Whatsapp Talk with an expert

Privacy Policy

Mides Comércio e Indústria is committed to the privacy of personal data and the security of the information shared by the holders. To reaffirm this commitment to protect and preserve your privacy, under the terms of the General Data Protection Law and other laws that address the subject, Mides establishes its Personal Data Privacy Policy. We recommend that you read this document carefully.

1.Purpose

Demonstrate and communicate how your privacy is protected during the processing of your personal data and guide the expected behavior of everyone involved in Mides’ projects and activities, to ensure the protection of personal data in accordance with the provisions of the General Law for the Protection of Data.

2. Terms and Definitions

In order to clarify the concepts covered in this Privacy and Personal Data Protection Policy, the most relevant terms are listed below:

  • Personal data: all that refer to an identified or identifiable natural person. In practice, the expression comprises all data that allows to identify a person;
  • Sensitive personal data: personal data refers to racial or ethnic origin, religious conviction, political opinion, affiliation to a union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.
  • Anonymized data: data relating to the holder that cannot be identified, considering the use of reasonable technical means available at the time of its treatment.
  • Holder: natural person to whom the personal data to be processed refer.
  • Treatment of personal data: any operation performed with personal data, sensitive or not, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or information control, modification, communication, transfer, dissemination or extraction.
  • Controller: natural or legal person, under public or private law, who is responsible for decisions regarding the processing of personal data.
  • Operator: natural or legal person, under public or private law, who processes personal data on behalf of the controller.
  • Data protection officer or DPO: person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD).

3. Applicability

This policy applies, in general, to natural persons who provide or potentially may provide personal data to be processed by Mides as a legal entity governed by private law.

4.Guidelines and Obligations

4.1. Treatment of Personal Data

All processing of personal data carried out by Mides is done in strict compliance with the principle of good faith and other principles established by the General Data Protection Law, namely:

  • Purpose: processing for legitimate, specific, explicit and informed purposes to the holder, without the possibility of further processing in a manner incompatible with these purposes.
  • Adequacy: treatment compatibility with the purposes informed to the holder, according to the treatment context.
  • Necessity: limitation of the processing to the minimum necessary for the accomplishment of its purposes, with the scope of pertinent data, proportional and not excessive in relation to the purposes of the data processing.
  • Free access: guarantee, to holders, of easy and free consultation on the form and duration of the treatment, as well as on the completeness of their personal data.
  • Data quality: guarantee, to the data subjects, of accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its treatment.
  • Transparency: guarantee, to holders, of clear, accurate and easily accessible information about the performance of the treatment and the respective treatment agents, observing commercial and industrial secrets.
  • Security: use of technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination.
  • Prevention: adoption of measures to prevent the occurrence of damage due to the processing of personal data.
  • Non-discrimination: impossibility of carrying out treatment for unlawful or abusive discriminatory purposes. Accountability and accountability: demonstration, by the agent, of the adoption of effective measures capable of attesting to the observance and compliance with the rules for the protection of personal data, and even of the effectiveness of these measures.

In addition to these principles, the terms of the consent given by the owner of the personal data are essential. Consent consists of the explicit and freely determined, specific, informed and clear indication of the authorization of the holder of the personal data for the processing, by means of a declaration or a clear affirmative action.

Mides, under no circumstances, uses or performs data processing beyond what is strictly necessary for the purposes for which the consent was issued by the owner of the personal data. Furthermore, it repudiates any intention or practice of using personal data in circumstances that generate damage or violate the rights of the holders.

The consent of the holder of personal data can be withdrawn at any time, upon clear and specific manifestation.

Exceptions to the expression of consent can only occur in full compliance with the obligations and principles provided for in the General Data Protection Law, with the rights of the holder of the personal data being safeguarded.

4.2. Security and Protection of Personal Data

Mides takes all reasonably necessary measures to ensure that personal data is treated reliably, securely and in accordance with relevant legislation. Therefore, it has all the security mechanisms necessary to protect personal data stored in its databases, systems or other media.

