Privacy and Personal Data Policy
1. OBJECTIVE
Inform all customers and employees of ANASTASSIADIS regarding the application of the General Data Protection Law – LGPD.
2. SCOPE
It applies to all customers and employees of ANASTASSIADIS.
3. DESCRIPTION OF THE PROCESS
ANASTASSIADIS needs to collect and process personal data from its customers within the scope of providing architectural services. In this sense, this ANASTASSIADIS Privacy and Personal Data Policy (hereinafter “Privacy Policy”), aims to help our customers understand what personal data we collect, how and why we use it, to whom we disclose and how we protect their information. privacy when using our services.
When using ANASTASSIADIS services, including filling in personal data and information on the Site, your consent for the collection, use and disclosure of all personal information as established in this Privacy Policy will be considered express. Please note that if you choose to share your information in a public media, such as through a third party website, such as Facebook, Instagram or other social media, it will be considered public information – not personal information.
4. WHY?
ANASTASSIADIS is committed to protecting the security and privacy of its customers. In this context, ANASTASSIADIS has prepared this Privacy Policy, in order to confirm its commitment and respect for the rules of privacy and protection of personal data.
We want our customers to know the general privacy rules and the terms of treatment of the data we collect, in strict compliance with the applicable legislation in this area, namely Law No. 13,709, of August 14, 2018 (“General Data Protection Law – LGPD” or simply “LGPD”).
ANASTASSIADIS seeks to respect the best practices in terms of security and protection of personal data, promoting / raising awareness of good practices in this area, and improving systems in order to manage the data protection made available to it by its customers, in strict compliance legal obligations.
Filling out the data collection forms and providing data directly or indirectly, implies knowledge of the conditions of this Policy, and of any other specific terms, policies and conditions relating to the services provided.
5. WHAT IS PERSONAL DATA?
Personal data means any information related to an identified or identifiable natural person (data subject), of any nature and regardless of the respective support. An identifiable person is one who can be identified directly or indirectly, namely by reference to an identification number or to more specific elements of his physical, physiological, psychological, economic, cultural or social identity.
Personal data may have a different nature in certain situations, classifying the LGPD as “sensitive data”. These may refer to the incumbent’s racial or ethnic origin, his political opinions, his religious or philosophical beliefs, genetic information, biometric identifiers, sexual life, sexual orientation or about his health.
6. OTHER IMPORTANT DEFINITIONS
i. Consent of the data subject – manifestation of will, free, specific, informed and explicit, by which the data subject accepts, by means of an unequivocal positive statement or act, that the personal data concerning him / her be treated;
ii. Controller: Natural or legal person, under public or private law, who is responsible for decisions regarding the processing of personal data;
iii. Definition of profiles – any form of automated processing of personal data that consists in the use of such personal data to, in particular, include a natural person in a certain category, regarding their professional performance, their economic situation, health, personal preferences, interests, behavior, location or travel;
iv. Data Protection Officer – “DPO” – person or entity appointed to ensure, in an organization, the compliance of the processing of personal data with the LGPD, ensuring efficient communication with data subjects and cooperation with control authorities, making the bridge with the different areas of activity within ANASTASSIADIS. The DPO does not receive instructions regarding the exercise of its functions, reporting directly to the governing bodies of the entity that appointed it;
v. Responsible for processing – natural or legal person, public authority, agency or other body that, individually or in conjunction with others, determines the purposes and means of processing personal data;
vi. Third Person – natural or legal person, service or other than the data owner, under the direct authority of the Controller or the Operator, are authorized to process personal data;
vii. Personal Data – identified or identifiable natural person to whom the personal data is related;
viii. Treatment – operation or set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, dissemination or any other form of availability, comparison or interconnection, limitation, erasure or destruction;
ix. Operator: Natural or legal person, under public or private law, who carries out the processing of personal data on behalf of the controller;
x. Violation of personal data – breach of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, preserved or subject to any other type of treatment;
xi. Pseudonymization – the processing of personal data in such a way that it can no longer be attributed to a specific data subject without resorting to supplementary information, provided that that supplementary information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be assigned to an identified or identifiable natural person;
xii. Anonymization – a technique that results from the processing of personal data in order to remove sufficient elements from them so that it is no longer possible to identify the data subject, irreversibly. More precisely, the data must be processed in such a way that they can no longer be used to identify a natural person using all the means that can reasonably be used, either by the controller or by third parties.
xiii. National Data Protection Authority – Public administration entity responsible for ensuring, implementing and supervising compliance with the law.
