What it is LGPD?
Lei Geral de Proteção de Dados Brasileira - Lei 13.709/2018 (General Data Protection Act), is in full force since August/2020 and creates obligations for companies that deal with personal data for commercial purposes. It is a law based on the GDPR (European Data Protection), but less restricted. Its purpose is to provide greater transparency to the data subject about how their data is processed.
- Joint Controller - Company that controls Personal Data together with one or more Controllers.
- Anonymized Data: data that can not be identified as a specific person.
- Controller: Person or Company who is responsible to decisions regarding Data Protection.
- Operator: Person or Company that is responsible for the data processing on behalf of the Controller.
- Data Protection Officer (DPO): person indicated by the Controller to intermediate the communication between the Controller, the data subject, and government.
- Data Subject: person to whom the personal data belong to.
Who will guarantee that companies are complying with the LGPD?
ANPD ( National Data Protection Agency), an Agency yet to be created, and initially will belong to the Brazilian Casa Civil. The Ministério Público (D.A. Office) will also supervise if the companies are complying and act in the Data Protection.
What is considered personal data?
Every data that can identify someone else, such as name, ID, social number, emails, address, etc.
What is considered sensitive data?
Sensible data are data of racial or ethnic origin, religion, political or philosophical opinion, Union or other religious organization membership, data relating to health or sex life, genetic or biometric data when linked to a natural person. Rock does not gather this informations from customers, Leads, MQL, or any other person.
What personal data does Rock collect?
- Employees: full name, ID, social number, voter registration, full address, email, birth date, parent’s names, bank account, College degree, etc.
- Customers/Leads: Name, e-mail, telephone number,
- Freelancers: Full name, email, profession, College degree.
For what purpose does Rock collect data?
- Employees: Rock uses this data to register the employee in governmental websites (Receita Federal, INSS, FGTS, etc) and to comply with the labor law which gives us permission and obliges us to keep this data. Rock could also share these data with third parties in order to offer benefits such as Sodexo, Health Assistance, and others.
- Customers/Leads: To provide services and for marketing purposes.
- Freelancers: For payments matters and to have a record of Rock’s vendors.
An important reminder about Freelancers is that they are vendors with a CNPJ (company), so Rock collects CNPJ number, address, company name, but those are not considered personal data by LGPD.
What role does Rock play in data processing?
Rock is a Data Controller in marketing, creating leads, customers' personal data, employees, and candidates' personal data, freelancers data, Rock OS, and URock.
Rock is an Operator when process personal data of the Customers of Rock’s customers (Controllers in that cases), as it is in Rock Stage, Rock Studio, Rock Start, ION, iClips e Live.
Rock is a Joint Controller along with customers in controlling and creating customer’s blogs.
Can the data be transferred internationally?
Yes, it is authorized by the Data Subject. This authorization goes within our Terms and Agreements.
What is the lawful basis and which does Rock use to process the data?
Is what gives permission to Rock to collect and process the data. LGPD brings 10 lawful bases and each could be applied to the different case:
- Legitimate interest
- Legal Obligation
- Execution of Public Policies
- Studies by Research Agencies
- Life Protection
- Health Care
- Credit Protection
If a Data Subject whats to revoke its consent, how it can be made?
He or she just needs to send an email to email@example.com and requests the data to be erased.
Where can I find more information about Rock's Legal Terms and Policies?
Does Rock collect data without a lawful basis?