Data Protection Policy

In compliance with Law 13,709/2018 (“General Law on the Protection of Personal Data” or “LGPD”), this Data Protection Policy (“Policy”) was developed to describe the procedures and standards adopted by Humberto Sanches & Associates (“HSA” or “Firm”) regarding the treatment of the personal data of the users of its website, private clients, representatives, associates, directors, or any other individual linked to our legal entity clients, as well as associates, employees, suppliers, and other collaborators of HSA (“Data Owner”, “Owner” or “you”).

Regardless of the LGPD and of this Policy, HSA will always abide by the lawyers’ duty of professional confidentiality established under Article 35 and the following articles of the Code of Ethics and Discipline of the Brazilian Bar Association (OAB).

Committed to respecting your privacy and promoting transparency, HSA has issued this Policy to enable a clear understanding of how the Firm deals with your personal data. For more information regarding the treatment of personal data, please contact us at the following e-mail address: [email protected]

WHO IS THE CONTROLLER OF ALL PERSONAL DATA?

HSA will be the controller of your personal data within the scope of the relationship established with you. Under the applicable legislation, the controller is responsible for the decisions regarding the treatment of all personal data.

WHICH DATA DO WE HAVE ACCESS TO?

Within the limits allowed by the applicable legislation, HSA may have access to the following personal data of the Owners:

  • Personal identification data and contact information: full name; marital status; address; date of birth; nationality; data from ID document(s) (such as passports, Brazilian ID cards and Individual Taxpayer No. (CPF), National Driver’s License (CNH), professional ID card, if applicable); e-mail address; telephone number; and
  • Academic and professional data: employer’s name; profession; title; educational level.

When providing legal services, HSA may also have access to a large amount of personal data from you and even from third parties involved in a specific case (for instance, a family member or another party in a transaction or administrative and/or legal procedure), depending on the work scope and on the demand. Examples of additional personal data that HSA may have to handle while rendering its services are:

  • Financial and wealth information: salaries/wages/bonuses; source of funds; bank transaction history; bank statements; financial statements; income tax statements; Declaration of Brazilian Capital held Abroad (Declaração de Capitais Brasileiros no Exterior – DCBE); other tax statements presented either in Brazil or abroad; credits; sales; assets/possessions; real estate registration titles; debt and clearance certificates; loans; companies’ constitutive documents; investment funds; trusts; foundations; and civil associations, among other estate/wealth structures; corresponding incorporation and association agreements and others connected thereon, either in the form of public deeds or private instruments;
  • Family information: family structure; personal relationships; marital status; agreements regulating the matrimonial property system; family agreements;
  • Information found in lawsuits: date of birth, nationality, place of birth, age, marital status, country, address, CNH No., Electoral/Voting Card No., military conscription certificate, profession, educational level, languages, professional registration No., and registration in the following Brazilian databases PIS/PASEP, CTPS, NIS, NIT, CEI.

The personal data mentioned above will only be handled in specific cases and when necessary for successfully rendering the intended legal services.

HSA may collect the information above in several ways: by obtaining it directly from the Owner; from a person related to the Data Owner (for instance, the company that you work for/own, your financial advisor, or family officer); or it may be accessed at publicly available sources. Regardless of the origin of the data, their treatment will be ruled by this Policy.

FOR WHICH PURPOSES DO WE USE YOUR DATA?

Overall, the Firm will treat your personal data for the purposes of assisting clients and rendering legal services, including, but not limited to:

  • Drafting, reviewing, or negotiating agreements and other legal documents;
  • Conducting or participating in audit procedures to verify the status of the client’s wealth or conformity with the Brazilian legislation, and risk assessment;
  • Drafting family and succession documents, such as donation instruments, testaments, and agreements/pacts;
  • Analyzing wealth/estate structures, cases, or other situations described by the clients, for which it may be necessary to produce responses to queries, memoranda, legal opinions, and technical reports;
  • Producing documents that may be required under Brazilian laws;
  • Liaising the relations between a client and governmental authorities and agencies;
  • Obtaining licenses, authorizations, and permits whenever required;
  • Pro bono activities;
  • Conducting internal training courses; and
  • Holding meetings, videoconferences, or conference calls to discuss matters in general.