7. WHO IS RESPONSIBLE FOR THE TREATMENT OF YOUR PERSONAL DATA?
This Privacy Policy aims to inform customers about the terms of treatment of personal data of ANASTASSIADIS, determining the purposes and means of treatment of their data in the context of the provision of services, so it should be considered as Controller, under the terms of the LGPD.
Thus, when attended by an independent third party, on behalf and order of ANASTASSIADIS, this third party will be considered an Operator, under the terms of the LGPD. Thus, if there is any question regarding the privacy of customer data, we request that it also be indicated who this third party is, when applicable, for the purposes of investigating any infraction, fraud, negligence, imprudence or malpractice.
Under the terms of this Policy, ANASTASSIADIS customers are aware of the responsibilities related to the information provided about the personal data of the users of the services, and that they assume the risk in case of documentation and / or incomplete information of the users and clients.
8. WHAT PERSONAL DATA DO WE COLLECT AND THROUGH WHAT MEANS?
ANASTASSIADIS collects personal information provided by the customer, information capable of identifying him. This information collected may vary depending on your use of ANASTASSIADIS, as well as the type of information you choose to provide to us.
We collect your personal information when you use it on our Site or contact us through other sources, such as when you:
(i) visit / browse our Sites;
(ii) fill out forms on our Sites;
(iii) participate and / or fill out forms at an event;
(iv) makes or attempts to make a budget request;
(v) send us an email;
(vi) participate in promotions or surveys;
(vii) communicates with or relates to a customer service representative;
(viii) forward information to a friend; and
(ix) register for an event.
In particular, we may collect the following categories of personal information:
• Personal identifiers: name, alias, address (billing / shipping / contact), email address, phone number, credit card number, debit card number, RG / CPF / CNPJ, signature, account number bank.
• Transaction history: services purchased, obtained or considered.
• Communication data: audio and electronic content.
Information We Collect Automatically
We collect personal information about you.
We may use some information collected about you and the services you use to help us personalize and improve your experience. In particular, we may collect the following categories of personal information (independently or through marketing service providers):
• Identification of devices: Internet protocol (IP) address, browser type, operating system, domain name, unique device ID.
• Internet or other similar network activity (through cookies, web beacons and pixel tags): browsing history, search history, information about your interaction with our Sites, applications, marketing emails or advertisements.
Information We Collect From Other Sources
Some information we collect is publicly available. We may collect information about you from other companies and data aggregation organizations. By collecting additional information about you, we can correct inaccurate information, increase the security of your transactions, and provide recommendations for services that are likely to be of interest to you.
• Inferences extracted from other personal information: profile that reflects a person’s preferences, characteristics, psychological tendencies, predispositions, behavior and attitudes.
All of this information collected by ANASTASSIADIS is cumulative, so that ANASTASSIADIS and its Operators can provide a better service.
9. CATEGORY OF WORKED DATA, MEANS AND WAYS OF COLLECTION
The customer will always be duly informed of the obligation to make this data available in order to continue the registration process with ANASTASSIADIS.
When the customer creates a registration with ANASTASSIADIS, the following data is collected: Company Name, Fantasy, Full Address, CNPJ, IE, Telephone, Form of Funding, Responsible, Telephone, Cellular, E-mail, Registration Date, Logo, data of Employees, Service Providers, and Suppliers, contracts, bank details, Birth Date, Files (Social Contract, among others).
10. WHAT ARE THE PURPOSES OF COLLECTING YOUR PERSONAL DATA?
The personal data of the clients are processed to offer better service management services for the office, commercial and digital marketing. For this to happen, it is often necessary to cross-check the data we collect, so that the marketing actions are directed to what the client expects to receive from ANASTASSIADIS.
