly on public channels open to all visitors to our Website or platforms. By providing information through public channels on our Website or social networks, You make that information available to the public and place it outside our control. It is therefore important to use care in your posts and comments on public channels. We waive any liability on the dissemination of that content.
14. YOUR RIGHTS
CMA assures You the rights guaranteed under applicable law, including those established in article 18 in LGPD, insofar as they are applicable and upon your request. Said rights will be complied with under the terms and conditions established in applicable regulations:
- Right to Confirmation and Access: You may request confirmation that your Personal Data was accessed and is being handled. This right may be exercised to access and obtain a copy of your Personal Data under our control or possession, including information about any government and non-government entities with which we have shared your data;
- Right to Correction: You have the right to correct incomplete, inaccurate or outdated information. Contact us at any time as indicated below to update, correct or delete Personal Data. We recommend that you update or correct your Personal Data whenever necessary;
- Right to Deletion: You may request the anonymization, blocking or deletion of unnecessary or excessive information or of information not handled in compliance with the law;
- Right to Data Portability: You may request the portability of your Personal Data to another provider of services or goods by express request and respecting our commercial and industrial secrets, in compliance with regulations enacted by the national data protection authority and with applicable law;
- Consent-Related Rights: If handling is based on your consent, You have the right not to provide it or to withdraw it at any time. You also have the right to obtain information about the possibility of not giving consent and about the consequences thereof. You are further entitled to request the elimination of the Personal Data handled with your consent, to the extent permitted by applicable law;
- Right to Review: If applicable, You have the right to request the review of decisions made solely on the basis of the automated handling of Personal Data affecting your interests, including decisions to define your personal, professional or consumer profile or your personality aspects;
- Other Rights: To the extent that We use your Personal Data based on other handling options other than your consent, You have the right to object to that use if it does not comply with applicable law. You are further entitled to receive information on any third parties with which WE share Personal Data and to submit petitions to the national authority or to consumer protection entities, if applicable.
15. CHANGES TO THIS POLICY
You will be given prior notice of any significant and material change to this Policy, especially in relation to how We handle your Personal Data. You may contact the CMA Officer in charge as indicated below if You wish to withdraw your data handling consent if it is required for a certain purpose.
16. CONTACT US
Data Protection Officer: Ruy Fernando Calixto
Effective as of: June 21, 2021
©Campos Mello Advogados
All rights reserved.