I - DEFINITIONS

For the purposes of this policy, the following expressions are considered with the following concepts:  

ClientesAny private individual or legal entity that has any type of commercial legal relationship with Reale, by contracting its services, all related to the paralegal area.

ControladorNatural or legal person, public or private, who is responsible for decisions regarding the processing of personal data. In this case, Reale.

OperatorsA natural or legal person, whether governed by public or private law, who processes personal data on behalf of the Controller. In this case, they are Reale's Employees, Partners and Subcontractors.

LGPDLaw No. 13,709, of August 14, 2018 (Brazilian General Data Protection Law).

ANPD – National Data Protection Authority. Direct federal public administration body responsible for ensuring the protection of personal data and for implementing and overseeing compliance with the LGPD in Brazil.

DPO – Data Protéticos Officer. Immediate manager or person in charge responsible for accepting complaints and communications from data subjects, providing clarifications and taking action; receiving communications from the national authority and taking action; advising the entity's employees and contractors on the practices to be taken in relation to the protection of personal data; and carrying out other duties determined by the controller or established in complementary rules.

Personal DataAll information relating to an identified or identifiable natural person. Examples:  Names of natural persons and their respective addresses (business and residential), CPF [Individual Taxpayer Registration] number, RG [ID card], Passport, Voter ID, Work Permit, telephone number, photograph, e-mail address, as well as any other information that may identify a natural person.

Sensitive Personal Data.Personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or a religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data.

Employees.. TAny natural person who provides services of a non-occasional nature to Reale, under the latter's dependence and for a salary.

Partners : Any individual or legal entity, whether governed by public or private law, that has any type of commercial legal Realerelationship with Reale, through the supply of goods and/or services, either to provide benefits to its Employees or to fulfill a legal or regulatory obligation to its Clients.

Subcontractors.Individuals or private legal entities hired by Reale to perform services Reale for or on behalf of Reale.

Owner Natural person to whom the personal data being processed refers.

TreatmentAny operation carried out with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, storage, deletion, evaluation or control, modification, communication, transfer, dissemination or extraction.processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

II – PROCESSING OF PERSONAL DATA  

In carrying out its activities, Reale processes personal data from the following groups:

III.I – Personal data provided by its Clients  

The personal data to which Reale has access is provided by its Clients in order to be able to carry out its services, all related to the paralegal area (legal and tax), regularization and issuance of certificates and business and corporate advice, in the face of legal and regulatory determinations that need to be met.  

II.II – Personal data of its employees..

In addition, the personal data of its Employees is also processed for compliance with legal and regulatory obligations, granting benefits to its Partners, as well as sensitive personal data (biometrics) to guarantee the security of the holder.

III – PURPOSE OF PERSONAL DATA  

 

As mentioned, Reale is a company dedicated to providing paralegal and company legalization services nationwide, which is why it needs to process personal data in order to perform the contracted services and comply with the legal and regulatory requirements laid down by entities such as Boards of Trade, Municipal Secretariats, State Secretariats, regulatory bodies, INSS, CEF, the Federal Revenue Service, Notary Publics, etc.

With regard to the personal data of its Employees, this data is used solely and exclusively to meet the legal requirements applicable before government agencies, as well as for processing remuneration issues (payroll) and granting benefits (health insurance, meals, food, fuel, life insurance, etc.) with its Partners. We also process sensitive personal data (biometrics) only for the security of its Employees, through electronic validation systems.

We may also collect biometric data for access to Reale's premises, as well as images and recordings through Closed Circuit TV ("CCTV") for short periods in line with our internal policy aimed at the protection and security of Reale, our Clients, Collaborators, Partners, Subcontractors and visitors.

 

IV – SHARING OF PERSONAL DATA

There will be transmission and communication of personal data between Reale's departments, with access by designated and duly trained Employees based on the LGPD, whenever necessary, to enable greater smoothness and speed in the quality of the services provided.  