A structure to ensure that confidentiality and privacy are preserved, including a strict awareness process for all involved, is maintained and all necessary efforts and investments are ensured by Mides’ Management.

All technical and administrative measures necessary to ensure that the personal data processed are adequately protected and in compatibility with its sensitivity are adopted and continuously monitored.

At planned intervals or in the event of significant changes in processes, an assessment of the risks associated with the protection of personal data is carried out and a compliance audit is carried out to assess whether preventive measures are consistently implemented.

4.3. Sharing or Transferring Personal Data

Mides is prohibited from sharing or transferring personal data with third parties without the consent of the holder of the personal data, except in the cases of waiver of consent provided for in the General Data Protection Law and, when such sharing becomes necessary or appropriate: (i ) the provisions of other applicable laws; (ii) in compliance with legal obligations/judicial orders; (iii) by determination of the National Data Protection Authority or other competent supervisory authority or; (iv) to respond to requests from public or governmental authorities.

When applicable, the international transfer of data may only take place in accordance with the express provisions of the General Data Protection Law in force.

4.4. Retention and Disposition of Personal Data

No personal data will be retained by Mides beyond the appropriate retention time and in accordance with specific purposes. The times required by current national legislation for auditing, accountability and compliance with legal or regulatory obligations will also be observed.

The retention period of personal data will be based on the criteria of: (i) specific legislation with a fixed period for data retention; (ii) purpose of processing; (iii) existence of judicial, administrative or arbitration proceedings and; (iv) requests for information made by government authorities.

When the retention period expires, within the scope and technical limits of its activities, the personal data will be disposed of by Mides in a secure and controlled manner to ensure the rights and freedoms of the holders of the personal data.

4.5. Incident Response

Under the terms of the General Data Protection Law, Mides will promptly assess and respond to any occurrence or potential risk of incidents that could compromise the protection and privacy of the personal data processed.

Aware of its duties and obligations towards data protection and privacy, Mides maintains a structured process to handle and manage any incidents involving personal data.

Upon identification and knowledge of any incident involving the personal data under its responsibility, Mides will immediately adopt the appropriate measures to contain the impacts caused by the incidents and prevent damage to the holders.

In accordance with the General Data Protection Law, all relevant communications will be carried out and any instructions given by the National Data Protection Authority will be fully obeyed.

4.6. Rights of Holders

Mides, within the scope of the processing of personal data, guarantee all the rights of data subjects, in accordance with the provisions of the General Data Protection Law.

Pursuant to the law, the data subject may at any time request access to the data concerning him, as well as its rectification, deletion or limitation of the use of personal data, the portability of his data, or even oppose to its treatment, except in the cases provided for by Law.

The holders of personal data may, at any time, exercise the rights conferred on them by law or clarify any doubts related to the processing of their personal data by means of a written request sent to the email of the person in charge of processing the data at Mides.

4.7. Responsible for the Processing of Personal Data

Mides makes available to all holders of personal data a direct communication channel with the person in charge of processing personal data. The person in charge can be called upon to clarify any doubts related to the processing of personal data or when the holder wishes to exercise their rights, with regard to the processing of their personal data.

Contact: mides@mides.com.br

5. Publication and review

This Policy is approved by Mides Management and is published and communicated to interested parties through official communication channels.

By providing personal data to Mides, the data subject or its legal representative declare to have full and express capacity to accept the terms and conditions of this Privacy Policy and the Consent Term for all legal purposes.

If the holder of personal data does not agree, even in part, with the terms and conditions contained in this Privacy Policy, he must not provide personal data for processing by Mides, as well as access or use the services operated by it.

Mides reserves the right to change this Data Privacy Policy at any time. These changes will be duly made available and, if they represent a substantial change regarding the way in which personal data will be treated, Mides will keep in touch through the channels informed by the holder.

Ask an expert
Ask an expert
Click here
We use cookies to improve your experience. Learn more at our Política de cookies e Política de privacidade