top of page

Política de Privacidade 

Introduction

The Privacy Policy (hereinafter “Policy”) was developed to support the Account in adapting its activity to the General Data Protection Regulation, approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).


This Policy is a document directly aimed at all our Customers, whose main purpose is to transmit the rules for the processing of personal data, the purpose of its collection and the way in which they are treated.


This policy applies to all Account Professionals and, when identified, to third parties accessing company assets. Compliance with this policy is mandatory and, therefore, all Professionals have an individual responsibility to ensure their compliance with it.


This document is subject to periodic reviews to ensure its continuous improvement and legal and regulatory compliance.
 

Data Protection Principles

The processing of personal data consists of an operation or set of operations carried out on personal data or sets of personal data, through automated means or not, namely the collection, registration, organization, structuring, conservation, adaptation, retrieval, consultation, use, dissemination, diffusion, comparison, interconnection, limitation, erasure or destruction.


The Account undertakes to comply with the principles of personal data protection defined by the GDPR, namely:

 

  • Lawfulness, loyalty and transparency: means that we must have a legitimate reason by virtue of which we process Personal Data, for example, consent of the Data Subject, compliance with a legal obligation to which we are subject. It also means that we must clearly inform the Data Subject about the treatment;

  • Limitation of Purposes: we must only request Personal Data for specific, explicit and legitimate purposes and not process it beyond the purpose for which it was requested;

  • Data minimization: the Personal Data being processed must be adequate, relevant and limited to what is necessary;

  • Accuracy: we have an obligation to ensure that Personal Data is accurate and to update it whenever necessary;

  • Limitation of retention: we must not retain Personal Data longer than necessary for the purposes for which it is processed, although we may retain some for historical and statistical purposes;

  • Integrity and Confidentiality: we must have adequate security controls in place to protect data against unauthorized and illegal processing, loss, destruction or damage, including technical and organizational measures such as defined processes, training and awareness;

  • Legal transfer outside the European Economic Area: We only transfer Personal Data outside the EEA provided there are adequate safeguards, such as a contractual basis;

  • Data Subject Rights: Data Subjects have a number of rights that we must respect (for example, the right to access a copy of the data we archive and the right to withdraw consent given for direct marketing purposes).

Rights of Data Subjects 

The Regulation grants the holders of the personal data being processed a set of rights that must be safeguarded by the data controller:

 

  • Right of Access: Data subjects have the right to obtain information about the personal data that are processed and information about them, such as, for example, what are the purposes of the treatment and what are the retention periods for personal data. In principle, the right of access should be free of charge, however, fees can be created to allow such access in the case of unfounded or excessive requests;

  • Right of Rectification: Data subjects are guaranteed the right to obtain the rectification of their personal data that is outdated, incorrect or incomplete.

  • Right of Erasure: Also referred to as “the right to be forgotten”, it gives data subjects the right to request the data controller to erase their data. Thus, data subjects are guaranteed, within the limitations established by law, the right to obtain the deletion of their personal data provided that: • The data prove to be unnecessary for the purposes for which they were collected or processed; • The data subject withdraws consent, when the treatment is necessarily based on it and there is no other legal basis for the data processing; • The holder opposes the processing of personal data used for automated and/or profiling purposes; • When personal data have been processed unlawfully. It should be noted that there are limitations to the right to erasure, namely those related to the data retention periods for reasons of public interest, national security, billing, commercial, tax and others.

  • Right to Limitation of Treatment: The data subject has the right to demand the limitation of the treatment of his personal data in the following situations: • Challenge the accuracy of the personal data, during a period that allows the person responsible for the treatment to verify its accuracy; • The processing is unlawful and the data subject opposes the erasure of personal data and requests, in return, the limitation of its use; • The data controller no longer needs the personal data for processing purposes, but such data are required by the data subject for the purposes of declaring, exercising or defending a right in a judicial process; • If you have objected to the processing until it is verified that the legitimate reasons of the controller prevail over those of the data subject.

