Binding Corporate Rules

European Union standard




Each person, legal or natural, that is in an agreement with us, and get access to data that we storage and process, accept the followings Binding Corporate Rules:

1. - Declares and accept that this Binding Corporate Rules is legally binding and apply to and are enforced by every person, natural or legal, including employees and third parties, that get access to the data;

2. - Expressly confer enforceable rights on data subjects with regard to the processing of their personal data, such as change and delete their personal data;

3. - Structure and contact details of the group of undertakings, or group of enterprises engaged in a joint economic activity and of each of its members:
- Structure: Consent Term to the Use of Online Services (“CT”), 5
- Contact Details: CT, 5;
- Link to CT: https://deconti.adv.br/0/en/ct-eu/

4. - Data transfers or set of transfers:
- categories of personal data: CT, 3
- type of processing and its purposes: CT, 3.1, 4
- type of data subjects affected: CT, 1, 2
- identification of the third country or countries in question: none, only Brazil;

5. - The mentioned person accept the legally binding nature of these rules, both internally and externally, accepting the application of the general data protection principles, in particular purpose limitation (CT, 3.1, 4), data minimisation (CT, 5.2.3, 5.3), limited storage periods (CT, 4.2), data quality (CT, 4.2), data protection by design and by default (CT, 5.1), legal basis for processing (CT, 5.2.1, 5.2.4, norm UE 2016/679), processing of special categories of personal data (CT, 3.2), measures to ensure data security (CT, 5.1), and the requirements in respect of onward transfers to bodies not bound by the binding corporate rules (CT, 4.3.1, 4.3);

6. - The mentioned person accept the rights of data subjects in regard to processing and the means to exercise those rights, including the right not to be subject to decisions based solely on automated processing (CT, 4.1, 4.1.3), including profiling (CT, 4, 4.1.), the right to lodge a complaint with the competent supervisory authority and before the competent courts;

7. - The controller or the processor are liable for breaches, as well as the effective damages that can occur because of these breaches, observing the that it is necessary for the responsability the prove of a connection cause among the actions of the mentioned persons and the effective damage;

8. - The information on this Binding corporate rules is provided in a link into the Consent Term to the Use of Online Services, being a constitutive part of the Consent Term;

9. - The tasks of the data protection officer, in charge of the monitoring compliance with the binding corporate rules, as well as monitoring training and complaint-handling, are in the Consent Term (CT, 5);

10. - Complaint procedures: CT, 5.1; 5.2.3; 5.2.4; 5.5; 5.7; 5.8

11. - The mechanisms within the group of undertakings, or group of enterprises engaged in a joint economic activity for ensuring the verification of compliance with the binding corporate rules: CT, 5.2.3, plus data protection audits and methods for ensuring corrective actions to protect the rights of the data subject;

12. - Any changes to these rules, as well as changes in the Consent Term related, will be reported and recorded at https://deconti.adv.br/0. Reports to supervirory authorities will be made according request from them or the Law;

13. - Any member of the group of undertakings, or group of enterprises engaged in a joint economic activity, will cooperate with the supervisory authority to ensure compliance with the Law;

14. - Any legal duties, in any jurisdiction related with the processed data, will be informed to the data subjects when necessary to the correct treatment of the data;

15. - It is a principle that we follows the perpetual education on data protection for the data subjects as well as to the personnel having permanent or regular access to personal data.