The Firm may also have to use your personal data for drafting a formal legal fees proposal and/or another instrument with HSA, billing, and invoicing, in case you are the client, as an individual, or the representative of a legal entity client.

We may also handle your personal data to maintain our relationship with you by:

  • Sending you institutional communications, memoranda, or newsletters containing information that may interest you, as well as invitations to events;
  • Organizing events, including the management of registered subscribers, ‘save the date’ messaging, reminders, and ‘thank you’ notes. To ensure easier access and comfort at the events, HSA may also ask whether you have any disabilities or mobility restrictions.

HSA may occasionally refer your personal data, on a confidential basis, to national and international legal publications, so they may contact you for the purposes of evaluating and obtaining references on our services.

WITH WHOM DO WE SHARE YOUR DATA?

HSA may share your personal data with:

  • Software providers, cloud hosting services, and other information technologies aiming to manage your relationship with our Firm, registration databases, document services, and other actions;
  • Correspondents, experts, drafters of technical reports, partner offices (national and international), auditors, accountants, translators, financial institutions, agents, and other professionals who help us provide legal services, as needed;
  • National or international legal publications;
  • Notary Public and Registry Offices; and
  • Regulatory agencies and other authorities, such as the Brazilian Federal Revenue Service (RFB), the Central Bank of Brazil (BACEN), the Securities and Exchange Commission (CVM), State Trade Boards, and the National Civil Aviation Agency (ANAC).

TRANSFERS OF YOUR PERSONAL DATA TO OTHER COUNTRIES

HSA may transfer your personal data to partner offices and service providers located outside Brazil.

Whenever your personal data is transferred to third parties outside Brazil by HSA, the Firm will adopt the relevant measures to ensure the proper protection of all your personal data, in compliance with the requirements of the applicable laws.

HOW LONG WILL WE STORE YOUR DATA?

We will store and maintain your information: 

  • During the term permited by law;
  • Until we conclude using your personal data, as mentioned below;
  • For the time necessary to preserve HSA’s legitimate interests, as the case may be; or
  • For the time necessary to safeguard HSA’s rights in legal, administrative, or arbitration proceedings. 

Thus, for instance, we will use your data according to the applicable statute of limitation, or as necessary to comply with all legal or regulatory obligations.

Particularly with regard to physical documents containing personal data, HSA’s practices and internal policies are to refrain from storing Data Owners’ original documents. Owners’ printed documents/copies will be stored only on an exceptional and temporary basis for the necessary period defined above.

The use of personal data will cease in the following cases:

  • When the purpose for which the Owner’s personal data were collected has been attained and/or the personal data collected ceases to be necessary, or pertinent for attaining such purpose;
  • When the Data Owner, within his/her rights, requests that his/her personal data no longer be used and be deleted; or
  • Whenever there is a court order to do so.

Whenever the use of personal data ceases, except for the provisions set forth by the applicable laws or by the present Policy, such personal data will be deleted by HSA.

WHAT ARE YOUR RIGHTS REGARDING YOUR DATA?

You have the following rights regarding your data:

  • Confirmation of data use;
  • Access;
  • Correction of incomplete, inaccurate, or outdated data;
  • Anonymity, blocking, or elimination of data;
  • Portability;
  • Information on data sharing;
  • Information on the possibility of not giving consent and on the consequences of refusing to do so;
  • Revoking your consent, in case we have requested it from you; and
  • Right to file a petition to the National Data Protection Agency (ANPD).

There are circumstances that might restrict the exercise of some of the rights stipulated by law, as, for example, when providing information can reveal one of HSA’s business secrets; or as a result of compliance with a legal/regulatory obligation; or to enable the Firm’s defense in a legal or administrative procedure.

