{"id":11706,"date":"2021-10-08T11:53:49","date_gmt":"2021-10-08T08:53:49","guid":{"rendered":"https:\/\/snov.io\/knowledgebase\/?p=11706"},"modified":"2024-07-05T16:29:05","modified_gmt":"2024-07-05T13:29:05","slug":"lgpd-faq-for-third-party-data-subjects","status":"publish","type":"post","link":"https:\/\/snov.io\/knowledgebase\/lgpd-faq-for-third-party-data-subjects\/","title":{"rendered":"LGPD FAQ (for third-party data subjects)"},"content":{"rendered":"

In some cases, our data processing activities fall under Brazilian data protection laws. Snov.io complies with Brazil\u2019s General Data Protection Act (LGPD) and implements appropriate technical and organizational measures to ensure secure processing and transfer of personal data.<\/span><\/p>\n

What is the LGPD?<\/b><\/h2>\n

Brazil's General Data Protection Act (Lei Geral de Prote\u00e7\u00e3o de Dados), or LGPD, is a privacy and security law created for protection of personal data in Brazil. LGPD was enacted on August 14, 2018.\u00a0<\/span><\/p>\n

Under the LGPD, any information that makes it possible to identify an individual can be considered personal data.\u00a0<\/span><\/p>\n

The key definitions of the LGPD are similar to the GDPR. For example, there are two main roles that a company can take on when processing personal data -\u00a0 <\/span>data controller<\/b> and <\/span>data processor<\/b>.\u00a0<\/span><\/p>\n

A <\/span>data controller<\/b> is an entity in charge of making the decisions regarding the processing of personal data, while a <\/span>data processor<\/b> is an entity that processes personal data on behalf of a data controller. However, unlike the GDPR, the LGPD does not explain the definition of a joint controller, but the concept of <\/span>joint controllership <\/b>was introduced by ANPD (Brazil\u2019s data protection authority) in its guidelines.<\/span><\/p>\n

If a company fails to comply with LGPD requirements, a national authority, i.e. ANPD may apply the administrative sanctions against such a company, including fines of up to 2% of the company\u2019s revenue in its last fiscal year, excluding taxes, capped at R$ 50,000,000 (approximately USD 10,000,000) per infraction.<\/span><\/p>\n

How long do we process your personal data?<\/b><\/h2>\n

We process your personal data either as a joint data controller with our clients or as a data processor on behalf of and under the directions of our clients.\u00a0<\/span><\/p>\n

When we act as a <\/span>data controller<\/b> jointly with other controllers, we store your personal data for the entire period the particular client uses our services and 3<\/span> months<\/span> after the termination of their account on our platform.\u00a0<\/span><\/p>\n

In some cases, two or more clients provide your data to us simultaneously. In such a case, we store your personal data during the entire period during which one of such clients uses our services and <\/span>3 months<\/span> after.\u00a0<\/span><\/p>\n

When we act as a <\/span>data processor<\/b>, we process your personal data only for the period of time specified by the client.<\/span><\/p>\n

What is the legal basis for your personal data processing?<\/b><\/h2>\n

When we act as a <\/span>joint data controller<\/b> with a client, we process your personal data on the basis of our, the clients\u2019, and your legitimate interests. These interests are specified in our <\/span>Privacy Policy<\/span><\/a>.\u00a0<\/span><\/p>\n

When we act as a <\/span>data processor<\/b>, we process your personal data only on the \u0441lients\u2019 behalf and due to their directions.\u00a0<\/span><\/p>\n

We urge our clients to ensure the presence of the legal grounds for the processing of your personal data in accordance with requirements provided by <\/span>Article 7 of the LGPD<\/span> and believe that clients have the appropriate legal basis to transmit your personal data to us, including by obtaining valid consent from data subjects to do so.<\/span><\/p>\n

What rights do you have under the LGPD?<\/b><\/h2>\n

Article 18 of the LGPD<\/span> provides you with the following rights:<\/span><\/p>\n