- Visitors to our websites, mobile applications and on-line devices (each a “Website”)
- Contact persons at our clients and/or prospects
- Contact persons at suppliers of goods and services to the Firm
- Any other persons on whom the Firm may obtain Personal Data
Except as we may specifically state otherwise, the Firm is the controller of the Personal Data we process and is therefore responsible for ensuring the systems and processes we use are in compliance with the data protection laws, particularly Law No. 13.709/2018 (“General Data Protection Law,” or “LGPD”), to the extent applicable to us.
Summary of Key Points
|Collection||We collect Personal Data from various sources in connection with the day-to-day management of our business and our commercial relationships.|
|Use||We use Personal Data to provide our services and to answer inquiries, manage accounts and carry out financial transactions, provide relevant marketing material and meet other professional and compliance goals.|
|Sharing||We share Personal Data as needed to provide our services and answer requests, as well as to meet other professional and compliance goals.|
|Marketing Options||You have control over how we use your Personal Data for marketing purposes.|
|Data Subject Rights||You have the right to request access to or correction or deletion of, to object or to take other actions in connection with your Personal Data, as set forth in the applicable laws.|
|Data Security||We have technical and organizational measures in place to protect Personal Data from loss, misuse, change or unintentional destruction of Personal Data.|
|Contact Us||If you have any questions, contact us via: firstname.lastname@example.org.|
Personal Data Collection
We collect the following categories of Personal Data on visitors to the Website, clients, prospects, suppliers and other third parties:
- Basic Data: Name, gender, title, organization, professional responsibilities, telephone number, mail address, email address, contact details and information on family life (excluding special data categories), including family, children, hobbies and interests.
- Special Data Categories: Under limited circumstances where you have given us information as needed for a specific service we may be providing to you: religion or beliefs, racial or ethnic origin, sexual orientation, health information, and union membership details.
- Record Data: Requests for newsletters, registration in events/seminars, food preferences (excluding special data categories), subscriptions, downloads and usernames/passwords.
- Customer Service Data: Personal Data received from clients concerning employees, clients or other individuals known to clients, billing details, and client payment and feedback history.
- Marketing Data: Data on individual attendance at in-person conferences and seminars, credentials, associations, product interests and preferences.
- Transaction Data: Personal data contained in documents, mail or other materials provided or related to transactions carried out by our clients.
- Compliance Data: Governmental identifiers, passports or other identification documents, dates of birth, beneficial ownership data and due diligence data.
- Device Data: Internet Protocol (IP) address of computers, unique device identifiers (UDID), cookies and other data related to devices, as well as our Website usage data (Usage Data).
We collect Personal Data from a series of sources, directly from the data subjects or from clients, peers and publicly available sources. When the Firm receives from our clients data on employees, clients or other individuals, those clients are responsible from ensuring that data is transferred to us in compliance with the applicable data protection laws.
Use of Personal Data
The purposes for which we use Personal Data and the legal basis for that data processing are as follows:
- To provide legal advice and answer inquiries, we use basic data, record data, customer service data and device data. We need to process your information that way in order to meet our obligations under our agreements with our clients.
- To manage our business operations and our relationships with clients, we use basic data, special data categories, record data, marketing data and customer service data. We need to process these data so we can meet our obligations under our agreement with our clients (for example, issuing and processing invoices) and suppliers (for example, managing the supply of goods and services to the Firm).
- To make our Websites more intuitive and easier to use, we process device data. These are needed to serve our lawful interests as we monitor how our Websites are used to help us improve their layout and the information available from our Websites and provide a better service to users of our Websites.
- To protect the security and effective operation of our Websites and information technology systems, we use basic data, record data, transaction data and device data. These are needed to serve our lawful interests as we monitor how our Websites are used to detect and prevent fraud or other crimes on or any misuse of our Websites. They help us ensure you can use our Websites securely.
- To provide relevant marketing material, like providing you with information on events and services you may be interested in, including legal services, legal updates, conferences with clients or networking events and specific interest groups (for example, specific types of networking groups), we use marketing data, basic data, special data categories, record data, customer service data and device data. These are needed to serve our lawful interests as we process that information in order to provide you with suitable and relevant marketing material, updates and invitations.
- To meet our legal and compliance obligations, such as complying with the Firm’s tax return obligations, verifying the identity of new clients, and preventing money laundering and/or fraud, we use compliance data, basic data, record data, transaction data and device data. We need to process these data to comply with the legal requirements to which we are subject.
Personal Data Sharing
We may share Personal Data with the following recipient categories:
- Baker McKenzie network law firms: Under an operational cooperation agreement, Trench Rossi Watanabe is a member of the Baker McKenzie International network, a Swiss-based Verein with member law firms and affiliates all over the world (including global services in Belfast, Buenos Aires, Chicago, Manila, and Tampa). Each member law firm can share Personal Data with other member law firms and affiliates to provide legal services involving foreign laws or otherwise as needed for the aforementioned purposes.
- Suppliers and service providers: We share Personal Data with suppliers and service providers to enable them to perform their duties on our behalf and as instructed by us, with a view to serving the purposes named above. They include infrastructure and IT service providers—for example, the providers of our client attraction system, our financial systems and our client relationship management databases, third-party advisors supporting us in connection with business and marketing campaign analyses, and local external suppliers where we host conferences and events. We contractually require these parties to provide reasonable security to us for Personal Data and to use and process those Personal Data only on our behalf.