You may exercise the rights above by contacting us at the e-mail address: [email protected]

DATA PROTECTION AND INFORMATION SECURITY

We are committed to ensuring the security of your personal data and to adopting reasonable precautions to maintain this protection. HSA uses the security systems and technical, physical, and managerial procedures usually adopted by the market to protect your information.

DATA COLLECTION AND COOKIES

This section describes the use of cookies and tracking technologies on HSA’s website, to enable a number of features and resources, the analysis of website use and enhance your navigation experience. Please find below information on the types of cookies and tracking technologies we use, the types of information we collect with these technologies, and your specific rights in relation to these treatments.

What are cookies?

A cookie is a small text file that is stored by your browser whenever you visit a website. Nowadays, almost all websites use cookie technology. They may store certain kinds of information, such as your IP address and data on the content that you visualize and provide, so you will not need to type your information again every time you visit our website. Cookies also help us provide customized content, accelerate navigation on our website, and learn more about your visit and use of online services.

Four types of cookies can be used on our websites: the strictly necessary ones, performance-related cookies, functionality cookies, and cookies for marketing purposes.

Strictly necessary cookies: are essential to allow you to navigate through our website and use its resources. These are temporary cookies, which are only active while your browser window is open, and they are used for technical purposes. Without these cookies, navigation on our website may be greatly impacted. By closing your browser, the cookie will automatically disappear;


Performance cookies: are stored in your computer for longer periods of time and used for other purposes, such as tracking the number of individual visitors to the website, the number of views of a page, the time spent by each user on a page, and other relevant statistics. The information collected is aggregated and, therefore, made anonymous. These cookies are exclusively used to improve the website’s performance, and its users’ experience;


Functionality cookies: these cookies allow the website to store the information provided thereon (such as usernames, language options, and locations), so that they can offer enhanced and more customized features. They are also used to enable features requested by you, such as playing videos. These cookies collect anonymous information and cannot track your movements on other websites; and


Analytical cookies: we use analytical web services from Google, which use cookies to collect information such as your IP address or other identifiers, browser information, and information on the content viewed, aiming at analyzing how visitors use our website. This service provider will use this information on behalf of HSA, aiming to assess the number of users on our website, their location, the most visited sections, the most frequently used browsers, and the users’ main interests.

How can you enable or disable cookies?

When using our website, you acknowledge the use of cookies in accordance with the terms described herein. On your first visit to www.hsanches.com, you may see a pop-up window at the bottom of the page with a message regarding the use of this tool. Even though this message does not appear in subsequent visits, you can still manage the use of cookies later on and disable them at any time by adjusting the setup on your browser.

It is important to remember that if you decide not to receive cookies, our websites may not work properly, and some features may not become available to you.

HSA reserves itself the right to send e-mails to its clients, partners, and third parties that are, in any manner, related to the Firm, with the purpose of providing information that we deem to be of interest to you. You may request to be removed from these mailing lists by clicking on the link available at the end of the messages received.

Fraud alerts

We previously warn all Data Owners that we never send electronic messages requesting confirmation of personal information by e-mail. Thus, HSA assumes no liability for any fraudulent electronic communications that may collect personal data (phishing) from the Owners.

We recommend that you always verify the content of all e-mails received before accessing any Internet address or clicking on any link. Do not trust e-mails with suspicious headers and sender fields, or messages with strange content, grammar errors, or even faulty photos and logos.

THIRD-PARTY WEBSITES

As a resource on our website, we may provide links that grant access to other Internet websites. HSA assumes no liability for these websites or their content, and does not share, subscribe, monitor, validate, or accept the manner by which these websites or content storage tools collect, process, and transfer your personal data.

We recommend that you refer to the corresponding privacy policies of these websites to properly inform yourself as per the treatment of your personal data under such websites.

VALIDITY OF THIS POLICY

This Policy will be valid and in effect as from June 1st, 2021.

HSA reserves itself the right to amend this Policy, at any time, by publishing its updated version on www.hsanches.com.