This Policy on Privacy and Use of Cookies sets forth how Trench Rossi e Watanabe Advogados (the “Firm”) handles, collects, uses, shares and otherwise processes Personal Data (as defined below) on:

• Visitors to our websites, mobile applications and on-line devices (each a “Website”)
• Contact persons at our clients and/or prospects
• Contact persons at suppliers of goods and services to the Firm
• Any other persons on whom the Firm may obtain Personal Data

In this Policy on Privacy and Use of Cookies, “Personal Data” means information that either separately or in conjunction with other information held by the Firm allows you to be identified as an individual or otherwise directly or indirectly recognized.

Overview

Except as we may specifically state otherwise, the Firm is the controller of the Personal Data we process and is therefore responsible for ensuring the systems and processes we use are in compliance with the data protection laws, particularly Law No. 13.709/2018 (“General Data Protection Law,” or “LGPD”), to the extent applicable to us.

All employees of the Firm are required to comply with this Policy on Privacy and Use of Cookies and the Firm’s related policies when handling Personal Data and must also complete the training in data protection, where appropriate for the relevant roles.

Summary of Key Points

Collection	We collect Personal Data from various sources in connection with the day-to-day management of our business and our commercial relationships.
Use	We use Personal Data to provide our services and to answer inquiries, manage accounts and carry out financial transactions, provide relevant marketing material and meet other professional and compliance goals.
Sharing	We share Personal Data as needed to provide our services and answer requests, as well as to meet other professional and compliance goals.
Marketing Options	You have control over how we use your Personal Data for marketing purposes.
Cookies	We use cookies on our Sites and provide cookie usage options.
Data Subject Rights	You have the right to request access to or correction or deletion of, to object or to take other actions in connection with your Personal Data, as set forth in the applicable laws.
Data Security	We have technical and organizational measures in place to protect Personal Data from loss, misuse, change or unintentional destruction of Personal Data.
Other Issues	We provide in this Policy on Privacy and Use of Cookies other information on: (i) potential consequences of not providing Personal Data; (ii) how we are not involved in any automated decision-making having material effects on individuals; (iii) how we deal with do-not-track (DNT) signals; (iv) data retention; (v) links to third-party sites; (vi) employee and contractor issues; and (vii) changes to this Policy on Privacy and Use of Cookies.
Contact Us	If you have any questions, contact us via: encarregado@trenchrossi.com.



Personal Data Collection

We collect the following categories of Personal Data on visitors to the Website, clients, prospects, suppliers and other third parties:

• Basic Data: Name, gender, title, organization, professional responsibilities, telephone number, mail address, email address, contact details and information on family life (excluding special data categories), including family, children, hobbies and interests.
• Special Data Categories: Under limited circumstances where you have given us information as needed for a specific service we may be providing to you: religion or beliefs, racial or ethnic origin, sexual orientation, health information, and union membership details.
• Record Data: Requests for newsletters, registration in events/seminars, food preferences (excluding special data categories), subscriptions, downloads and usernames/passwords.
• Customer Service Data: Personal Data received from clients concerning employees, clients or other individuals known to clients, billing details, and client payment and feedback history.
• Marketing Data: Data on individual attendance at in-person conferences and seminars, credentials, associations, product interests and preferences.
• Transaction Data: Personal data contained in documents, mail or other materials provided or related to transactions carried out by our clients.
• Compliance Data: Governmental identifiers, passports or other identification documents, dates of birth, beneficial ownership data and due diligence data.
• Job Applicant Data: Data provided by job applicants or others on our Websites or off-line media concerning job opportunities, which can also be subject to an additional material local recruitment privacy policy.
• Device Data: Internet Protocol (IP) address of computers, unique device identifiers (UDID), cookies and other data related to devices, as well as our Website usage data (Usage Data).

We collect Personal Data from a series of sources, directly from the data subjects or from clients, peers and publicly available sources. When the Firm receives from our clients data on employees, clients or other individuals, those clients are responsible from ensuring that data is transferred to us in compliance with the applicable data protection laws.

Use of Personal Data

The purposes for which we use Personal Data and the legal basis for that data processing are as follows:

