A. GENERAL SECTION
1.1. COLLECTION AND PROCESSING OF USER DATA
As a rule, Personal Data is requested when you wish to contact JLM&A, either to request any of the services provided by the company or to obtain additional information about them. JLM&A collects different categories of personal data from its clients, potential clients, suppliers, service providers and applicants. These categories of personal data may include: identification data, contact data, billing data and data relating to academic and professional background. When providing consultancy services to its clients, JLM&A may process special categories of personal data, in particular: political opinions and/or trade union membership. These data are only processed when they have been manifestly made public in accordance with Article 9, nº2, point e of the GDPR.
Considering that the Website has an unstructured field for sending messages to JLM&A, Personal Data may be sent as part of this message. No Personal Data belonging to special categories (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data to uniquely identify a person, data concerning health or data concerning a person’s sex life) shall be entered in this field.
1.2. DATA RECIPIENTS
In the context of processing User Data, JLM&A uses or may use third parties subcontracted by it to process the User Data on its behalf and according to its instructions.
JLM&A ensures that such processors provide sufficient guarantees to implement appropriate technical and organisational measures in such a way that the processing will meet the requirements of the applicable law and ensure the security and protection of the rights of data subjects in accordance with the contractual arrangement concluded with those processors.
JLM&A may also transmit Personal Data of its Customers to third parties, not qualified as sub-contractors, when it deems such communications necessary or appropriate (i) under applicable law, (ii) in compliance with legal obligations/judicial orders, or (iii) to respond to requests from public or government authorities. In this regard, JLM&A may transmit your Personal Data to public authorities and regulators.
The table below shows the recipients of the transmissions of Personal Data:
|Categories of recipients||Purposes of processing of personal data|
|Consultants and Lawyers||Provision of advisory and legal services|
|Accounting and IT service providers||Provision of services (e.g., Website hosting, Accounting, and IT)|
1.3. DATA COLLECTION CHANNELS
JLM&A may collect data directly (e.g., directly from the User) or indirectly (e.g., through partner entities or third parties). Collection may take place through the following channels:
Direct collection: in person, by telephone, by e-mail and through the Website;
Indirect collection: through partners.
2. GENERAL PRINCIPLES APPLICABLE TO THE PROCESSING OF USER DATA
In terms of general principles concerning the processing of Personal Data, JLM&A undertakes to ensure that the User Data it processes is:
1- The object of processing in accordance with the law, and in a fair and transparent manner in relation to the User;
2- Collected for specified, objective and legitimate purposes and not further processed in a manner contrary to those purposes;
3- Adequate, justified and limited to what is necessary in relation to the purposes for which they are processed;
4- Accurate and up-to-date where necessary, with all necessary steps being taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased, or rectified without delay;
5- Kept in a form which permits identification of the User only for the period necessary for the purposes for which the data is processed;
6-Processed in a manner that ensures their security, including protection against unauthorised or unlawful processing and against their loss, destruction, or unforeseen damage, with appropriate technical or organisational measures being taken.
7- The data processing carried out by JLM&A are permitted and legitimate where at least one of the following situations exists:
- The User has given his/her free, positive, explicit, and unambiguous consent to the processing of the User Data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which the User is party, or for pre-contractual procedures at the User’s request;
- Processing is necessary for compliance with a legal obligation to which JLM&A may be subject to;
- Processing is necessary in order to protect the vital interests of the user or another individual;
- Processing is necessary for the purposes of the legitimate interests pursued by JLM&A or by third parties (except where the interests or fundamental rights and freedoms of the User override which require protection of Personal Data).
JLM&A undertakes to ensure that the User Data is processed only under the conditions listed above and in compliance with the aforementioned principles. Where User Data is processed by JLM&A on the basis of their consent, the User has the right to withdraw their consent at any time. The revocation of consent, however, does not compromise the legality of the processing carried out by JLM&A on the basis of the consent previously given by the User.
The period of time during which data is stored and retained varies according to the purpose for which the information is processed, being archived only for the time necessary to fulfil the purposes for which they are processed, taking into consideration the Data Retention Policy approved by JLM&A.
In fact, there are legal requirements to retain data for a minimum period of time. Therefore, unless there is a specific legal obligation, the data will be stored and kept only for the minimum period necessary for the purposes for which they were collected or subsequently processed, after which they will be deleted.