In this sense, we use personal data to communicate and manage our relationship with the customer. In this sense, we can contact you by letter, e-mail, Social media or SMS, for administrative or operational reasons, for example, in order to send you news that may be of interest to you. We will also use your personal data to respond to your requests, suggestions or contacts, to improve our services and your experience as an ANASTASSIADIS customer.
We may use the categories of personal information mentioned above for one or more of the following business purposes:
• To process your request for information;
• To process service transactions and send notices about your transactions.
• Provide sales support and customer service, as well as quality assurance.
• To comply with or attend to the reason for which the information is provided. For example, if you provide us with your bank information, we will use that information to transmit payments.
• To provide targeted marketing and advertising, provide service update notices and make promotional offers based on your communication preferences.
• To provide sales support.
• To allow e-mails to friends. We may provide functionality to allow you to send messages about content related to the Site to a friend through the Site. If you want to use this feature, you can provide us with your friend’s email address so that we can facilitate sending your message to him.
• To verify your identity, including questions related to the account.
• To send administrative communications related to the Site, announcements related to services, etc., which are necessary to serve you, answer your concerns and provide the high level of customer service that ANASTASSIADIS offers. As this information may be important to your use of the Site, you cannot opt out of receiving such communications unless you explicitly withdraw your consent to our use of your personal information as described in this Privacy Policy.
• To contact you at any phone number, via a voice call or via text messages (SMS) or e-mail, as authorized by our Terms and Conditions.
• To detect, prevent or investigate security breaches, fraud or other suspicious / prohibited / illegal activity; or violations of our Privacy Policy.
• Maintain appropriate records for internal administrative purposes.
• To provide important information about service security.
• We use your IP address and the IP addresses of all users, for the purpose of calculating the levels of use of the Site, to help diagnose problems with the Site’s servers, to administer the Site, analyze trends, statistics / internal searches, including detection and prevention of suspicious activity, administer the Site, track traffic patterns and gather demographic information for aggregate use.
• To improve our website and present the content to you.
• For testing, research, analysis and product development.
• As described to you when collecting your personal information.
• We may use these technologies to collect information for a variety of purposes, such as analyzing how the Site is used, personalizing your experience on the Site or improving our content or offers. Your browser may provide tools to block or delete cookies. However, if your browser is set to reject cookies or you manually delete them, you may experience some problems accessing and using some of the pages and features that are currently on our Site, or that we may post on our Site in the future. (Cookies)
11. ON WHAT BASIS DO WE TREAT YOUR PERSONAL DATA?
ANASTASSIADIS will treat your personal data only when it is duly qualified. The LGPD requires, in order for the processing of personal data to be lawful, that there is an adequate legal basis for each specific treatment.
Regarding the processing of your data carried out by ANASTASSIADIS to improve our services and fulfill our administrative and quality objectives, the basis for proper lawfulness will be the pursuit of legitimate interests of the Controller, as well as Contractual Compliance, when applicable, in addition to the consent itself. of the customer. This implies that data subjects may object to the processing of their data for the purposes mentioned above, under the LGPD, if they present valid reasons related to their particular situation. In such an event, the Controller may present legitimate reasons that justify the continuation of such processing, in which case it reserves the right to continue processing its data for those purposes, as in cases where such processing is necessary for the purposes of declaration, exercise or defense of a right in judicial proceedings.
Regarding the data processing performed by ANASTASSIADIS in the context of compliance with legal obligations, the legality ground for carrying out such treatments – mostly data communications to external entities – will be the need for processing for the purpose of complying with Controller’s legal obligations, including contractual compliance or legitimate interest.
12. WHAT ANASTASSIADIS PROFESSIONALS HAVE ACCESS TO YOUR DATA?
Within the scope of the processing of your personal data, ANASTASSIADIS observes, at all times, the principles of data protection from conception (privacy by design). Such a commitment implies, among other aspects, that your personal data will be of limited access to people who need to know them in the exercise of their functions, to the strictest extent necessary for the pursuit of the processing purposes that we have already listed above.