• To provide legal advice and answer inquiries, we use basic data, record data, customer service data and device data. We need to process your information that way in order to meet our obligations under our agreements with our clients.
• To manage our business operations and our relationships with clients, we use basic data, special data categories, record data, marketing data and customer service data. We need to process these data so we can meet our obligations under our agreement with our clients (for example, issuing and processing invoices) and suppliers (for example, managing the supply of goods and services to the Firm).
• To make our Websites more intuitive and easier to use, we process device data. These are needed to serve our lawful interests as we monitor how our Websites are used to help us improve their layout and the information available from our Websites and provide a better service to users of our Websites.
• To protect the security and effective operation of our Websites and information technology systems, we use basic data, record data, transaction data and device data. These are needed to serve our lawful interests as we monitor how our Websites are used to detect and prevent fraud or other crimes on or any misuse of our Websites. They help us ensure you can use our Websites securely.
• To provide relevant marketing material, like providing you with information on events and services you may be interested in, including legal services, legal updates, conferences with clients or networking events and specific interest groups (for example, specific types of networking groups), we use marketing data, basic data, special data categories, record data, customer service data and device data. These are needed to serve our lawful interests as we process that information in order to provide you with suitable and relevant marketing material, updates and invitations.
• To meet our legal and compliance obligations, such as complying with the Firm’s tax return obligations, verifying the identity of new clients, and preventing money laundering and/or fraud, we use compliance data, basic data, record data, transaction data and device data. We need to process these data to comply with the legal requirements to which we are subject.
• To consider individuals for employment and contract opportunities and manage onboarding procedures, we use job applicant data and compliance data. We need to process these data for recruitment and onboarding purposes and to comply with the legal obligations to which we are subject, and they may be subject to a material local recruitment privacy policy.

Personal Data Sharing

We may share Personal Data with the following recipient categories:

• Ablfs McKfnzif network law firms: Under an operational cooperation agreement, Trench Rossi Watanabe is a member of the Ablfs McKfnzif International network, a Swiss-based Verein with member law firms and affiliates all over the world (including global services in Belfast, Buenos Aires, Chicago, Manila, and Tampa). Each member law firm can share Personal Data with other member law firms and affiliates to provide legal services involving foreign laws or otherwise as needed for the aforementioned purposes.
• Suppliers and service providers: We share Personal Data with suppliers and service providers to enable them to perform their duties on our behalf and as instructed by us, with a view to serving the purposes named above. They include infrastructure and IT service providers—for example, the providers of our client attraction system, our financial systems and our client relationship management databases, third-party advisors supporting us in connection with business and marketing campaign analyses, and local external suppliers where we host conferences and events. We contractually require these parties to provide reasonable security to us for Personal Data and to use and process those Personal Data only on our behalf.
• Financial institutions: We share with financial institutions Personal Data related to invoicing and payments.
• Corporate purchasers: We can share Personal Data with any corporate purchaser or prospective client, to the extent permitted by law, as part of any merger, acquisition, sale of assets of the Firm or service transition to another provider, as well as in the event of insolvency, bankruptcy or reorganization where Personal Data would be transferred as an asset of the Firm.
• Mandatory disclosures and litigation: We share Personal Data in order to meet the Firm’s tax obligations, to comply with any subpoena, court order or other legal proceedings, to reply to any request from our regulatory bodies or any governmental request or to meet any other applicable legal requirement. We also share Personal Data to assert or protect our legal rights, assets or security or the rights, assets or security of third parties or for our defense defend in any litigation.

If you have any questions about the parties with which we share Personal Data, please contact us.

Marketing Options

You have control over our use of your Personal Data for direct marketing. In certain markets, you will need to give your express consent before receiving marketing material. In other markets, you can opt not to receive those messages at any time. If you no longer wish to receive marketing messages, stay on a direct mailing list you previously subscribed for or receive any other marketing messages, follow the relevant message subscription cancellation link or contact us as indicated below.

Cookies

We use and hire certain providers to use cookies, web beacons and similar tracking technologies (collectively, “cookies”) on our Websites.

What are cookies?

Cookies are small blocks of data that are stored on your browser or device or on a website you are using. Some cookies are removed when you close your browser, while other cookies are retained even after you close your browser so you can be recognized when you go back to a website.

How do we use cookies?

We use cookies and allow certain third parties to put cookies on our Websites in order to provide our Websites and services, to collect information on your usage patterns as you browse the Websites, to improve your customized experience and to understand usage patterns so we can improve our Websites, products and services.

Cookies on our Websites usually break down into the following categories:

• Operational Cookies: These are needed for operating our Websites. They include, for example, cookies that allow you to log into secure areas. These cookies are session cookies, which are deleted when you close your browser.
• Analytical/Performance Cookies: They allow us to recognize and count the number of users on our Websites and to understand how those users browse our Websites. They help to improve the operation of our Websites by, for example, ensuring users can easily find what they are looking for. These cookies are session cookies, which are deleted when you close your browser. We use Google Analytics, and you can look up how to control the use of cookies through Google Analytics.
• Functional Cookies: They improve the functional performance of our Websites and make them easy for you to use. For example, these cookies are used to remind you that you have been to the Websites before and asked to stay connected to them. These cookies are known as persistent cookies because they are stored on your device so we can use them during a future visit to our Websites. You can delete these cookies in your browser settings.
• Cookie Pop-ups: We use a cookie to determine whether you have read our pop-up consent to cookies and to ensure we don’t show it again when you ignore it.

What are your options if you do not want cookies installed on your computer?
You can review the settings of your Internet browser, usually in the “Help” or “Internet Options” section, to exercise your right to choose certain cookies. If you disable or delete certain cookies in your Internet browser settings, you may not be able to access or use important functions or resources of those Websites, and you may be asked to reenter your login information. 