3. USE AND PURPOSES OF PROCESSING USER DATA
In general terms, JLM&A uses User Data for the following purposes:
|Purpose||Description||Ground for Lawfulness|
|Management of information requests||Data processing for the purpose of responding to requests for information made by potential customers.||Pre-Contractual Diligences|
|Management of customer and supplier contractual relations||Data processing with a view to carrying out actions in the course of the contractual relationship, with the aim of keeping the data provided up-to-date, possible changes in contractual conditions, fulfilment of contractual obligations, monitoring of customers and suppliers, support in the use of services, among others.||Contractual Execution|
|Provision of consultancy services to clients||Media and Public Relations External Communications Crisis management Media training Public affairs & engagement Social media Strategic Communication Consulting||Contractual Execution|
|Selection and Recruitment||For recruitment purposes, we collect and process candidate data within the scope of recruitment processes at JLM&A.||Pre-Contractual Diligence|
|Security||Guaranteeing the safety of our installations, through the management of accidents at work, physical access control, among other actions.||Legitimate Interest Legal Obligation|
|Invoicing||Issuing invoices for products and services purchased.||Legal Obligation Contractual Execution|
4. TECHNICAL, ORGANISATIONAL AND SECURITY MEASURES IMPLEMENTED
To ensure the security of User Data and maximum confidentiality, JLM&A treats the information you provide as absolutely confidential, in accordance with its internal security and confidentiality policies and procedures, which are updated periodically as necessary, as well as with the terms and conditions provided by law.
According to the nature, scope, context and purposes of the data processing and the risks arising from the processing for the rights and freedoms of the User, JLM&A undertakes to implement the necessary and appropriate technical and organisational measures to protect user data and to comply with legal requirements, both when defining the means of processing and during processing itself.
It further undertakes to ensure that, by default, only data that are necessary for each specific purpose of the processing are processed and that such data are not made available without human intervention to an indefinite number of persons.
Communication between the User’s device and the Website JLM&A is carried out through secure communication channels using the HTTPS protocol and the SSL security standard.
Still, in terms of general measures, JLM&A adopts the following:
- Regular audits to identify the competence of technical and organisational measures implemented;
- Awareness raising and training of staff involved in data processing operations;
- Pseudonymisation and encryption of personal data;
- Mechanisms to ensure the ongoing confidentiality, availability, and resilience of information systems;
- Mechanisms to ensure the prompt restoration of information systems and access to Personal Data in the event of a physical or technical incident.
5. TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
JLM&A may transfer the User’s Personal Data to recipients in countries outside the European Union, which may have different levels of protection for Personal Data.
Consequently, JLM&A is concerned to adopt adequate measures to ensure the safe transfer of the User’s Personal Data whenever there is a transfer to a third country whose level of protection of its Personal Data is different from that of the country where the Personal Data is collected.
JLM&A undertakes to ensure that transfers of Personal Data to countries outside the European Union comply with applicable legal provisions, in particular as regards the determination of the suitability of such country in respect of data protection and the requirements applicable to such transfers.
When you visit our website, small text files (Cookie) are created and saved on your computer disk. These text files will enable a more personalised and efficient browsing experience. On each visit to the Website, your internet browser sends these cookies back to the Website, allowing it to recognise and memorise the identity of Users, as well as their usage preferences. These Cookies will only be installed with your express consent, except in cases where they are necessary consents for the functioning of the Website.
To find out all the information about the cookies we use on the Website, namely, their purposes, categories, duration and to whom they belong, you can consult our Cookies Policy available here.
In addition, you have the possibility at any time to manage your preferences regarding the collection of cookies in the preference manager available here.
7. THIRD-PARTY TOOLS INTEGRATED INTO THE WEBSITE
The Website provides an interactivity with LinkedIn, through the respective button, establishing a connection to LinkedIn’s servers, which will identify the Website the User is visiting and possibly store other data, such as the IP address. Information on the data processing carried out by LinkedIn is available at: https://www.linkedin.com/legal/privacy-policy?_l=pt_BR.
