The General Personal Data Protection Law (LGPD – Law no 13.709/2018) governs any operation regarding personal data, such as collection, processing, visualization, sharing and storage of information of a personal nature. All personal data must be duly handled and stored subject to penalties to the companies that range from a simple warning to fines.
The purpose of the law is to protect citizens from the illicit use of their personal data and ensure their basic freedom and privacy rights. In other words, henceforth consumers may demand that personal information collected by companies, both by physical and digital means, be excluded or not used.
Valid in the entire country and with extraterritorial characteristics (applies to facts occurring outside Brazil), the law encompasses all organizations, public or private, and individuals that offer goods and services and handle client personal data.
Transpetro has developed an adaptation process to the rules and is ready to meet the requirements of the legal benchmark for data protection. We have performed a detailed companywide mapping of the macro processes for handling personal data, identifying the type of information collected, its purpose, where it is stored and what areas or employees have access to it.
We published the Privacy and Personal Data Protection Management Standard to guide our managers regarding handling of personal data, including digital means, where Transpetro acts as controller or operator, for the purpose of protecting the rights of the data holders, privacy, and compliance with the law.
Nature of personal information
According to the LGPD, personal data is defined as what allows for identification of a living person: name, surname, DOB, personal documents (such as CPF, RG, CNH, employment book, passport and voter registration), home or business address, phone number, email address, bank card, income, payment history, consumer habits, leisure preferences, cookies and IP address.
The law also defines sensitive personal data associated to an individual pertaining to race or ethnic origin, religion, political views, union membership, or religious, philosophic, or political organization affiliation, health, or sexual orientation data, and genetic or biometric data. Due to its higher potential for harm, handling of this data is subject to even more stringent rules.
Data holder rights and access
We make safe and suitable personal data access available to the data holders, ensuring (provided commercial and industrial confidentiality is observed based on the information security and data protection norms) they are obtained in a timely manner upon request:
(i) confirm data handling; (ii) access the data; (iii) correct the data (incomplete, inaccurate or outdated); (iv) anonymize, block or eliminate excessive data or incorrectly handled data; (v) undertake the portability of the data to another service or product provider when possible; (vi) advise about the possibility of refusing consent and the consequences for such refusal; (vii) eliminate personal data handled through consent, except in the case where there is legal basis for handling; (viii) revoke the consent, having ratified the handling undertaken as supported by the consent previously provided; (ix) inform public and private entities with which Transpetro performed shared data usage.
Observing commercial and industrial confidentiality, the holders of personal data or their legal representatives may request them at any time, based on the General Personal Data Protection Law.
Our Person in Charge
The person in charge for monitoring the General Personal Data Protection Law (LGPD) is the Transpetro Ombudsman, Luiz Cristiano Oliveira de Andrade, who may be contacted for this purpose at: firstname.lastname@example.org
Access by data holders
The data holders may request access to their respective personal data. For such please contact the Transpetro Ombudsman .