<

EN | PT

Consent Term
to the Use of Online Services

_________________________________________

European Union standard

 

 

 

1. - This agreement rules the processing of personal data, including their protection and movement, in the following websites and their online services: (A) alogicadarede.com.br, (B) brazilianlawinenglish.com, braziliannews.net, business.art.br, (D) deconti.adv.br, decontilaw.com, decontilaw.com.br, decontilawoffice.com, direitoepandemia.com, direitoepandemia.com.br (E) educacaoparatodos.pro.br, (F) filosofiamoral.com, (G) globobroking.com, (I) intermediadores.com, (R) rafaeldeconti.adv.br, rafaeldeconti.com, rafaeldeconti.com.br, rafaeldeconti.pro.br, rdc.adv.br, rdc.pro.br

2. - If you navigate in one or more of the above mentioned websites, and their online services, remains clearly understood that you agree, in a free and enlightened way, with the following rules, being the online navigation a Consent to the use of your personal data as estated in this Term.

2.1. - The demonstration of the consent is based on the logging of the user’s movement in our servers (syslog, auth.log, mail.log, access.log, other_vhosts_access.log, ssl_access.log), as well as other digital files, such as, but not limited to, e-mails and form structures in php language, without the prejudice of the use of other and new technologies to the demonstration of the consent.

3. - Personal data that we use in our websites and online services: IP data, and/or visited links, and/or day and hour of visit, and/or an online identifier when accessing private areas, and/or browsers info, and/or text typed by the user in
forms, online contracts, and quizzes, and/or name, and/or an identification number, and/or e- mail.

3.1. - Purposes of use: cybersecurity, marketing and branding campaigns related to the above websites and their online services, increase of user’s experience, improvement of our tech services by design based on metrics, closing deals, and compliance with a legal obligation to which the controller is subject. Scientific and commercial interests. Legal duties.

3.1.1. - If the purposes do not or do no longer require the identification of a data subject by the controller, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject.

3.2. - Special data: the consent of the clause 2 above is applied as given explicit consent to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or data concerning a natural person’s sex life or sexual orientation.

4. - Processing we make are: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, alignment or combination, restriction, erasure or destruction.

4.1. - It is part of the processing the profiling’s process, which is the use of data to analyse or predict aspects concerning personal preferences, interests, behaviour and movements on the above websites and their online services.

4.1.1. - The right to restriction of processing only applies when: the accuracy of the personal data is contested by the data subject, the processing is unlawful, the personal data is required by the data subject for the establishment, exercise or defence of legal claims, the data subject has objected to processing.

4.1.2. - The right to object the processing, be for profiling, marketing, or other purpose, is a
right of the user.

4.1.3. - The user, by this Term, accept that it is possible, in the processing, the use of automated individual decision-making, mainly, but not only, in the closing of agreements and deals.

4.2. - Storage limitation and accuracy of data: we process the data until a requirement of data exclusion made by the user to the Controller, being the accuracy of the user’s sent data of liability of this one, observing the clause 3.1.1. above, as well as the right of the user to change the given personal data,
what includes the right to rectify and erasure.

4.3. - Data sharing: we do not share data with third parties without the consent of the data’s subject, observing the possibility of third companies and persons enter into agreement with us on our marketing’s environment, what includes the use of our websites, channels and groups on social medias and mailing
lists.

4.3.1. - The data subject have the right to data portability, that is the right to transmit the personal data to another controller.

4.3.2. - The transfer of personal data to a third country or an international organisation will
take place when: (i) the data subject has explicitly consented to the proposed transfer; (ii) the
transfer is necessary for the performance of a contract between the data subject and the controller; (iii) the transfer is necessary for the establishment, exercise or defence of legal claims; (iv) and in other specific situations established in the Article 49, of the Regulation (EU) 2016/679.

5. - The Controller and Processor of the mentioned data is Rafael Augusto De Conti, legal entity enrolled at the Brazilian Federal Revenue under the CNPJ/MF 12.589.085/0001-74, with headquarter at Rua Álvares Penteado, no 185, sl. 501, Sé, São Paulo/SP, Brasil, CEP 01012-001, represented by its agent Rafael De Conti, lawyer
registered in the Brazilian Bar under the number OAB/SP no 249.808 (contact: rdc@decontilawoffice.com), observing the possibility of hire third processors, which ones shall have the same diligence and obligations of
the controller, acting those as agents of this.

5.0. - The Data Protection Officer is Mr. Rafael De Conti, above identified, being an international lawyer with expertise and knowledge of data protection law, as well as practices and the ability to fulfil this Term (juridical advisor on privacy law).

5.1. - The integrity and confidentiality of the data will be made by the availability for the user of encrypted connections on the communications with ours servers (SSL / https / SSH / STARTTLS), as well as passwords for private areas, anti-virus and backups, being these mechanisms our Data
protection by design
, taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing.

5.1.1 - The controller shall communicate any rectification or erasure of personal data or
restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

5.2. - The limits of liability shall observes that ‘personal data breach’ can be a unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or
otherwise processed, that are made by hacking attacks, cyber criminals, uncommon malwares. Also are further than the limits of liability the system’s server problem update and the codes bug
on servers softwares, being the Controller and Processor, in relation to the softwares providers, merely consumers.

5.2.1. - Users - The use of our online services by European union citizens, or persons in
European Union territory, is unlikely to result in a risk to the rights and freedoms of persons, taking into account the nature, context, scope and purposes of the processing, not being necessary designate in writing a representative in the Union.

