Personal Data Processed

​

The Privacy Policy of Santana Fernandes Law Firm and Legal Consultancy encompasses all personal data and information of clients, collaborators, and partners, obtained either with explicit consent or authorized by law, for the purpose of carrying out professional activities in the legal field, including legal advisory, consultancy, and judicial or extrajudicial representation.

The collection and processing of personal data are limited by the principle of necessity, in accordance with the Brazilian General Data Protection Law (LGPD) – Law No. 13.709/2018:

• Personal data;

• Sensitive personal data: will be processed strictly to the extent necessary for professional activities and/or to ensure the data subject's safety;

• Authorized third-party personal data: third-party contact information (name and phone number) may be requested, with justification or legal requirement, if previously authorized by the data subject to receive information and/or respond in emergency situations on their behalf.

LGPD and the Processing of Personal Data

Santana Fernandes Law Firm and Legal Consultancy processes personal data solely for legitimate purposes. All data processing operations carried out at our firm are supported by the LGPD and the Professional Code of Ethics.

The following legal bases established by the LGPD authorize data processing:

2.1 Processing of Personal Data:

• Article 7, V: for processing necessary to the execution of a contract or pre-contractual measures, applicable to service agreements.

• Article 7, II: for processing required by legal or regulatory obligations.

• Article 7, VII: for protecting vital interests or the physical safety of the data subject or third parties.

• Article 7, VI: for the exercise of rights in judicial, administrative, or arbitral proceedings involving the data subject.

2.2 Processing of Sensitive Personal Data

The processing of sensitive personal data – such as data related to health, race, gender issues, or union membership – by Santana Fernandes Law Firm is limited to legal and regulatory situations, exclusively for legal assistance and consultancy, and is based on the following LGPD articles:

• Article 11, II, "a": to comply with legal and regulatory obligations.

• Article 11, II, "d": for the exercise of rights in judicial, administrative, or arbitral proceedings.

• Article 11, II, "e": to protect vital interests or physical safety of the data subject or third parties.

All collected and processed personal data follow the legal principles established in Article 6 of the LGPD, Law No. 13.709/2018, including good faith, purpose, necessity, and security.

3. Cookie Policy

We do not use cookies on our website or collect any personal data without the express consent of the data subject.

Visiting the Santana Fernandes Law Firm and Legal Consultancy website does not involve any programmed cookies, thus the visit does not leave traces or identify the visitor or their personal data.

Contact Form: If the data subject is interested, they may fill out an electronic form with their name, email, and phone number to request contact from the firm.

3.1 Data Processors

Santana Fernandes Law Firm has contracted Google Workspace, a Google product, to carry out professional communication via email, virtual meetings, and cloud-based document storage (Google Cloud), in compliance with the LGPD. Data processing activities are limited to the purpose and needs contracted.

Policy Update Notice

Santana Fernandes Law Firm may update this policy to comply with legal or information security requirements. No significant changes will be made without prior notice, which will appear prominently on our website or via direct communication. We recommend regularly reviewing this Privacy Notice to stay informed of updates.

This policy is effective as of February 8, 2022.

4. Sharing and Transfer of Personal Data

We DO NOT share personal data of clients, collaborators, or third parties, unless required by law or necessary for fulfilling contracts involving the data subject. In such cases, the data subject will be duly informed.

5. Personal Data Storage

Personal data will be stored:

• When necessary to achieve the purpose for which it was obtained, in accordance with the law and this Privacy Policy;

• When there is a legitimate legal basis under the LGPD or this Privacy Policy, justifying the retention for a specific period.

6. Purpose of Data Processing

Informed consent of the data subject to establish contact:

• When the data subject provides their personal data (name, email, and/or phone number) via the website contact form;

• When the firm uses the data provided by the subject to send a service proposal.

7. Forms of Data Processing

Internal operations: The processing of personal and sensitive data will be handled internally for purposes of legal services and consultancy.

External operations: Personal data may be used in external operations when required by law or regulation, or for accounting, tax, licensing, and auditing by government authorities.

All professionals, employees, and partners of Santana Fernandes Law Firm are required to understand and comply with privacy protection rules, ensuring confidentiality and safeguarding the personal data stored in our systems.

The firm adopts continuously updated technological measures to keep personal data secure:

• Computers operate on cloud systems contracted with Google Workspace, protected by robust firewall systems to prevent unauthorized access;

• All computers have frequently updated antivirus software to guard against phishing, malware, and ransomware attacks;

• Data access is limited to authorized professionals, under power of attorney, with restricted permissions based on their role, minimizing data leakage or misuse;

• The firm maintains a secure, regular backup system to enable quick recovery of systems;

• Corporate email is protected by efficient antivirus and anti-spam tools, blocking malicious files.

Confidentiality Notice

All personal data and information stored in the firm's systems are strictly confidential and intended only for authorized users.

8. Data Retention Period

Clients' personal data will be retained in our systems according to our internal data and document disposal policy, which provides for disposal periods ranging from 5 to 30 years, depending on the data’s purpose. Retention occurs:

• During legally required periods;

• As long as the purposes for which the data was collected are still active;

• While there is legitimate interest in retaining the data until applicable statutory limitation periods expire.

9. Data Subject Rights

As a data subject, you are entitled to rights under the Federal Constitution and the LGPD, particularly Articles 9, 17–22. These include:

• Right of access – to know what information we process about you.

• Right to rectification – to correct inaccurate, incomplete, or outdated data.

• Right to deletion – to request deletion of unnecessary data (except when legal retention is required).

• Right to data portability – to transfer your data to another system.

• Right to revoke consent – and to be informed of the consequences of refusal.

• Right to information on data sharing – with public/private entities.

• Right to data anonymization – where possible.

• Right to review of automated decisions – made without human intervention.

10. Controller Responsibilities (Santana Fernandes Law Firm)

• Respect the rights of data subjects;

• Adopt appropriate practices for data collection and processing;

• Implement administrative measures and privacy protection policies;

• Promote a culture of privacy and data protection within the firm;

• Regularly audit processes to ensure data protection;

• Use secure information protocols to prevent unauthorized access.

The controller is not responsible:

• When law requires data sharing with external platforms;

• When data disclosure is made by the data subject or authorized individuals.

Important Notices

• Personal data is not shared publicly, on social networks, or through other means unless required by law, contract, or specific consent.

• Due Diligence: The firm conducts prior checks in contracts with third parties, in compliance with the LGPD.

• Internal CCTV monitoring exists in the building where the firm is located, used exclusively to ensure everyone's safety, in accordance with reasonable privacy expectations.

Data Protection Officer Contact

Attorney: Dr. Márcia Santana Fernandes
📧 marcia@santanafernandes.com