Data Subject Rights

Concerning your Personal Data, you have the following rights:

• Confirmation: You have the right to confirm the existence of processing of your Personal Data by Trench Rossi Watanabe,
• Access: Subject to certain exceptions, you have the right to request a copy of the Personal Data we are processing about you, which we will provide to you electronically.
• Rectification: You have the right to demand the correction of any outdated, incomplete, or inaccurate Personal Data that we process about you.
• Anonymization: You have the right to request the anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in violation of the LGPD.
• Exclusion: You have the right to request the deletion of your Personal Data processed based on your consent unless we are required to retain such data, in order to comply with a legal obligation or to establish, exercise, or file defenses in legal proceedings.
• Portability: You have the right to request the portability of the Personal Data we hold about you to another data controller when they are:
  • personal information that you have provided to us; and
  • we are processing such data based on your consent, or in order to fulfill our contractual obligations to you (such as providing legal services).
• Objection: Where the legal basis for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing based on your specific situation. We will comply with your request unless we have compelling legitimate grounds for the processing that override your interests and rights, or if we need to further process the data in order to establish, exercise, or defend a legal claim.
• Sharing: You have the right to request information from the public and private entities with which we share your Personal Data.
• Possibility to not provide your consent: You have the right to request information about the possibility of not providing your consent to the processing of your Personal Data and the consequences thereof.
• Withdrawal of Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. This right includes cases where you wish to opt out of receiving marketing messages from us. 

You also have the right to complain with the National Data Protection Authority (“ANPD”) if you believe that we have not complied with applicable data protection laws

Data Security

We implement technical and organizational measures to safeguard Personal Data under our custody and control. These measures include:

• restrict access to Personal Data only to employees and service providers on a need-to-know basis;
• a formal Information Security Management System (ISMS), aligned with ISO/IEC 27001:2013 and ISO/IEC 27002:2013. The ISMS is a comprehensive set of policies and procedures for deploying, managing, and securing the Firm’s Information Technology infrastructure; using a thorough defense approach to protecting the Firm and clients’ internal data. 

Despite our efforts to always protect our systems, websites, operations, and information from unauthorized access, use, modification, and disclosure, given the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, whether during transmission or while stored on our systems, will be totally protected from intrusion by third parties.

You also play an important role in protecting Personal Data. You should not share any usernames, passwords, or other authentication data provided to you with anyone, and we recommend that you do not reuse passwords on more than one website or application. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.

Other Issues

1. What are the consequences of not providing Personal Data?
   You are not obliged to provide all of the Personal Data identified in this Policy on Privacy and Use of Cookies in order to use our Sites or to interact with us offline, but certain functionalities will not be available to you if you do not provide Personal Data. If you do not provide Personal Data, we may not be able to respond to your request, provide legal services to you, or provide you with marketing material that we believe may be valuable to you.   
2. Do we participate in automated decision-making without human intervention?
   We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects on you or that significantly affects you.
3. Does the Website comply with do not track signals (“DNT”) sent by browsers?
   Given the divergent practices of organizations offering browsers and the lack of a standard in the market, we generally do not respond to DNT signals at this moment.
4. For how long do we keep Personal Data?
   We will generally retain Personal Data related to marketing activities for as long as you accept marketing communications from us and, upon request, we will securely delete such data under applicable law. For Personal Data that we collect and process for other purposes, we will generally retain such Personal Data for as long as necessary in order to fulfill the purposes described in this Policy on Privacy and Use of Cookies, and as otherwise specified in applicable record retention policies and procedures.
5. Are third-party websites governed by this Policy on Privacy and Use of Cookies?
   The Websites may contain links and references to other websites administered by unaffiliated third parties. This Policy on Privacy and Use of Cookies does not apply to these third-party websites. When you click on a link to visit a third-party website, you will be subject to the privacy practices of that website. We recommend that you familiarize yourself with the privacy and security practices of any linked third-party websites before providing any Personal Data on that website.
6. How does the Firm address employee and contractors’ privacy issues?
   Personal Data about our employees and contractors are processed through the Firm’s internal policies and procedures and are outside the scope of this Policy on Privacy and Use of Cookies.
7. How will we address any changes to this Policy on Privacy and Use of Cookies?
   We may update this Policy on Privacy and Use of Cookies from time to time, as our services and privacy practices change or as required by law. The effective date of our Policy on Privacy and Use of Cookies is posted below, and we encourage you to periodically visit our Websites to stay informed about our privacy practices. We will post the updated version of our Policy on Privacy and Use of Cookies on our Websites, and ask your consent to the changes if required by law.

Contact Us

If you have questions or comments about this Policy on Privacy and Use of Cookies or our privacy practices, please contact our Data Protection Officer at encarregado@trenchrossi.com 

Version 03 of October 07, 2021.