  • Right of Data Portability: The right of portability gives the holders of personal data the right to request from the person responsible for their treatment, their personal data, in a format of common use and even its transfer to another person responsible for the treatment, provided that this is technically possible.

  • Right of Opposition and Automated Individual Decisions: The data subject has the right to oppose at any time, for reasons related to his particular situation, the processing of personal data concerning him, which are based on legitimate interests or public interest. , including profiling based on these provisions.

Lawfulness and loyalty in collection and treatment 

Whenever Personal Data is collected, it is necessary to have a legal basis for the inherent treatment. In accordance with the GDPR, we must identify at least one of the following reasons for processing Personal Data:

  • Consent: The Data Subject has given consent for them to be processed for one or more specific purposes;

  • Contractual: The processing is necessary for the performance of a contract to which the Data Subject is a part or for pre-contractual steps;

  • Legal: The treatment is necessary to comply with a legal obligation to which the Data Controller is subject;

  • Vital interests: The processing is necessary to protect the Data Subject's vital interests;

  • Public interest: Processing is necessary for the performance of a task performed in the public interest;

  • Legitimate interests: The processing is necessary for the legitimate interests of the Data Controller, except when interests or fundamental rights and freedoms of the Data Subject prevail.

 

When acting as Data Controller, we must ensure that we have a legitimate basis for collecting and processing Personal Data.


In some situations, we may act as a Processor on behalf of our client, in which case it is the client's responsibility to ensure that he has a correct reason for the processing of Personal Data, which he must share with us. However, we must take steps to ensure that our contract is clear about our responsibilities in this regard and that if we collect Personal Data directly from Data Subjects on behalf of the customer, we have the basis to do so legitimately.


The GDPR requires that Data Subjects be provided with information on processing in order to ensure fair and transparent treatment. Whenever we collect Personal Data, we must ensure that we properly explain why we need the information and how we will handle it. 

Data Security and Disclosure

The Account will maintain data security by protecting the Confidentiality, Integrity and Availability of Personal Data, where: Confidentiality means that only authorized persons can access the data; Integrity means that Personal Data must be accurate and adequate for the purposes inherent to the treatment; Availability means that authorized users must be able to access the data if they need it for the authorized purposes.


All Professionals must avoid any inappropriate disclosure of Personal Data and comply with our general duties regarding Confidentiality.  Generally Personal Data may be disclosed: a) To Professionals or agents so that they can perform its functions as such; b) In cases where non-disclosure may impair the prevention or detection of crimes, the prosecution of offenders, or the assessment or collection of any tax or fee.

 

The Account must have adequate grounds for disclosing data under this category in order to avoid criminal prosecution. All disclosures must be justified and documented.  For legal purposes data may be disclosed if: a) Required by law, statute or court order; b) For the purpose of obtaining legal advice; c) Within the scope or for the purposes of a judicial process or when necessary for the defense of a legal right; or d) To safeguard national security.

Data Conservation 

We keep your personal data for the longest of the following periods: (i) as long as it is necessary for our activity or relevant services; (ii) the retention periods required by law, as the case may be; (iii) at the end of the litigation or investigation process relating to the underlying relationship; or (iv) for the agreed minimum period.


Examples of storage period and conservation of your personal data:

  • The maximum period of storage of tax-relevant data is 10 (ten) years from the date of termination of the Contract, as stipulated in paragraph 4 of article 123 of the IRC Code (Writing of Law n.º 7- A/2016, of 30 March, applicable to tax periods beginning on 1 January 2017);

  • The maximum period for keeping documents relevant to labor matters is 10 (ten) years from the date of termination of the Contract, also as stipulated in paragraph 4 of article 123 of the IRC Code.

  • The maximum period of storage of personal data contained in correspondence, commercial bookkeeping and documents related to it is 10 (ten) years, in accordance with article 40 of the Commercial Code, as amended by Decree-Law no. 76-A/2006, of 29 March.

