The personal data privacy and security of our website visitors, customers, employees and partners is very important to CBA B+G. Thus, in order to ensure transparency in data processing, this Policy provides information on the process of personal data, as well as informs the security measures and practices implemented by CBA B+G to protect data and to safeguard the data and protect owners’ rights.
Principles and Grounds
CBA B+G handles your personal data in accordance with the following principles:
Transparency: lawful, complete and transparent processing of your personal data;
- Purpose and suitability: Personal data collected and processed only for certain and legitimate purposes;
- Need: Adequate processing of the minimum of personal data required for the fulfillment of each purpose;
- Data quality: The processing of correct and up-to-date personal data using rectification means where possible;
- Non-discrimination: Prevention against the data processing for discriminatory, unlawful or abusive purposes;
- Security and prevention: implementation of technical and organizational measures aimed at preventing unauthorized or illegal use of your data, preventing its loss, destruction or accidental damage.
Personal Data processed
CBA B+G will only collect personally identifiable data from visitors to our website, such as name or email address, when voluntarily informed by the data owner. This may occur, for example, in the case of registration for the receipt of the CBA B+G monthly newsletter or email contact. In such cases, the data shall be processed only for the specific purposes requested by the data subjects.
Also, in order to fulfill legal obligations and agreements and offer its services in the highest possible quality, CBA B+G, in its daily operations, handles personal data of its customers, partners and employees, always in accordance with Law 13.709/2018 (General Data Protection Law – “LGPD”)
Use of personal data and purposes of processing
The ongoing compliance actions implemented by CBA B+G are intended to comply with LGPD, but also to guarantee the quality, safety and reliability standards expected by our customers, partners and employees. Therefore, any processing of personal data carried out by CBA B+G will be based on legal basis and will be suitable for the purpose of its collection.
Some of the purposes to justify the processing of personal data by CBA B+G include: responding, processing, and communicating with the owners about requests, questions, and comments; by company sending customized communications; operating, evaluating and improving our business (including to improve and refine our services, managing our communications, carrying out data analysis, and performing other internal tasks); protecting, identifying and preventing fraud and other illegal activities, complaints and other responsibilities; comply with applicable legal requirements, industry standards and our own policies and terms; undertaking marketing actions; carrying out research for our customers; and holding workshops, etc.
In turn, in support of the processing of personal data for these purposes, we may use, for example, the following assumptions: (i) performance of preliminary agreements and procedures; (ii) compliance with the legal, regulatory or self-regulatory obligations to which the Company is subject; (iii) regular exercise of rights in processes or agreements; (iv) credit protection; (v) fulfillment of the legitimate interests of CBA B+G or third parties; or (vi) fraud prevention. In other cases, the processing of personal data shall be subject to the consent of the data owner.
The sharing of personal data processed by CBA B+G will occur exceptionally, such as: (i) in the event of compliance with an obligation provided for the law, regulation or lawsuit; (ii) for the execution of agreements subject to the sharing of data; (iii) when requested by the owner. Such sharing should also be performed with partner institutions/companies and information technology providers, which are subject to data confidentiality and data protection obligations.
Security of personal data
CBA B+G uses technical and administrative measures suitable to protect your personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination, with a security standard usually adopted by the market for the protection of personal data.
Likewise, the processed personal data is restricted to only those employees or other parties who need the information to perform and carry out their tasks.
The storage period of a cookie on your computer depends on its type. Some will last for as long as you are online, while others for a longer period, which may reach 01 (one) year. If you wish, at any time you may delete cookies on your computer through your browser. If you set your browser to decline cookies, you are not enabled to use all of the custom browsing features offered by the website, and you may experience operational problems.
CBA B+G shall keep personal data processed at least as long as the owner has a link with us and/or as long as the consent lasts, where applicable. After these assumptions are closed, we will keep personal data for as long as it is necessary to comply with applicable law.
Rights of data owners
CBA B+G ensures to the data owner the exercise of the rights provided for in the applicable law, including:
- Confirmation of the existence of processing of personal data and access to such data;
- Correction of incomplete, inaccurate or outdated data;
- Anonymization, blocking or deletion of unnecessary, excessive, or data processed in breach to LGPD;
- Portability of personal data by express and authenticated request;
- The deletion of data processed with the author’s consent, in compliance with the applicable time limits of custody;
- Obtaining information about public and private entities with which CBA B+G shared your data;
- Information on the possibility of not providing consent and the consequences of the denial;
- Withdrawal of consent, where applicable, under the terms of LGPD;
Data on candidates to job
If you have an interest in working with us and have sent us the documents necessary to apply for one of our vacancies, in accordance with the guidelines on our website, we inform you that we will collect and process your personal data provided, such as: name, personal information, contact e-mail address, details of your professional qualifications and other data contained in your résumé and/or portfolio.
In this case, data processing will have as its specific purpose the recruitment of new employees/freelancers and will be based on the legal hypotheses foreseen in LGPD.
The data processed under this circumstance shall be subject to all other provisions of this Policy.