5.2.2. - Hired Third Parties - Processing under the authority of the controller: the processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller, unless required to do so by judicial/legal obligation, observing international
agreements.

5.2.3. - The controller shall document personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken, as well as communicate the personal data breach to the data subject as soon as possible, what can be made, if the case, by a public communication or similar measure whereby the data subjects are informed in an equally effective manner. In case of data breaches it is important the action taken by the controller or processor to mitigate the eventual damage suffered by data subjects, and, always when necessary, the good cooperation with the supervisory authority, in order to remedy the infringement and mitigate the possible adverse effects of the
infringement

5.2.4. - Any effective, proved and correctly measured damage, which one is the result of direct action of the controller/processor, will be repaired, observing the right to lodge a complaint with a supervisory authority, right to an effective judicial remedy against a
supervisory authority, right to and effective judicial remedy against a controller or processor, right of data subjects to be represented collectively, right of the controller/processor to an
proportionate administrative fines.

5.2.5. - Data protection impact assessment:
- Subject: clause
a) systematic description of the envisaged processing and the purposes of the processing: 4, 3
b) necessity and proportionality of the processing operations in relation to the purposes: 3.1
c) risks to the rights and freedoms of data subjects: low
d) measures envisaged to address the risks: 5.1 3

5.3. - The data subject have the Right to Withdraw the Consent contacting the Controller and Processor such as estated above, observing that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

5.4. - The communication with the controller shall be made in the terms of clause 5 above, observing that the answer can be given, taking into account the complexity and number of the requests, until 3 months of the receipt, observing, also, that the controller can refuse to provide the request, demonstrating the manifestly unfounded or excessive character of this one.

5.4.1. - Where the controller has reasonable doubts concerning the identity of the natural person making a request on personal data, the controller may request the provision of additional information necessary to confirm the identity of the data subject.

5.4.2. - The controller shall provide a copy of the personal data undergoing processing. For
any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs, observing that the right to obtain a copy of own personal data shall not adversely affect the rights and freedoms of others, including commercial secrecy.

5.5. - The Record of processing activities under responsibility of the Controller, is constituted by the following informations:
- Subject: clause
a) the name and contact details of the controller: 5
b) the purposes of the processing: 3.1
c) a description of the categories of data subjects and of the categories of personal data: 3, 3.2.
d) the categories of recipients to whom the personal data have been or will be disclosed: 4.3
e) transfers of personal data to a third country or an international organisation: 4.3
f) envisaged time limits for erasure of the different categories of data: 4.2
g) general description of the technical and organisational security measures: 5.1

5.6. - The Categories of processing activities carried out by a processor is constituted by the following informations:
- Subject: clause
a) the name and contact details of the processor: 5
b) the categories of processing carried out on behalf of each controller: 4
c) transfers of personal data to a third country or an international organisation: 4.3
d) general description of the technical and organisational security measures: 5.1

5.7. - The Code of Conduct is constituted by the following principles:
- Subject: clause
a) fair and transparent processing: 3, 4
b) the legitimate interests pursued by controllers in specific contexts: 3.1
c) the collection of personal data: 3
d) the pseudonymisation of personal data: not necessary
e) the information provided to the public and to data subjects: this Term
f) the exercise of the rights of data subjects: 4.1, 4.2, 4.3, 5.3
g) the information provided to, and the protection of, children: no content for childrens
h) the measures and procedures to ensure security of processing: 5.1
i) the notification of personal data breaches to authorities and data subjects: 5.2.3
j) the transfer of personal data to third countries or international organisations: 4.3, 5
k) out-of-court proceedings and other dispute resolution procedures: 6

5.8. - The Binding corporate rules is related to the transfer of personal data to third countries and international organizations, and can be accessed at this link: https://deconti.adv.br/0/en/ct-ue/binding-corporate-rules

6. - Any disputes over this agreement, not solved by negotiation, shall observes as Jurisdiction the Brazilian legal system, specifically in the Civil Court of the Federative State of São Paulo, at the city of São Paulo.

6.1. - Assessment of Data Protection in Brazil (GDPR, Art. 45, 2): https://deconti.adv.br/braziliandataprotection

6.2. - We understand as the Big Principles of Data Protection: (i) try to reconcile the right to the protection of personal data with the right to freedom of expression and information; (ii) understand the right to secrecy according each context.

7. - This agreement was made intended to be in Compliance with the best tech rules, in special with: the Regulation (EU) 2016/679 (European Union General Data Protection Regulation – GDPR, https://deconti.dv.br/0/rules/eu/CELEX_32016R0679_EN_TXT.pdf or https://gdpr-info.eu/).

Summary Table
- Subject: clause
- Controller of Data: 5
- Data Protection Officer: 5
- Purposes and legal basis for processing: 3.1
- Categories of personal data: 3
- Transfer of personal data to a third parties: 4.3
- Period of Storage of the data: 4.2
- Existence of automated decision- making, including profiling: 4.1
- Existence of the right to the user change the own personal data: 4.2, 5.3
- Existence of the right to withdraw consent at any time: 5.3
- Existence of the right to withdraw without affecting the lawfulness of already processed data: 5.3
- Existence of the right to object: 4.1.2
- Existence of automated individual decision-making: 4.1.3
- Place of Data’s storage: São Paulo/São Paulo/Brazil and Montreal/Quebec/Canadá
- Jurisdiction: 6

 

________________________________________________________________________________

ver 1.1 | 28th December 2022