  • The retention period of personal data referring to records of working time and records of work provided to compensate for periods of absence from work is 5 (five) years, as stipulated in article 202 of the Labor Code.

  • The period of storage of personal data referring to Workmen's Accident Insurance and occupational diseases (payrolls to the Worker with the respective name, profession, working days and hours, wages and other services that are regular in nature or copies of the sheets and payments remitted to Social Security), is 5 (five) years, according to subparagraph b) of article 16 of Rule no. /2000 R, of 13 November, 16/2000 R, of 21 December, and 13/2005 R, of 18 November (uniform work accident insurance policy for employees)

  • The maximum period for storing other personal data is 18 (eighteen) months from the date of termination of the Contract.

How and When We Collect Data 

We may collect and obtain your personal data in the course of our provision of services to you or our customers, in carrying out checks within the scope of our services (or discussing possible services we may provide), as well as as a user of this website.


We process your personal data because it is provided directly by you (eg in a form on our website) or by others (eg your employer or consultant or suppliers) or because it is publicly available.


We may also process your personal data because we observe or infer it, through the way you interact with us or others. For example, to improve your experience when using this website and ensure it works effectively, we (or our suppliers) may use cookies (small text files stored in a user's browser) and web beacons that may collect personal data.


Some personal data are essential for the performance of the contract and, in case of lack or insufficiency of the same, either by omission or by refusal to make them available, the Account does not guarantee the provision of the service in question nor can it be the subject of any liability. . 


The personal data collected can be processed electronically and in an automated or non-automated way, guaranteeing in all cases strict compliance with the legislation for the protection of personal data, being stored in specific databases created for this purpose and, under no circumstances, the data collected will be used for a purpose other than that for which they were collected or given the consent of the data subject.

For what purpose do we treat the Data 

We use your personal data to provide services to you or our customers. For this reason, we may use your personal data in the course of correspondence exchanged within the scope of the services. Such correspondence may be with you, with our customers, with other member firms of Grupo Conta, with suppliers, with regulators or with competent authorities. We may also use your personal data to confirm, verify and evaluate our services.


As we provide different types of services, the way in which we use personal data in relation to our services varies. For example, we may use personal data for the following purposes:

  • Compliance with applicable legal or regulatory requirements;

  • Responding to requests and communications from the competent authorities;

  • Client opening and other administrative purposes;

  • Financial accounting, invoicing, risk analysis and business development;

  • Recruitment and Training

  • Customer relationships, including: (i) sending you communications or details of our services that we believe may be of interest to you; (ii) contact to receive feedback on our services; and (iii) contact for market research or research purposes. In these cases you have the opportunity to decline our invitations, communications or requests at any time. In specific cases, if necessary, for example if you have never been a customer of ours, we may ask for your consent before sending you communication materials or other marketing requests.

  • Protection of our rights and the rights of our customers.

 

In addition to the purposes indicated above, we may also use the data we collect through our website to:

  • Manage and improve our website

  • Customize the content of our website to allow for a more targeted experience and draw your attention to information about our services that may be of interest to you

  • Manage and respond to any request you submit through our website.

additional terms

If any part of these Privacy Policy terms is invalid or unenforceable in any jurisdiction, then (i) in that jurisdiction it shall be reinterpreted to the fullest effect permitted by law to effect its intent as closely as possible, and the remainder of these terms shall remain in full force and effect, and (ii) in any other jurisdiction, all these terms will remain in full force and effect.


We may revise the terms of this policy at any time, in our sole discretion and in accordance with applicable law, by posting such changes on the Privacy Policy link (i.e. this webpage you are currently viewing) or elsewhere on this website. Site. Such revisions will be effective upon publication, unless explicitly stated by us. Your continued use of this website after the changes constitutes your agreement to the revised Privacy Policy.

bottom of page