Reale may also pass on your data to subcontractors who need to act in some way to help provide a more efficient service.

We also share our employees' personal data with partners who help us process our employees' remuneration and benefits, such as accounting firms, health insurance companies, meals, food, life insurance, etc.) as well as sensitive data (biometrics) for their security, with an Information Technology company.  

We may also transmit your personal data to third parties when such communication of data becomes necessary or appropriate (i) in the light of applicable law and regulation, (ii) in compliance with legal obligations/court orders, (iii) by court order or at the request of a competent authority.

V – RETENTION PERIOD FOR PERSONAL DATA  

We keep your personal data until it is no longer required for the purposes described above, until the end of the processing period and/or in accordance with applicable legal deadlines. After that, the personal data will be deleted. In the event of pending litigation, the data may be kept until the decision has become final.

1. HOW WE KEEP DATA SAFE -

Reale has a local server, which we back up in the cloud with all data encrypted, using the SolarWinds tool Able Backup.

Reale also uses the best methods on the market to guarantee the security of your data, for example:

1. protection against unauthorized access to its systems, with an edge firewall responsible for blocking external access, antivirus on all computers and user access control;
2. only authorizes the access of previously established persons to the place where the collected information is stored;
3. maintenance of the inventory indicating the time, duration, identity of the collaborator or person responsible for the access and the object file, based on the connection and application access records, as determined in article 13 of Decree No. 8,771/2016.

In its demand control and management system, we have adopted the following requirements for maintaining security:

1. Use of a dedicated server;
2. PHP 8+ language;
3. MySQL database;
4. SSH access
5. Make at least one backup of the information collected in a single day, which will be saved and archived on the server;
6. Access passwords with data encryption;
7. Sections in the system and encrypted data to guarantee the integrity of this data in the system;
8. Use of software via up-to-date browser  
9. Amazon Web Services - AWS storage/hosting service

Reale makes every effort to preserve the privacy of data subjects' data, as well as the loss, misuse, alteration, unauthorized access and misappropriation thereof. However, by circulating data on an open Internet network, the risk of unauthorized access and use cannot be completely eliminated.

VII – YOUR RIGHTS

In accordance with the LGPD, Reale guarantees Data Subjects the possibility, at any time, of submitting requests based on the following rights:

1. i) confirmation of the existence of treatment;
2. ii) access to data;

iii) correction of incomplete, inaccurate or outdated data;

1. iv) anonymization, blocking or deletion of unnecessary, excessive or non-compliant data;
2. v) portability of their data to another service or product provider, upon express request by the Data Subject;
3. vi) deletion of data processed with the consent of the Holder;

vii) obtaining information about the public or private entities with which Reale has shared its data;

viii) information about the possibility of not giving their consent, as well as being informed of the consequences if they do not;  

1. ix) the revocation of consent, in which case the lawfulness of any processing carried out prior to the withdrawal of consent will not be affected.  

The owner may exercise these rights by sending a written request lgpd@realeempresarial.adv.br

VIII – CONTACT AND QUESTIONS  

If you have any questions regarding the processing of your personal data and the rights conferred on you by the applicable legislation and, in particular, referred to in this Policy, you may contact the Reale Manager mentioned below by e-mail: lgpd@realeempresarial.adv.br

Person in Charge: Mr. Renan Ghiraldello Data Protection Officer (“DPO”). 

IX – CHANGES TO THE PRIVACY POLICY  

This Privacy Policy may be updated at any time, which is why we suggest that you visit it periodically so that you are fully aware of any changes made.

1. APPLICABLE LAW AND JURISDICTION

This Privacy Policy and the relationship arising from the actions comprised herein shall be governed, interpreted and executed in accordance with the Laws of the Federative Republic of Brazil, especially Law No. 13.709/2018, regardless of the Laws of other States or Countries, and the jurisdiction of the District of the Capital of the State of São Paulo shall be competent to settle any questions arising from this document, with express waiver of any other, however privileged.