General Data Protection Law | Lundgaard Jensen

Privacy Policy - LGPD

Lundgaard Jensen Office

Advocacy and Consulting

Lundgaard Jensen Advocacia e Consultoria Internacional, under CNPJ nº 21.682.183/0001-42, located at Rua João Cordeiro, nº 831, Meireles neighborhood, CEP 60.110-355, Fortaleza/CE, values the privacy and protection of personal data of its employees, suppliers, partners and customers, complying with the parameters established in Law No. 13.709, of August 14, 2018, also known as the General Data Protection Law (LGPD).

This Policy aims to clarify, with transparency, the relationship with data holders, bringing some important points to the office, in order to inform which personal data is collected, in which it is used, for what it is used, with whom it is shared , how they are stored, among other issues inherent to the law.

This Privacy Policy will be updated whenever necessary and will deal with:

Concepts of the General Data Protection Law (LGPD);
What personal data is collected;
How we use your personal data;
With whom we share your personal data;
How we keep your personal data secure;
How long your personal data will be stored;
Your rights as a holder of personal data and how to exercise them;
Means of communication with the Data Protection Officer.

In order to comply with the order contained in Law No. 13.709/2018 ("General Law for the Protection of Personal Data - LGPD"), it is necessary to clarify the following legal concepts:

Personal Data: data and information obtained through online or offline means, capable of identifying or making identifiable natural persons (holder), including data that can be combined with other information to identify an individual, and/or that relate to their identity , characteristics, behavior or that influence the way it is treated or evaluated, including identifying numbers, location data or electronic identifiers.
Sensitive Data: Personal data referring to racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data referring to health or sexual life, genetic or biometric data, when linked to a natural person, or any data that, when combined with other information, may influence the way the data subject is treated, that is, may eventually give rise to some type of discriminatory practice prohibited by law.
Anonymization (as well as related terms such as anonymize, anonymized): any and all means and technical processes that are reasonable and available at the time of processing (defined below) of personal data that results in the non-identification of the holder of said personal data. Anonymized data will not be considered personal data for the purposes of applicable legislation, except when the anonymization process to which they were submitted is reversed, or when, with reasonable efforts, it can be reversed.
Treatment (as well as the related terms treat, treat): any and all operations carried out with personal data, including collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or information control, modification, communication, transfer, dissemination or extraction.
Controller: natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data, mainly in relation to the determination of the purposes and means of processing personal data.
Operator: natural or legal person, public or private, who processes personal data on behalf of the Controller.
Legal basis: legal hypotheses that authorize the processing of personal data, as listed in Law No. 13.709/2018.

If, after reading our policy, you do not understand or do not agree with any point, please contact us by email: dpo@lundgaardjensen.com.

Office performance, according to the LGPD:

In the present case and in general, the Lundgaard Jensen Office will act as controller of the personal data to which it has access, determining the purposes and means of treatment with its partners, who will be considered as operators of personal data.

What personal data is collected by the Lundgaard Jensen Office and for what purposes it is used.

The Firm processes the personal data of its clients and partners and, according to the mapping prepared in February/2023, the personal data and purposes are indicated below:

Name, CPF, passport, residential address, e-mail for billing and payment purposes of client companies;
Name, nationality, CPF, residential address, e-mail, telephone, for the purposes of initiating judicial and administrative proceedings;
Name, nationality, CPF, residential address, e-mail, telephone, passport, for the purposes of opening demands and drafting commercial contracts;
Name, CPF, RG, address, passport for the purpose of drawing up contracts for client properties and related demands;
Passport, birth certificate, CPF, address, for the purpose of opening a business and opening a CPF, at the request of the customer;
Criminal background, birth certificate, marriage certificate, personal documents, for visa application purposes.

Said personal data are processed by the Office with the aim of executing legal powers or fulfilling legal and contractual attributions.

Why do we ask for your data?

Data is needed to:

elaboration of contracts;
enable communication with data subjects;
comply with legal obligations;
identification of the client when dealing with the Firm;
team management;
administrative and management purposes;
fulfill contractual obligations.

Where do we store and with whom do we share the data?

Personal data is stored, for the most part, on a digital network equipped with antivirus bases and programs for data protection, and another part of the data is stored in physical media, in a closed file and with security.

Data sharing is carried out under the guidelines and limits of the General Data Protection Law (LGPD), with the Firm having protection and secrecy clauses added to contracts and signed by suppliers, partners and employees, in order to bind them to them. regulations and being aware of the responsibility in the event of damage, loss, misplacement, commissive or omissive conduct and unlawful acts to the detriment of the shared and processed data.

What are the rights of holders of personal data and how to use them?

According to the General Data Protection Law (LGPD), holders of personal data collected by the Lundgaard Jensen Office have the following rights:

Data disposal request;
Confirmation of data;
Access to data;
Data correction;
Opposition to collected data.

The holder may request the disposal of their data collected and stored in the Office, when unnecessary, excessive or treated in non-compliance with the LGPD. The disposal may be partial or total, that is, the disposal may be carried out for certain data or for all data collected by the company.

It should be noted that, for data processed pursuant to legal and/or contractual obligations, the no office may carry out the disposal, exception made possible by the General Data Protection Law (LGPD). The custody of said documents will occur for the time described by law or contract.

The holder may confirm and access the data collected; may request correction of your personal data, always as a way of keeping your registration up to date; can oppose to the processing of personal data, pursuant to art. 18, second paragraph, of Law nº 13.709/2018 – LGPD, when consent is waived by the holder.

Finally, the holder may request the portability of your data to another service or product provider.