13. WHAT IS THE PERIOD OF CONSERVATION OF YOUR PERSONAL DATA?
Personal data collected by ANASTASSIADIS customers are processed in strict compliance with the applicable legislation and are stored in specific databases. Such data are kept in a format that allows the identification of the data subjects only during the period necessary for the purposes for which they are processed.
The period during which data is stored and preserved varies according to the purpose for which the information is used. There are, however, legal requirements that oblige you to keep the data for a certain period. We take as a reference for determining the appropriate conservation period the various resolutions of the data protection control authorities, namely the National Data Protection Authority – ANPD.
14. WHAT ARE THE RIGHTS OF DATA HOLDERS?
Under the terms of the applicable legislation, the data subject may request, at any time, access to personal data concerning him, as well as its rectification, the portability of his data, directly through the email privacy@anastassiadis.com.br, or through face-to-face contact with ANASTASSIADIS.
You also have the right to:
• Request details about the categories of personal information collected about you and, if allowed and practical, a copy of the personal information (data portability).
• Request the deletion of any personal information we collect from you, subject to certain exceptions. Once your request is verified, we will proceed with it, unless an exception applies. There is a possibility that we may deny your request for deletion if retention of the information is necessary for us or our service providers to be able to:
• Complete the transaction for which we collect personal information, provide a good or service that you requested, take actions reasonably foreseen in the context of our ongoing business relationship with you, or otherwise execute our contract with you.
• Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activities, or prosecute those responsible for such activities.
• Debug products to identify and repair errors that impair existing intended functionality.
• Exercise freedom of expression, guarantee the right of another consumer to exercise his rights of freedom of expression, or exercise another right provided for by law.
• Comply with the LGPD and the relevant legislation.
• Engage in public or scientific, historical or statistical peer-reviewed research in the public interest that complies with all other applicable ethics and privacy laws, if deleting the information is likely to make it impossible or seriously impair the conduct of the research, if you have previously informed your consent.
• Only allow internal uses that are reasonably in line with consumer expectations based on their relationship with us.
• Comply with a legal obligation.
• Make other internal and legal uses of this information that are compatible with the context in which you provided it.
Without prejudice to any other administrative or judicial remedy, the data subject is entitled to submit a complaint to the ANPD or other competent control authority under the terms of the law, if he considers that his data is not being subject to legitimate treatment by part of ANASTASSIADIS, under the terms of the applicable legislation and of this Policy.
15. WHAT ARE THE SAFETY MEASURES ADOPTED BY ANASTASSIADIS?
ANASTASSIADIS is committed to ensuring the confidentiality, protection and security of its customers’ personal data, through the implementation of the appropriate technical and organizational measures to protect their data against any form of improper or illegitimate treatment and against any accidental loss or destruction of this data. To this objective, we have systems and teams designed to ensure the security of processed personal data, creating and updating procedures that prevent unauthorized access, accidental loss and / or destruction of personal data, committing to respect the legislation on data protection. personal data of customers and to treat this data only for the purposes for which it was collected, as well as to ensure that this data is treated with adequate levels of security and confidentiality.
ANASTASSIADIS may, in some cases, transmit your personal data to third parties. ANASTASSIADIS has defined clear contractual rules in the treatment of personal data with its operators, and requires them to adopt the appropriate technical and organizational measures to protect their personal data. However, in some cases, we may be required by law to disclose your personal data to third parties (such as control authorities) over which we have limited control over the protection of personal data.
The information database formed by ANASTASSIADIS can be made available to strategic business partners aiming at the benefit and generation of mutual results, such as the supply or improvement of our products, services and advertising.
ANASTASSIADIS is not responsible for the use and treatment given by ANASTASSIADIS business and economic partners to customer data collected and shared, being the responsibility of the company or partner that uses them to give due treatment and use.
It may be necessary – by law, legal process, litigation and / or requests from public and governmental authorities inside or outside your country of residence – for ANASTASSIADIS to disclose your personal information. We may also disclose your information if we determine that, for purposes of national security, law enforcement or other issues of public importance, disclosure will be necessary or appropriate.
We may also disclose your information if we determine that the disclosure is reasonably necessary to enforce our terms and conditions or to protect our operations or users. In addition, in the event of a reorganization, merger or sale, we may transfer any and all personal information that we collect to relevant third parties.