- Financial institutions: We share with financial institutions Personal Data related to invoicing and payments.
- Corporate purchasers: We can share Personal Data with any corporate purchaser or prospective client, to the extent permitted by law, as part of any merger, acquisition, sale of assets of the Firm or service transition to another provider, as well as in the event of insolvency, bankruptcy or reorganization where Personal Data would be transferred as an asset of the Firm.
- Mandatory disclosures and litigation: We share Personal Data in order to meet the Firm’s tax obligations, to comply with any subpoena, court order or other legal proceedings, to reply to any request from our regulatory bodies or any governmental request or to meet any other applicable legal requirement. We also share Personal Data to assert or protect our legal rights, assets or security or the rights, assets or security of third parties or for our defense defend in any litigation.
If you have any questions about the parties with which we share Personal Data, please contact us.
You have control over our use of your Personal Data for direct marketing. In certain markets, you will need to give your express consent before receiving marketing material. In other markets, you can opt not to receive those messages at any time. If you no longer wish to receive marketing messages, stay on a direct mailing list you previously subscribed for or receive any other marketing messages, follow the relevant message subscription cancellation link or contact us as indicated below.
What are cookies?
Cookies are small blocks of data that are stored on your browser or device or on a website you are using. Some cookies are removed when you close your browser, while other cookies are retained even after you close your browser so you can be recognized when you go back to a website.
Cookies on our Websites usually break down into the following categories:
- Operational Cookies: These are needed for operating our Websites. They include, for example, cookies that allow you to log into secure areas. These cookies are session cookies, which are deleted when you close your browser.
- Functional Cookies: They improve the functional performance of our Websites and make them easy for you to use. For example, these cookies are used to remind you that you have been to the Websites before and asked to stay connected to them. These cookies are known as persistent cookies because they are stored on your device so we can use them during a future visit to our Websites. You can delete these cookies in your browser settings.
- Cookie Pop-ups: We use a cookie to determine whether you have read our pop-up consent to cookies and to ensure we don’t show it again when you ignore it.
What are your options if you do not want cookies installed on your computer?
You can review the settings of your Internet browser, usually in the “Help” or “Internet Options” section, to exercise your right to choose certain cookies. If you disable or delete certain cookies in your Internet browser settings, you may not be able to access or use important functions or resources of those Websites, and you may be asked to reenter your login information.
Data Subject Rights
Concerning your Personal Data, you have the following rights:
- Confirmation: You have the right to confirm the existence of processing of your Personal Data by Trench Rossi Watanabe,
- Access: Subject to certain exceptions, you have the right to request a copy of the Personal Data we are processing about you, which we will provide to you electronically.
- Rectification: You have the right to demand the correction of any outdated, incomplete, or inaccurate Personal Data that we process about you.
- Anonymization: You have the right to request the anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in violation of the LGPD.
- Exclusion: You have the right to request the deletion of your Personal Data processed based on your consent unless we are required to retain such data, in order to comply with a legal obligation or to establish, exercise, or file defenses in legal proceedings.
- Portability: You have the right to request the portability of the Personal Data we hold about you to another data controller when they are:
- personal information that you have provided to us; and
- we are processing such data based on your consent, or in order to fulfill our contractual obligations to you (such as providing legal services).
- Objection: Where the legal basis for our processing of your Personal Data is our legitimate interest, you have the right to object to such processing based on your specific situation. We will comply with your request unless we have compelling legitimate grounds for the processing that override your interests and rights, or if we need to further process the data in order to establish, exercise, or defend a legal claim.
- Sharing: You have the right to request information from the public and private entities with which we share your Personal Data.
- Possibility to not provide your consent: You have the right to request information about the possibility of not providing your consent to the processing of your Personal Data and the consequences thereof.
- Withdrawal of Consent. If you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time, free of charge. This right includes cases where you wish to opt out of receiving marketing messages from us.
You also have the right to complain with the National Data Protection Authority (“ANPD”) if you believe that we have not complied with applicable data protection laws
We implement technical and organizational measures to safeguard Personal Data under our custody and control. These measures include:
- restrict access to Personal Data only to employees and service providers on a need-to-know basis;
- a formal Information Security Management System (ISMS), aligned with ISO/IEC 27001:2013 and ISO/IEC 27002:2013. The ISMS is a comprehensive set of policies and procedures for deploying, managing, and securing the Firm’s Information Technology infrastructure; using a thorough defense approach to protecting the Firm and clients’ internal data.
Despite our efforts to always protect our systems, websites, operations, and information from unauthorized access, use, modification, and disclosure, given the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, whether during transmission or while stored on our systems, will be totally protected from intrusion by third parties.
You also play an important role in protecting Personal Data. You should not share any usernames, passwords, or other authentication data provided to you with anyone, and we recommend that you do not reuse passwords on more than one website or application. If you have any reason to believe that your username or password has been compromised, please contact us as detailed below.
- What are the consequences of not providing Personal Data?
- Do we participate in automated decision-making without human intervention?
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects on you or that significantly affects you.
- Does the Website comply with do not track signals (“DNT”) sent by browsers?
Given the divergent practices of organizations offering browsers and the lack of a standard in the market, we generally do not respond to DNT signals at this moment.
- For how long do we keep Personal Data?
- How does the Firm address employee and contractors’ privacy issues?
Version 03 of October 07, 2021.