Privacy Policy
Piauhylino & Associados

Piauhylino & Associados, Sociedade de Advogados (hereinafter referred to as the Firm), values the privacy of its clients and visitors and undertakes to process personal data entrusted to it in strict compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter GDPR), with Law No. 58/2019 of 8 August, which ensures the implementation of the GDPR in the Portuguese legal system, and, with respect to data subjects located in Brazil, with Law No. 13.709/2018 (Brazilian General Data Protection Law, hereinafter LGPD).

This Policy describes how the Firm processes personal data collected through the website www.piauhylino.pt and its associated communication channels. The processing of personal data in the context of the provision of legal services to retained clients is governed by a separate instrument, communicated at the time of engagement.

1. Identification of the Data Controller

The data controller responsible for the personal data collected through this website is:

Piauhylino & Associados, Sociedade de Advogados, with registered office at Avenida Aida, Estoril Garden, Block 1, Office 112, 2765-187 Estoril, Portugal, registered with the Portuguese Bar Association under number OA-PT: 20/20 – 11/09/2020, holder of tax identification number 515 997 625; Piauhylino Advogados with office at SIG Quadra 04, Bloco B, Lote 75 Salas 317/318, Ed. Capital Financial Center 70610-440 Brasília — DF, Brazil, registered with the Brazilian Bar Association under number OAB/DF 639421, contactable via email at info@piauhylino.pt and by telephone at +351 932 653 116 and +55 61 4042 9377.

For matters specifically relating to the protection of personal data, the Firms provide a dedicated contact via the email address dpo@piauhylino.pt, for the attention of Luiz Piauhylino Filho.

2. Guiding Principles

The processing of personal data by the Firm observes the principles of lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability, pursuant to Article 5 of the GDPR.

3. Categories of Personal Data Processed

The Firm processes the following categories of personal data collected directly from the data subject through the website:

(i) Identification and contact data, namely first name, surname, email address, telephone number and, when voluntarily provided, nationality or country of residence;

(ii) Content of communications addressed to the Firm, including the content of messages sent via the contact form or email, as well as documentation that the data subject voluntarily chooses to attach;

(iii) Browsing data, namely internet protocol (IP) address, browser type, operating system, pages visited, time and duration of visit, and data collected through cookies, pursuant to the attached Cookie Policy.

The Firm does not collect personal data from minors through this website. Should such data be received, the Firm will proceed to its immediate deletion.

4. Purposes of Processing

The personal data collected are intended for one or more of the following purposes:

(i) Response to requests for contact, information or preliminary legal consultation, submitted through the channels made available on the website;

(ii) Preliminary assessment of potential conflicts of interest, prior to the establishment of a professional engagement;

(iii) Administrative management of the relationship with the user, including the sending of communications relating to the request submitted;

(iv) Compliance with legal and regulatory obligations applicable to the practice of law, including those arising from the Portuguese Bar Association Statute;

(v) Aggregated statistical analysis of website usage, with a view to its improvement and optimization of the browsing experience;

(vi) Information security and prevention of abusive, fraudulent or unlawful use of the services provided.

5. Legal Grounds

The processing of personal data by the Firm is based on one or more of the following legal grounds provided for in Article 6(1) of the GDPR:

(a) Pre-contractual measures at the request of the data subject, pursuant to point (b), namely when the user requests information with a view to the potential establishment of an engagement relationship;

(b) Compliance with a legal obligation to which the Firm is subject, pursuant to point (c), particularly with regard to the prevention of money laundering and terrorist financing (Law No. 83/2017) and the retention of professional records;

(c) Legitimate interests pursued by the Firm, pursuant to point (f), namely administrative management, information security and website improvement, insofar as the interests, rights and fundamental freedoms of the data subject do not prevail;

(d) Express consent of the data subject, pursuant to point (a), in cases where such consent is required, namely with regard to cookies that are not strictly necessary, which may be withdrawn at any time, without prejudice to the lawfulness of processing carried out until that time.

