Left Right

Privacy and Security

What is the General Law on the Protection of Personal Data (LGPD)? Who does it apply to?

The General Law on the Protection of Personal Data (LGPD - Law No. 13.709/18) is the legal framework that governs the processing of personal data, including in digital media, by individuals or legal entities under public or private law. Its objective is to protect fundamental rights such as freedom, privacy, and the free development of the personality of individuals.

The LGPD applies to any natural or legal person engaged in the processing of personal data (in physical or digital form) within Brazilian territory, offering goods or services to individuals located in Brazil, or collecting personal data in Brazil.

What is personal data?

According to the LGPD, personal data refers to any information related to an identified or identifiable individual, such as name, General Registry (RG), Individual Taxpayer Registry (CPF), address, email, phone number, profession, IP address, geolocation, among others.

What is the processing of personal data?

Under the LGPD, processing refers to any operation performed on personal data, such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction of personal data.

What is sensitive personal data?

According to the LGPD, sensitive personal data includes information related to racial or ethnic origin, religious beliefs, political opinions, union membership or affiliation with religious, philosophical, or political organizations, data related to health or sexual life, genetic or biometric data, when linked to an individual.

Does Osklen process sensitive personal data?

During its operations, Osklen may collect certain sensitive personal data, always in compliance with the purposes established in the Privacy Notice.

In adherence to the principle of necessity, we commit to collecting only the data required to fulfill the specified purpose.

What is anonymized data?

Under the LGPD, anonymized data refers to information related to a data subject who cannot be identified, considering the use of reasonable technical means available at the time of processing. Osklen may use such data for statistical purposes.

How is Personal Data collected?

We can collect Personal Data in two ways: (i) Registration Data, when you provide it voluntarily, and (ii) Digital Identification Data, automatically, when you visit our website.

Where does Osklen store personal data?

Personal Data may be stored on servers located in Brazil or abroad using cloud computing services. In any scenario, we are committed to making the necessary efforts to ensure the confidentiality and security of Personal Data.

What is the National Data Protection Authority (ANPD)?

The National Data Protection Authority (ANPD) is a special body with technical and decision-making autonomy, its own assets, and headquarters in the Federal District. It is responsible for overseeing, implementing, and ensuring compliance with Law No. 13.709, dated August 14, 2018, on a national level.

Who is responsible for processing Osklen's personal data?

Our Personal Data Processing Officer, designated to act as a communication channel between the data controller, data subjects, and the National Data Protection Authority (ANPD), ensures that requests regarding your Personal Data are addressed and guides our employees on Data Protection standards. Osklen's Personal Data Officer can be reached through the following contact methods:

Responsible Entity: Lima≡Feigelson Abogados

Primary Contact: Tatiana Coutinho

Alternate Contact: Jean Marc Sasson

Postal Address: Rua Profesor Álvaro Rodrigues, 352, 4th floor, Botafogo, RJ. ZIP Code: 22.280-040

Email Contact: privacidad@osklen.com.br

What are your rights, and how can you exercise them?

You have the fundamental rights to Privacy, Freedom, and Personal Data Protection, along with the specific rights provided under the LGPD, detailed as follows:

> Confirmation of Processing: You have the right to know if we carry out any Processing activities with your Personal Data.

> Access: You have the right to know which of your Personal Data we process.

> Correction: You can request that we correct any inaccurate, incorrect, or outdated Personal Data.

> Anonymization, Blocking, or Deletion of Data: You can request that we block or delete any unnecessary, excessive, or improperly processed Personal Data. Such a request will only be denied in cases where legal obligations or other conditions, as outlined in Article 7 of the LGPD, require or permit data retention. Anonymous data, which cannot identify an individual, is not considered Personal Data and is excluded from the LGPD's scope.

> Portability: You have the right to request that your Personal Data processed by us be transferred to another company you specify. However, the portability right does not include data that has already been anonymized.

> Deletion of personal data processed with the data subject's consent: You have the right to request the deletion of your data once its purpose has been fulfilled. Data will not be deleted if its retention is mandatory for compliance with a legal or regulatory obligation; for transfer to a third party, provided that data processing requirements under the LGPD are met; or for exclusive use by Osklen, with access by third parties prohibited, and only if the data is anonymized.

> Information about data sharing: You have the right to know which public and private entities we share your personal data with.

> Information about the possibility of withholding consent and the consequences of refusal: You have the right to be informed about the consequences of refusing consent and how this may affect the services provided.

> Withdrawal of consent: You have the right to withdraw your consent for processing your Personal Data at any time by submitting a written request to Osklen. This applies when consent is the legal basis for processing your data. Withdrawal is free of charge.

For requests related to accessing, modifying, or deleting Personal Data, please complete the DSAR (Data Subject Access Request) form, available via the QR code below:

mceclip0.png

For other requests, inquiries, or complaints, data subjects can contact us directly via email at privacy@osklen.com.br.

To help us provide clarifications and enable the exercise of your rights, please provide the following information clearly and objectively: (i) Your identification as requested. (ii) The specific request, (iii) The right you wish to exercise.

Please note that limiting the processing of some of your Personal Data—via requests for blocking, deletion, or withdrawal of consent—may impact the performance of the services we provide to you. However, don’t worry! We will inform you when this is the case, leaving the decision to proceed with the request entirely up to you.

How long can Osklen retain my Personal Data?

Retention periods vary depending on the reasons for processing your Personal Data. We retain your data only as long as necessary to fulfill the purposes of processing and our legal obligations.

Once the purposes and/or legal obligations have been fulfilled, the information, including personal data from third parties, will be stored following the statutes of limitations under Brazilian law, unless processing is based on the data subject’s consent, which can be revoked at any time.

After the expiration of the limitation period, personal data processed by Osklen will be deleted unless processing is necessary for the purposes outlined in Article 16 of the LGPD, such as: Compliance with legal or regulatory obligations by the data controller.

Research purposes, ensuring, whenever possible, the anonymization of personal data. Transfer to a third party, provided that data processing requirements under this Law are met. Exclusive use by the data controller, with access by third parties prohibited, and only if the data is anonymized.

In certain cases, legal obligations require the retention of personal data for specified periods, such as IP address, date, and time of access to the website, which must be retained for at least 6 months in compliance with Article 15 of the Brazilian Internet Framework.

These periods may be extended depending on specific regulations issued by regulatory authorities, legal obligations, or to preserve rights.

Do you have more questions? Send your inquiries to privacy@osklen.com.br.
We will be happy to assist you!

Osklen thanks you for your attention.