CONTACT OUR DPO
The Data Protection Officer (DPO) is the professional responsible for data processing, advising, and supervising our work to ensure Credilink complies with all obligations established by the Lei Geral de Proteção de Dados Pessoais (LGPD).
Our DPO has expertise in Compliance, Data Protection, and implementation of LGPD (Lei Geral de Proteção de dados Pessoais), maintenance and development of compliance programs; internal control, whistleblowing channel, and Due Diligence; drafting and reviewing Privacy, Security, and Anti-corruption Policies and Terms of Use.
1What is the General Data Protection Law (LGPD) about?
The General Data Protection Law (LGPD) (Law No. 13,709 of 2018) regulates the processing of personal data of natural persons, defining the circumstances under which such data can legitimately be used by third parties and establishing mechanisms to protect data subjects against inappropriate uses.
The Law applies to the processing of data carried out by natural persons or by public or private legal entities, and aims, according to Article 1, to protect the fundamental rights of freedom and privacy and the free development of the personality of the natural person.
2What are personal data?
The LGPD adopts, in Article 5, item I, an open concept of personal data, defined as information related to an identified or identifiable natural person.
Thus, in addition to basic identification information, such as name, identification number in the General Registry (RG) or in the National Registry of Natural Persons (CPF), and residential address, other data related to a natural person are also considered personal data, such as their consumption habits, appearance, and aspects of their personality.
According to Article 12, Paragraph 2, of the LGPD, data used to create the behavioral profile of a specific natural person, if identified, may also be considered personal data.
3What are sensitive personal data?
Sensitive personal data are those to which the LGPD has granted even greater protection, as they are directly related to the most intimate aspects of an individual's personality. Thus, according to Article 5, II, sensitive personal data are those related to racial or ethnic origin, religious beliefs, political opinions, union membership, or affiliation with a religious, philosophical, or political organization, data concerning health or sexual life, genetic or biometric data, when linked to a natural person.
4What are the legal bases for the processing of personal data?
The processing of personal data may be carried out in any of the following situations indicated in the LGPD, as provided in Article 7:
- With the consent of the data subject;
- For compliance with a legal or regulatory obligation by the controller;
- For the execution of public policies by the public administration;
- For the conduct of studies by a research body;
- For the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;
- For the regular exercise of rights in judicial, administrative, or arbitral proceedings;
- For the protection of the life or physical safety of the data subject or a third party;
- For the protection of health, exclusively, in a procedure carried out by health professionals, health services, or health authorities;
- To meet the legitimate interests of the controller or a third party, except in cases where the data subject's fundamental rights and freedoms, which require the protection of personal data, prevail; and
- For the protection of credit.
5What is the National Data Protection Authority (ANPD)?
The ANPD is the federal public administration body responsible for overseeing the protection of personal data and for regulating, implementing, and supervising compliance with the LGPD in Brazil.