6. Disclosure of Data to Third Parties and Subcontractors

The Firm does not disclose or transfer personal data to third parties, except in the following situations:

(i) When necessary for the pursuit of the purposes identified above, namely to subcontractors who provide services to the Firm in the areas of website hosting, email management, statistical analysis, IT security and administrative support, who are bound by written contract to comply with the obligations arising from the GDPR;

(ii) In compliance with a legal obligation to disclose, namely to judicial, tax or supervisory authorities, in the exercise of their legal powers;

(iii) With the express consent of the data subject.

7. International Data Transfers

Given the Portuguese-Brazilian nature of the Firm’s activities, transfers of personal data may occur between Portugal and Brazil, both countries recognized by their respective authorities as having an adequate legal framework for data protection. Nevertheless, whenever data is transferred to a third country that does not benefit from an adequacy decision by the European Commission, the Firm will ensure the adoption of the safeguards provided for in Chapter V of the GDPR, namely standard contractual clauses approved by the European Commission.

8. Retention Periods

Personal data are retained for the period strictly necessary to fulfill the purposes for which they were collected, observing the following criteria:

(i) Data associated with contact requests that do not result in an engagement: retained for a maximum period of two years from the last communication, unless a legitimate interest of the Firm or legal obligation requires a longer period;

(ii) Data associated with retained clients: retained for the duration of the engagement relationship and, after its termination, for the period applicable to the retention of files by lawyers, pursuant to the Portuguese Bar Association Statute and other applicable legislation;

(iii) Browsing data and cookies: retained for the periods specified in the Cookie Policy.

9. Information Security

The Firm adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, namely measures that ensure the confidentiality, integrity, availability and resilience of processing systems and services. These measures include, as applicable, access controls, encryption of communications via secure protocol, periodic backups and training of staff on data protection matters.

10. Data Subject Rights

Pursuant to the GDPR and applicable national legislation, the data subject has the following rights:

(a) Right to information regarding the processing of their personal data;

(b) Right of access to personal data concerning them that are being processed by the Firm;

(c) Right to rectification of inaccurate or incomplete personal data;

(d) Right to erasure (right to be forgotten), in the cases provided for in Article 17 of the GDPR;

(e) Right to restriction of processing, in the cases provided for in Article 18 of the GDPR;

(f) Right to data portability, pursuant to Article 20 of the GDPR;

(g) Right to object to processing based on legitimate interest, pursuant to Article 21 of the GDPR;

(h) Right not to be subject to a decision based solely on automated processing which produces legal effects or similarly significantly affects the data subject, pursuant to Article 22 of the GDPR;

(i) Right to withdraw consent given, without prejudice to the lawfulness of processing carried out until that time.

The exercise of any of these rights may be effected by written communication addressed to dpo@piauhylino.pt, or to the Firm’s registered office indicated in clause 1. The Firm undertakes to respond to such requests within a maximum period of one month, which may be extended, in the legally provided terms, due to the complexity of the request.

Data subjects located in Brazil are additionally granted the rights provided for in Article 18 of the LGPD, exercised under the same terms.

11. Automated Decisions and Profiling

The Firm does not carry out automated processing of personal data for profiling purposes nor does it adopt decisions based solely on automated processing that produce legal effects on data subjects.

12. Complaint to the Supervisory Authority

Without prejudice to the right to lodge a complaint directly with the Firm, the data subject has the right to lodge a complaint with the competent supervisory authority, which in Portugal is the National Data Protection Commission (CNPD), with registered office at Avenida D. Carlos I, 134, 1st floor, 1200-651 Lisbon, contactable via email at geral@cnpd.pt and at the website www.cnpd.pt. In Brazil, the competent authority is the National Data Protection Authority (ANPD), accessible at www.gov.br/anpd.

13. Cookies

The use of cookies and equivalent technologies on this website is governed by a separate Policy, which the user may access via the Cookie Policy link, available in the website footer, or through the consent banner displayed at the time of the first visit.

14. Amendments to the Privacy Policy

The Firm reserves the right to update this Policy whenever necessary due to legislative or regulatory changes or changes in processing practices. The version in force at any given time is the one published on the website, and the data subject should consult it periodically. Whenever an amendment is of a substantial nature, appropriate notice will be given.

15. Applicable Law

This Policy is governed by Portuguese law, without prejudice to the direct application of the GDPR and, where applicable, the LGPD.