All requests above must be forwarded to the person in charge of the Firm's personal data, by email: dpo@lundgaardjensen.com, upon express request from the holder or legally constituted representative to the processing agent. If immediate assistance is not possible, a response will be sent to the holder in which it will be possible to:

communicate that you are not a data processing agent and indicate, whenever possible, the agent; or
indicate the factual or legal reasons that prevent the immediate adoption of the measure.

Security measures applied by the Office

The Office uses the best security protocols, as a way to preserve the privacy of the holders' personal data, as well as recommending individual protection measures.

It should be noted that the Firm's contracting employees sign terms of confidentiality and secrecy of the information and data processed, as well as being instructed in the correct handling of documents.

Furthermore, the Firm has an outsourced IT professional, to assist in more urgent cases and with specific knowledge of technology.

In addition, the Firm has a Code of Conduct, Information Policy, Data Removal and Disposal Policy and Privacy Policy that guide the activities of all employees.

Suggestions on how to keep your data and information safe

In order to maintain the security and protection of your personal data provided in the registration or when contracting the services, we suggest communication through commercial and corporate channels only, avoiding personal contacts and forwarding data of third parties improperly and without consent. .

Office emails end at @lundgaardjensen.com. It is essential, therefore, to pay attention to the emails sent and whether, in fact, they are emails with a true identity.

We suggest that employees use passwords with uppercase and lowercase letters, symbols and numbers, in order to make passwords more secure. Avoid sharing with multiple people in the company and avoid saving passwords in an easily accessible location.

How long will personal data be stored

The processing of personal data is carried out for as long as necessary to carry out the activities, which are removed when the deadlines established by law and in the contract have passed. Below are deadlines established for the Environmental Sector. In case of doubt, refer to the Office Document Retention and Disposal Policy.

Sector	Document Description	Retention Period	Legislation
ENVIRONMENTAL	Licensing documentation	10 years	CONAMA Resolution No. 237/1997
ENVIRONMENTAL	Building permit	10 years, after the end of the contract with the customer.	Civil Code
ENVIRONMENTAL	Application for business license	As long as the customer is (preventive and non-mandatory time)	------
Financial Management	account opening forms	10 years, after the end of the contract with the customer.	Civil Code
Financial Management	Request for Reports or Sisbacen Registration (PJ) - Central Bank of Brazil	10 years, after the end of the contract with the customer.	Civil Code
Financial Management	Invoice (supplier, fixed assets and sale of fixed assets)	5 years	Law 5.172. art 173 National Tax Code
Financial Management	Exit Invoice	10 years	Law 8.212 art 46 Organic Law of Social Security
Financial Management	Reimbursement Requests	Once Finalized by the customer, there is no longer any specific purpose for keeping the document	------
PERSONAL DEPARTMENT	Admission/Hiring Documents	5 years	CLT
PERSONAL DEPARTMENT	Documents related to the employee's FGTS	30 years	Law 8.036 / 90
ACCOUNTING	Individual Income Tax Return	5 or 6 years	Civil Code
ACCOUNTING	Individual Income Tax Return	10 years	Law 8.212 art 33
ACCOUNTING	Cofins	10 years	Law 8.212 art 33
ACCOUNTING	PIS - Collection	10 years	Law 2.052 art 3 and 10 PIS-PASEP
ACCOUNTING	Damef (Annual Declaration of Economic and Fiscal Movement)	5 years	Law 5.172 art 173, National Tax Code
ACCOUNTING	Water, Electricity and Telephone Bills	5 years	Law 5.172 art 173, National Tax Code
CORPORATE AND OTHERS	Social Contract and Addendum	10 years	Civil Code
CORPORATE AND OTHERS	Deed of Purchase and Sale	As long as the customer is (preventive and non-mandatory time)	------
CORPORATE	Application for Municipal Registration/Application for Miscellaneous IPTU Requests	As long as the customer is (preventive and non-mandatory time)	------
CORPORATE AND OTHERS	Property Valuation Request	As long as the customer is (preventive and non-mandatory time)	------
LITIGATION	Documentation related to Judicial and Administrative Proceedings	10 years	Civil Code
COMMERCIAL	Customer Form	As long as the customer is	LGPD, article 7, V
COMMERCIAL	Personal Documents (CPF, RG, Passport, Proof of Residence, etc.)	As long as the customer is	LGPD, article 7, V
REAL ESTATE	Public deed	As long as the customer is (preventive and non-mandatory time)	------
REAL ESTATE	Contracts	10 years	Civil Code
RECEPTION/CAMILA	Lease Agreements	10 years	Civil Code
MIGRATORY	Personal Documents (CPF, RG, Passport, Proof of Residence, etc.)	As long as the customer is	LGPD, article 7, V
MIGRATORY	CPF opening request	As long as the customer is	LGPD, article 7, V
MIGRATORY	Investment plan	As long as the customer is	LGPD, article 7, V
MIGRATORY	Criminal Background (sensitive)	For the specific activity that requests the certificate. Afterwards, remove.	LGPD, article 11
MIGRATORY	Exchange Contract, when PF	As long as the customer is (preventive and non-mandatory time)	------

Term of this Privacy Policy

The Office seeks to improve the experience of its partners, customers and employees, applying changes to the policy, with the inclusion of new features, services and other updates that may be necessary, always maintaining transparency and this policy updated.

Future changes to this policy that may occur will be informed on the website, if applicable. Notwithstanding this, we recommend that our partners, customers and employees always keep up to date with our policy.

Contact channel/Data Manager

To deal with matters related to the Privacy Policy, the Lundgaard Jensen Office provides direct contact with the person in charge of the data, by email: dpo@lundgaardjensen.com.

Legislation and forum.

This policy will be governed, interpreted and enforced in accordance with the Laws of the Federative Republic of Brazil, especially Law No. 13.709/2018, regardless of the laws of other states or countries, with the jurisdiction of the domicile of the controller of the personal data being competent to resolve any questions arising from this document.