16. IN WHICH CIRCUMSTANCES IS DATA COMMUNICATED TO OTHER ENTITIES?
ANASTASSIADIS uses other entities to provide certain services. Eventually, this provision of services may imply access, by these entities, to the personal data of their customers. This will be the case for entities that provide support services for ANASTASSIADIS ‘computer systems.
Thus, any entity that characterizes itself as ANASTASSIADIS Operator will treat the personal data of our customers, on our behalf and on our behalf, under the strict obligation to follow our information.
instructions. ANASTASSIADIS ensures that such entities that are characterized as Operators offer sufficient guarantees for the execution of appropriate technical and organizational measures so that the treatment meets the requirements of the applicable law and ensures the security and protection of the rights of the data subjects, under the terms of the subcontracting agreement entered into with the aforementioned Operators.
ANASTASSIADIS may also transmit personal data of its customers to third parties, when it deems such data communications as necessary or appropriate:
i. in the light of the applicable law,
ii. contractual performance;
iii.legitimate interest;
i.in compliance with legal obligations / court orders, and;
ii.to respond to requests from public or government authorities.
In this sense, ANASTASSIADIS may transmit your personal data to any Contracting Public Entity, Courts, Solicitors, criminal police bodies or the Public Prosecutor’s Office when notified for this purpose or when it is necessary for the fulfillment of legal obligations, as legally provided.
ANASTASSIADIS may also transmit your personal data to service providers under contract with us and who support our business operations, such as processing payments other than cash, calculating sales / use taxes, billing, sending communications. marketing, customer service, IT hosting, maintenance products, research, order fulfillment, data aggregation and technology services. Our contracts provide that these service providers only use your information in connection with the services they provide to us and not for their own benefit.
Please note that our service providers may be located in foreign jurisdictions and your personal information may be subject to the laws of those foreign jurisdictions and accessible to law enforcement and other authorities.
In any of the situations mentioned above, ANASTASSIADIS undertakes to take all reasonable measures to ensure the effective protection of the personal data it handles.
17. CONTACT US
You can contact the ANASTASSIADIS Data Protection Officer (“DPO”) for more information on the treatment of your personal data, as well as any questions related to the exercise of the rights attributed to you by the applicable legislation and, in particular, those referred to. in this Privacy Policy, through the following contacts:
e-mail: privacy@anastassiadis.com.br
18. RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF YOUR PRIVACY RIGHTS
We will not discriminate against you for exercising any of the rights described above. This includes, but is not limited to: (i) denying you goods or services; (ii) charging you different prices or fees for goods or services, including through the use of discounts or other benefits or the imposition of penalties; (iii) providing a different level or quality of goods or services; or (iv) suggests that you will receive a different price or fee for goods or services or a different level or quality of goods or services.
19. SOCIAL MEDIA
We work with social networking sites like Facebook, Twitter, Pinterest, Instagram and YouTube. All of these companies operate third party websites. We provide access to our Site by third parties and business partners so that we can generate interest in our products among members of your social networks and allow you to share interest in the products with friends on your network. The use of any resources made available to you on our Site by third parties may result in the collection or sharing of information about you by us or by third parties. If you do not want us to have access to information about you on third party websites, you must notify third party websites not to share the information. We cannot control how your data is collected, stored, used or shared by third party sites or to whom it is disclosed. Be sure to review the privacy policies and privacy settings on your social networking sites to make sure you understand the information they are sharing. If you do not want a third party website to share information about you, you should contact that website and determine if it offers an opportunity to opt out of sharing that information. ANASTASSIADIS is not responsible for how these third parties may use the information collected from or about you.
20. USE BY MINORS OF AGE
We do not intend that our sites or online services are used by anyone under the age of 18. If you are a parent or guardian and think it is possible that we have collected information about your child, please contact us at privacy@anastassiadis.com.br
21. HOW DO I KNOW ABOUT PRIVACY POLICY CHANGES?
ANASTASSIADIS reserves the right, at any time, to make changes or updates to this Privacy Policy, these changes being duly updated on our Platforms. We suggest that you check them regularly to be aware of any changes.