B. USERS’ RIGHTS (DATA SUBJECTS)
8. RIGHT TO INFORMATION
8.1. Information provided to the User by JLM&A (when the data is collected directly from the User):
- The identity and contact details of the controller and, where applicable, its representative;
- Contact details of the Data Protection Officer;
- The purposes of the processing for which the Personal Data are intended as well as, where applicable, the legal reasons for the processing;
- If the processing of the data is based on legitimate interests of JLM&A or a third party, indication of such interests;
- Where applicable, the recipients or categories of recipients of the Personal Data;
- Where applicable, an indication of whether the Personal Data will be transferred to a third country or an international organisation, and the existence or absence of an adequacy decision adopted by the Commission or reference to appropriate or adequate transfer safeguards;
- Period of conservation of personal data;
- The right to request to JLM&A permission to personal data, as well as their correction, deletion or limitation, the right to object to the processing and the right to access the data;
- If the processing of data is based on the User’s consent, the right to withdraw it at any time, without compromising the legality of the processing carried out on the basis of the consent previously given;
- The right to lodge a complaint with the CNPD or another supervisory authority;
- Indication of whether the provision of Personal Data constitutes a legal or contractual obligation or a necessary requirement to enter into a contract, as well as whether the data subject is obliged to provide the Personal Data and the possible consequences of failure to provide such data;
- Where applicable, the existence of automated decisions, including profiling, and information concerning the basic concept and the significance and envisaged consequences of the processing for the data subject.
In case User Data is not collected directly by JLM&A to the User, in addition to the information mentioned above, the User is also informed about the categories of personal data being processed and the origin of the data and, if applicable, whether they come from publicly available sources.
In the event that JLM&A intends to further process User Data for a purpose other than that for which the data was collected, prior to such processing JLM&A will provide the User with information to that effect and any other information of interest as set out above.
8.2. Procedures and measures implemented with a view to fulfilling the right to information.
The information referred to in 8.1. is provided in writing (including by electronic means) by JLM&A to the User prior to the processing of the Personal Data in question. In accordance with the applicable law, JLM&A is not obliged to provide the User with the information mentioned under 8.1 if and insofar as the User is already aware of this information.
The information is provided by JLM&A at no charge.
9. RIGHT OF ACCESS TO PERSONAL DATA
JLM&A guarantees the means allowing the User access to his/her Personal Data.
The User has the right to obtain, from JLM&A, confirmation as to whether or not Personal Data concerning them are processed and, where applicable, the right to access their Personal Data and to the following information:
- The purposes of data processing;
- The categories of personal data concerned;
- The recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular those recipients established in third countries or belonging to international organisations;
- The retention period for Personal Data;
- Right to request to JLM&A the correction, erasure, or limitation of the processing of personal data or the right to prevent such processing;
- Right to lodge a complaint with the CNPD or another supervisory authority;
- If the data has not been collected from the User, the available information on the origin of such data;
- The existence of automated decisions, including profiling, and information concerning the logic involved and the significance and expected consequences of such processing for the data subject;
- Right to be informed of adequate safeguards associated with the transfer of data to third countries or international organisations.
Upon request, JLM&A shall provide the User with a copy of the User Data being processed, free of charge. The provision of further copies upon request by the User may incur administrative costs.
10. RIGHT TO RECTIFICATION OF PERSONAL DATA
The User has the right to request at any time the rectification of their Personal Data as well as the right to have incomplete Personal Data completed, including by means of an additional declaration.
In case of data rectification, JLM&A notify each recipient to whom the data have been disclosed of their rectification, unless such notification is considered impossible or involves a disproportionate effort for JLM&A.
11. THE RIGHT TO THE ERASURE OF PERSONAL DATA (“RIGHT TO BE FORGOTTEN”)
The User has the right to obtain, from JLM&A, the erasure of their data when one of the following grounds applies:
- User Data is no longer necessary for the purpose for which it was collected or processed;
- The User withdraws the consent on which the processing of the data is based and there is no other legal ground for the processing;
- The user objects to the processing under the right to object and there are no overriding legitimate interests justifying the processing;
- If the data is unlawfully processed;
- If User Data must be deleted in order to comply with a legal obligation to which JLM&A may be subject to;
Under the applicable legal terms, JLM&A is under no obligation to delete User Data to the extent that processing is necessary to comply with a legal obligation to which JLM&A is subject to or for the purpose of asserting, exercising, or defending a right of JLM&A in a court of law.
In case of data deletion, JLM&A inform each recipient/entity to whom the data have been disclosed of their erasure, unless such communication proves impossible or involves a disproportionate effort for them.
When JLM&A it has made public User Data and is obliged to erase it in accordance with the right of erasure, JLM&A undertakes to take reasonable steps, including technical measures, taking into account available technology and the cost of their implementation, to inform those responsible for the actual processing of personal data that the user has requested them to delete links to such personal data and copies or reproductions thereof.
