Data protection and Law No. 13.709/2018
Brazil, following the trend of other countries, promulgated, in 2018, the so-called General Law on Personal Data Protection (LGPD).
Inspired by the General Data Protection Regulation (GDPR), Brazilian law seeks to preserve individual rights by providing for the collection, use, and disposal of personal data.
The art. 1 of the law makes clear the purpose of the new rule: "to protect the fundamental rights of liberty and privacy and the free development of the personality of the natural person." In art. 5º important concepts for the correct understanding and application of the law are exposed, highlighting, regarding the activity performed by Contato Seguro, the following:
- Personal data: information related to identified and identifiable natural person.
- Sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, union or religious, philosophical or political organization membership, , health or sexual life data, genetic or biometric data, when linked to a natural person.
- Anonymous data: data relating to a holder that cannot be identified, considering the use of reasonable technical means available at the time of processing.
You can access the full LGPD by clicking here.
Data Protection and Contato Seguro
In this context, it is important to clarify that Contato Seguro always allows the complainant to remain anonymous, with regard to the registration of complaints.. This is a fundamental issue, especially since the facts reported by the complainants are often very sensitive. Anonymity, therefore, aims to ensure the user the peace of mind and security necessary for reporting information.
However, there are situations in which the user himself chooses to be identified. And even in these cases, the reported information is treated with the necessary confidentiality.
In addition to the Reporting Channel, Contacto Seguro provides other communication channels (Data Protection, Ombudsman and others) in which identification can be, depending on the format, required by the owner of the channel, with the aim of even allowing the due steps.
All data obtained by Contato Seguro are revealed by the complainant himself, consensually, respecting, therefore, their privacy and privacy.
Contato Seguro professionals are trained and oriented to always maintain professional secrecy, never compromising the identity and privacy of the individual.
It is important to note that the complainant is only asked for data related to the specific purpose of the report. This means that data that is not relevant to the report is neither requested nor recorded. Contato Seguro is concerned with questioning the information strictly necessary for a good understanding of the reported issue, in order to enable the resolution of the reported problem. But it is the whistleblower who decides whether or not to share this information.
In case you have any questions or comments, or if you would like access to more information about the treatment of your personal data, please send an email to our DPO Mateus Haas, e-mail firstname.lastname@example.org.
Am I required to identify myself?
It will depend on the type of registration to be carried out. The reporting channels do not oblige, under any circumstances, the user to identify himself. On the contrary, Contacto Seguro always offers the option of anonymity, considering that this option can be fundamental for obtaining information on sensitive cases.
On the other hand, there are communication channels whose identification is necessary so that the person in charge can take the necessary steps and even be able to resolve the applicants' requests. This is the case, for example, with data protection channels.
What information is important?
The importance of information is related to the nature of the report and the problem resolution.
The more information available about the reported problem, the more likely it is that the situation will be correctly identified, investigated and resolved. However, it is always the whistleblower who decides what information to share.
No information or data is obtained without the complainant agreeing to provide it. The user must be comfortable to share.
Who will have access to my report and the personal data you provided?
Two groups of people will have access to the information provided by the complainant: Contato Seguro employees and contracting company employees.
Contato Seguro receives the information from the complainant, prepares a report and sends it to specific employees of the contracting company, always paying attention to the possible involvement of any of these employees in the reported fact, in which case that person will not receive the report.
Contato Seguro employees who have access to information are limited to those strictly necessary for the proper transit of information, all being committed to the confidentiality of data, including contractual obligations. The same procedure must be followed by the contracting company.
What are the user rights?
The user is assured of respect for three fundamental rights: freedom, privacy and free development of personality.
As a result of these three fundamental rights, and considering the provisions of art. 18 of Law 13.709 / 2018, the user is also guaranteed:
- confirmation the treatment existence;
- access to data;
- correction of incomplete, inaccurate or outdated data;
- anonymization, blocking or deletion of unnecessary, excessive or treated data in violation of the provisions of this Law;
- data portability to another service or product provider, upon express request, in accordance with national authority regulations, in compliance with commercial and industrial secrets;
- deletion of personal data processed with the holder consent, except in the cases provided in art. 16 of this Law;
- information on public and private entities with which the controller made shared use of data;
- information about the possibility of not giving consent and about the consequences of the refusal;
- consent revocation, pursuant to § 5 of art. 8 of this Law.
Contato Seguro therefore ensures the transparency of the entire process, enabling the rectification and correction of data, as well as their eventual deletion. That is, the user is the data owner.
What are the user's duties when using the Contact Safe service?
The user is expected to always act in good faith. The data and information provided must be true as well as lawfully obtained.
Will Contato Seguro share user-provided data?
Contato Seguro does not share, sell, loan, distribute or exchange the personal data of its users or other information provided to them.
All data and information provided by users are used for the sole and specific purpose of investigating the report made. The use, therefore, is exclusively linked to the activity for which Contato Seguro is proposed.
How long is the data and information kept by Contato Seguro?
The information is kept permanently in the Contato Seguro database, except in cases where the complainant requests the removal of his/her personal data. In this case, the user's personal data is removed and cannot be recovered.
How does Contato Seguro protect user-provided data and information?
Information security is fundamental to the protection of sensitive information and data that whistleblowers entrust to Contato Seguro's employees and systems. Therefore, any sensitive information provided by a user must be stored and trafficked in encrypted form. This way, only with private key’s possession it is possible to recover the original content of this encrypted data.
If you have any questions, please contact us here.
Can the complainant request the removal of personal data from reports?
Yes. There are two ways to make the request:
- Through the complaint protocol:
The user must access the protocol query area through the protocol of their report and follow the "personal data removal" functionality instructions.
- Through direct contact with Contato Seguro:
The user must send an email to the address email@example.com and request the removal of their personal data in a given report. In order to certify the authenticity of the request, the user must submit a document that proves his / her identity (passport, ID, CNH, or CPF), name of the reported company and date of creation of the complaint. Contact Insurance experts will validate the truth of the request.