The personal data privacy and security of our website visitors, customers, employees and partners is very important to CBA B+G. Thus, in order to ensure transparency in data processing, this Policy provides information on the process of personal data, as well as informs the security measures and practices implemented by CBA B+G to protect data and to safeguard the data and protect owners’ rights.


Principles and Grounds

CBA B+G handles your personal data in accordance with the following principles:

Transparency: lawful, complete and transparent processing of your personal data;

  • Purpose and suitability: Personal data collected and processed only for certain and legitimate purposes;
  • Need: Adequate processing of the minimum of personal data required for the fulfillment of each purpose;
  • Data quality: The processing of correct and up-to-date personal data using rectification means where possible;
  • Non-discrimination: Prevention against the data processing for discriminatory, unlawful or abusive purposes;
  • Security and prevention: implementation of technical and organizational measures aimed at preventing unauthorized or illegal use of your data, preventing its loss, destruction or accidental damage.


Personal Data processed

CBA B+G will only collect personally identifiable data from visitors to our website, such as name or email address, when voluntarily informed by the data owner. This may occur, for example, in the case of registration for the receipt of the CBA B+G monthly newsletter or email contact. In such cases, the data shall be processed only for the specific purposes requested by the data subjects.

Also, in order to fulfill legal obligations and agreements and offer its services in the highest possible quality, CBA B+G, in its daily operations, handles personal data of its customers, partners and employees, always in accordance with Law 13.709/2018 (General Data Protection Law – “LGPD”)



Use of personal data and purposes of processing

The ongoing compliance actions implemented by CBA B+G are intended to comply with LGPD, but also to guarantee the quality, safety and reliability standards expected by our customers, partners and employees. Therefore, any processing of personal data carried out by CBA B+G will be based on legal basis and will be suitable for the purpose of its collection.

Some of the purposes to justify the processing of personal data by CBA B+G include: responding, processing, and communicating with the owners about requests, questions, and comments; by company sending customized communications; operating, evaluating and improving our business (including to improve and refine our services, managing our communications, carrying out data analysis, and performing other internal tasks); protecting, identifying and preventing fraud and other illegal activities, complaints and other responsibilities; comply with applicable legal requirements, industry standards and our own policies and terms; undertaking marketing actions; carrying out research for our customers; and holding workshops, etc.

In turn, in support of the processing of personal data for these purposes, we may use, for example, the following assumptions: (i) performance of preliminary agreements and procedures; (ii) compliance with the legal, regulatory or self-regulatory obligations to which the Company is subject; (iii) regular exercise of rights in processes or agreements; (iv) credit protection; (v) fulfillment of the legitimate interests of CBA B+G or third parties; or (vi) fraud prevention. In other cases, the processing of personal data shall be subject to the consent of the data owner.



Sharing data

The sharing of personal data processed by CBA B+G will occur exceptionally, such as: (i) in the event of compliance with an obligation provided for the law, regulation or lawsuit; (ii) for the execution of agreements subject to the sharing of data; (iii) when requested by the owner. Such sharing should also be performed with partner institutions/companies and information technology providers, which are subject to data confidentiality and data protection obligations.



Security of personal data

CBA B+G uses technical and administrative measures suitable to protect your personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination, with a security standard usually adopted by the market for the protection of personal data.

Likewise, the processed personal data is restricted to only those employees or other parties who need the information to perform and carry out their tasks.



Use of Cookies

Cookies are Internet files that temporarily store your interaction with our virtual environment. CBA B+G uses cookies to: Provide you with a better experience and enable customized resources such as: Target advertising and additional information of interest; improve our understanding of how you browse through our websites so that we can identify improvements; evaluate the advertising and promotional effectiveness of our websites; we use our own (first-hand) cookies and cookies from partner (third-party) companies to support these activities of disseminating Design, Branding, Research and Innovation content.

The storage period of a cookie on your computer depends on its type. Some will last for as long as you are online, while others for a longer period, which may reach 01 (one) year. If you wish, at any time you may delete cookies on your computer through your browser. If you set your browser to decline cookies, you are not enabled to use all of the custom browsing features offered by the website, and you may experience operational problems.



Data storage

CBA B+G shall keep personal data processed at least as long as the owner has a link with us and/or as long as the consent lasts, where applicable. After these assumptions are closed, we will keep personal data for as long as it is necessary to comply with applicable law.



Rights of data owners

CBA B+G ensures to the data owner the exercise of the rights provided for in the applicable law, including:

  • Confirmation of the existence of processing of personal data and access to such data;
  • Correction of incomplete, inaccurate or outdated data;
  • Anonymization, blocking or deletion of unnecessary, excessive, or data processed in breach to LGPD;
  • Portability of personal data by express and authenticated request;
  • The deletion of data processed with the author’s consent, in compliance with the applicable time limits of custody;
  • Obtaining information about public and private entities with which CBA B+G shared your data;
  • Information on the possibility of not providing consent and the consequences of the denial;
  • Withdrawal of consent, where applicable, under the terms of LGPD;


Data on candidates to job

If you have an interest in working with us and have sent us the documents necessary to apply for one of our vacancies, in accordance with the guidelines on our website, we inform you that we will collect and process your personal data provided, such as: name, personal information, contact e-mail address, details of your professional qualifications and other data contained in your résumé and/or portfolio.

In this case, data processing will have as its specific purpose the recruitment of new employees/freelancers and will be based on the legal hypotheses foreseen in LGPD.

The data processed under this circumstance shall be subject to all other provisions of this Policy.



Updates to our Privacy Policy

This Privacy Policy should be updated from time to time, in which case the change will be reported on our website.



How to contact us

For further information or for the exercise of the rights of the data owner, please contact the Data Protection Officer (DPO), of CBA B+G, Ms. Eliana Hessel by email [email protected]




Subscribe to Blimp, our monthly newsletter.