12. RIGHT TO LIMITATION OF PROCESSING OF PERSONAL DATA
The User has the right to obtain, from JLM&A, the limitation of the processing of User Data if one of the following situations applies (limitation consists of inserting a mark on the Personal Data held with the aim of limiting its processing in the future):
- If they contest the accuracy of their Personal Data, for a period that allows JLM&A to verify its accuracy;
- If the processing is unlawful and the User opposes the elimination of the data and instead requests limitation of their use;
- If JLM&A no longer need the User Data for processing purposes, but such data are required by the User for the establishment, exercise, or defence of legal claims;
- Where the User has objected to the processing, until it is ascertained that the legitimate reasons of JLM&A prevail over those of the User.
Where User Data is subject to limitation, it may, with the exception of storage, only be processed with the consent of the User or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person, or for reasons of public interest as provided by law.
Users who have obtained the limitation of the processing of their data in the aforementioned cases will be informed by JLM&A before the limitation on treatment is lifted.
In the event of data processing being restricted, JLM&A shall inform each recipient to whom the data have been disclosed of their limitation, unless such disclosure proves impossible or involves a disproportionate effort for JLM&A.
13. RIGHT OF PORTABILITY OF PERSONAL DATA
The User has the right to receive the Personal Data concerning them that they have provided to JLM&A, in a structured, commonly used, and machine-readable format, and the right to transmit such data to another controller if:
- The processing is based on consent or on a contract to which the User is a party; and
- The treatment is carried out by automated means.
The right of portability does not include inferred data or derived data, e.g., Personal Data that are generated by JLM&A as a consequence or result of the analysis of the data being processed.
The User has the right to have their personal data transmitted directly between controllers, where technically possible.
14. RIGHT TO OBJECT TO PROCESSING
The User has the right to object at any time, for reasons relating to his/her particular situation, to the processing of Personal Data concerning him/her, which is based on the exercise of legitimate interests pursued by JLM&A, or where processing is carried out for purposes other than those for which the personal data have been collected, including profiling, or where the personal data are processed for statistical purposes.
JLM&A will terminate the processing of the User’s Data unless it provides urgent and legitimate grounds for such processing which override the interests, rights, and freedoms of the User, or for the purposes of the establishment, exercise, or defence of any right of JLM&A in a legal proceeding.
Where User Data is processed for direct marketing purposes, the User shall have the right to object at any time to the processing of data concerning him or her for the purposes of such marketing, which includes profiling to the extent that it is related to direct marketing. If the User objects to their data being processed for the purposes of direct marketing, JLM&A ceases the processing of data for this purpose.
The User also has the right not to be subject to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning them or significantly affects them in a similar manner, unless the decision:
- It is necessary for the conclusion or the execution of a contract between the User and JLM&A;
- Is authorised by legislation to which JLM&A may be subject; or
- It is based on the explicit consent of the User.
15. PROCEDURES FOR THE EXERCISE OF USER RIGHTS
The right of access, the right of rectification, the right of deletion, the right of limitation, the right of portability and the right of opposition may be exercised by the User by sending an email to email@example.com or a registered letter to Rua Joshua Benoliel, nº 6 – 4ºA.
JLM&A will respond in writing (including by electronic means) to the User’s request within a maximum period of one month from receipt of the request, except in cases of particular complexity, where this period may be extended to two months.
If requests made by the User are manifestly unjustified or excessive, namely due to their repetitive character, JLM&A reserves the right to charge administrative costs or to refuse to process the application.
16. PERSONAL DATA BREACHES
In case of a data breach and insofar as such breach is likely to result in a high risk to the rights and freedoms of the User, JLM&A undertakes to communicate a Personal Data breach to the User concerned within 72 hours of becoming aware of the incident.
In legal terms, communication to the User is not required in the following cases:
- In the event that JLM&A has implemented appropriate protection measures, both technical and organisational, and those measures have been applied to the Personal Data affected by the Personal Data breach, especially measures rendering the Personal Data unintelligible to any person not authorised to access such data, such as encryption;
- In the event that JLM&A has taken subsequent measures ensuring that the high risk to the rights and freedoms of the User is no longer likely to materialise; or
- If communicating with the User implies a disproportionate effort to JLM&A. In that case, JLM&A make a public announcement or take a similar measure whereby the User will be informed.
C. FINAL SECTION
18. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY You can always submit your complaint to the Data Protection Supervisor – Comissão Nacional de Proteção de Dados.