Brazil's General Data Protection Act (Lei Geral de Prote\u00e7\u00e3o de Dados) (LGPD) is the comprehensive privacy and security law governing the protection of personal data in Brazil. LGPD was enacted on August 14, 2018.\u00a0<\/span><\/p>\n Under the LGPD, any information that makes it possible to identify an individual can be considered <\/span>personal data<\/b>.\u00a0<\/span><\/p>\n The key definitions of the LGPD are similar to GDPR. For example, there are two main roles that a company can take on in personal data processing activities. These are the <\/span>data controller<\/b> and <\/span>data processor<\/b>.\u00a0<\/span><\/p>\n A <\/span>data controller<\/b> is an entity in charge of making the decisions regarding the processing of personal data, while a <\/span>data processor<\/b> is an entity that processes personal data on behalf of a data controller. However, in comparison with the GDPR, the LGPD does not explain the concept of joint controllership.\u00a0<\/span><\/p>\n However, the concept of <\/span>joint controllership <\/b>was introduced by ANPD (Brazil\u2019s data protection authority) in its guidelines and can be understood as \"the joint, common or convergent determination, by two or more controllers, of the purposes and essential elements for the realization of the treatment of personal data, through an agreement that establishes the respective responsibilities regarding compliance with the LGPD\".<\/span><\/p>\n If a company fails to comply with LGPD requirements, a national authority, i.e. ANPD may apply administrative sanctions against such a company, including fines of up to 2% of the company\u2019s revenue in its last fiscal year, excluding taxes, capped at R$ 50,000,000 (approximately USD 10,000,000) per infraction.<\/span><\/p>\n No, it is not strictly necessary. The LGPD provides ten legal bases for the processing of personal data. We mostly rely on four of them, e.g. during the processing of the prospects\u2019 email addresses as a controller we rely on legitimate interest. When we act as a processor, we believe that clients have the appropriate legal basis to transmit your personal data to us, including by obtaining valid consent from data subjects to do so.<\/span><\/p>\n The legitimate interest basis is one of the ten legal bases for personal data processing under the LGPD.\u00a0<\/span><\/p>\n We have defined that the processing of emails relies on our, yours, and the prospects\u2019 legitimate interests which are the following:\u00a0<\/span><\/p>\n We do our best to ensure that our activities comply with the requirements of the LGPD.\u00a0<\/span><\/p>\n Under <\/span>Article 10 of the LGPD<\/span>, the controller shall adopt measures to ensure transparency of data processing based on their legitimate interests.<\/span><\/p>\n Snov.io has completed a legitimate interest assessment regarding all personal data whose processing is based on legitimate interest, including emails. We concluded that the data subject\u2019s fundamental rights and freedoms, which require personal data protection under applicable laws, do not prevail in this case and therefore do not contradict with requirements of Article 10 of the LGPD.<\/span><\/p>\n You can read more about the processing roles of Snov.io here. For more information, please check our <\/span>Privacy Policy<\/span><\/a> and <\/span>Joint Controllership Agreement<\/span><\/a>.<\/span><\/p>\n We do our best to comply with the requirements of the LGPD, guidelines issued by ANPD, and applicable laws.\u00a0<\/span><\/p>\n Snov.io fulfils the prospects\u2019 rights as follows:\u00a0<\/span><\/p>\n We would strongly recommend that you comply with the requirements of the LGPD when this act applies to your data processing activities. Please note that you act as a joint data controller together with us regarding the prospects\u2019 personal data you provide us with.\u00a0<\/span><\/p>\n Important<\/b>: as joint data controllers, we should cooperate and provide reasonable assistance to each other in order to ensure fulfilment of the prospects\u2019 rights, so in case you receive requests from the prospect, you may contact us. For more information, please check our <\/span>Joint Controllership Agreement<\/span><\/a>.\u00a0<\/span><\/p>\nIs it necessary to receive consent to process emails?<\/b><\/h2>\n
What is legitimate interest?<\/b><\/h3>\n
\n
How does Snov.io ensure it has the right to process email contacts?<\/b><\/h2>\n
How does Snov.io fulfil the rights of prospects under the LGPD?<\/b><\/h2>\n
\n
Do you need to comply with the LGPD?<\/b><\/h2>\n