As a law firm, we regularly receive personal data as part of our professional activities. Your personal data may be collected by us in a number of ways, including:

• when you request a proposal from us in relation to our services;
• as part of our business intake procedures;
• through our provision of legal services to you or your organization;
• during the course of dealings with you for or on behalf of a client;
• when you apply to us for a position;
• when you or your organisation offer or provide services to us;
• when you browse or interact with our Website or any of our online services;
• when you provide information to us by filling in forms on our Website. For example, this includes information provided at the time of registering for newsletters and updates on our Website, subscribing to our services, participating in webinars or requesting further services;
• when you provide us with information in relation to your attendance at any of our seminars or other hosted events;
• when you complete surveys that we use for research purposes; and
• when you contact us for the above and any other reason, we may monitor and keep a record of that correspondence (in whatever form).

Ordinarily, we will collect any such personal data directly from you. In some case, however, we may collect personal data from third parties (for example our clients and other professional advisers) or we may collect publicly available information about you or your business (including through electronic data sources).

We may collect and process a number of different categories of your personal data, including but not limited to the following:

• Personal details (such as name, postal address, email address, telephone number, fax and other contact details);
• Professional information such as company, title/function, department and website or, previous jobs, professional experience and qualifications;
• Identification and background information provided by you or collected by us as part of our business acceptance processes, subject to applicable laws and regulations;
• Financial information, such as bank account details;
• Where you provide it, information about your hobbies and interests;
• Marketing preferences, areas of interest and information from marketing activities to which you may have responded or in which you may have participated;
• Information from any research or surveys conducted by us in which you may have participated;
• Details of your visits to our Website including, but not limited to, traffic data, location data, weblogs and other communication data;
• Information we receive from other sources, such as publicly available information, and information provided to us by or on behalf of our clients, your employer or other relevant organizations or generated by us in the course of providing our services;
• Images captured by our offices’ CCTV cameras, if any.

Where necessary and legally permitted or volunteered by you, we may also collect more sensitive data such as diversity and health data, and details of offences and related proceedings. This includes, for example, access and dietary requirements when you attend meeting and events.

We may process personal data about you for the following purposes:

• to prepare for the entering into a contract with you;
• to provide you or a client with our services;
• to contact you in the course of providing services to our clients;
• to deal with your enquiries and requests;
• to provide you with any other information that you request from us;
• to consider your application for a position;
• to manage our business relationship with you or your organization in connection with the provision or procurement of goods and services, including processing payments, accounting, auditing, billing and collection and related support services;
• to manage and secure the access to our offices, systems and online platforms;
• to comply with our legal and regulatory obligations and responsibilities, including with respect to anti-money laundering and sanctions checks;
• to provide you with information related to our services, and to advise you of news and legal updates, events, reports and other information;
• to seek your thoughts and opinions on the services we provide; and
• where we have other legitimate reasons for doing so (to the extent permitted by applicable law).

If you refuse to provide us with certain information when requested, we may not be able to deal with you and/or perform any contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.

When we collect contact information from you (for example, when you provide us with your business card), we may add your details to our contacts database and to our mailing lists. In all other cases, we will usually inform you (before collecting your information) if we intend to use your information for marketing purposes or if we intend to disclose your information to any third party for such purposes.

You can change your preferences for receiving Marcelo Tostes Advogados event invitations, legal updates, marketing emails and other information from us by clicking on the link provided to “update my subscriptions” in a Marcelo Tostes Advogados email.

You also have the right to ask us not to process your personal information for marketing purposes. You can exercise the above right at any time by clicking on the “unsubscribe” link in a Marcelo Tostes Advogados email, by sending us an email at ti@mtostes.com.br.

We use cookies (small files which remember a user’s electronic device) to help improve our Website, and improve our services to you, in a variety of different ways.

Any information automatically retrieved from visitors to our Website, such as site browsing patterns, will be used primarily in aggregate form (so that no individual users are identified). This website uses Google Analytics and Google Tag Manager cookies for monitoring overall website usage levels.  Please note that you can adjust your browser settings to block the use of cookies, although this may result in some parts of our website and other websites not being available to you. Your web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. You can use your browser to determine which type of cookies you have allowed and you can delete existing cookies (usually within your browser’s Tools, Options or Privacy settings). In addition, Google provides a Google Analytics Opt-out Add-on for web browsers, which prevents Google Analytics from collecting information about website visits.

We will delete your personal data:

• when it is no longer reasonably required to fulfil the purpose for which it was collected; or
• when you withdraw your consent (where applicable), provided that we are not legally required or otherwise permitted to continue to hold such data.

We may retain your personal data for an additional period to the extent deletion would require us to overwrite our automated disaster recovery backup systems or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.

We provide a list of our offices, together with relevant contact information, that can be found on our Website. Irrespective of how we obtain your personal data, it may be shared among all the offices within Marcelo Tostes Advogados. We will put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We may also, as set out below, share

We may share your personal data with third parties where we are required to do so by law or any regulatory authority, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

“Third parties” includes our clients (in the course of providing our services) as well as third party service providers and external agencies that we engage to process information on our and your behalf, including to provide you with information that you have requested (for example IT and data storage services, professional advisory services, word-processing, translation and other administration services, marketing services and banking services). We may also share your personal data with other third parties, for example in the context of the possible sale, merger or other restructuring of any of our businesses.

We may disclose your personal data in order to protect our rights or property or those of our clients or others; and this includes exchanging information with other companies and organizations for the purposes of fraud prevention, compliance with anti-money laundering and ‘know your client’ requirements, and credit risk reduction.

Where we share or transfer your personal data with third parties, we will do this in accordance with applicable data protection laws and will take appropriate safeguards to ensure its integrity and protection.

We will put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.  We also limit access to your personal data to those employees, agents, third party service providers and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

Given that the internet is a global environment, using the internet to collect and process personal data necessarily involves the transmission of information on an international basis. By browsing our Website and communicating electronically with us, you therefore acknowledge and agree to our processing of personal data in this way. The transmission of information via the internet is never completely secure and we accordingly cannot guarantee the security of your information transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

Our Website may, from time to time, contain links to other websites which are outside of our control and are not covered by this privacy notice. We do not accept any responsibility or liability for other sites’ privacy notices or policies. If you access other websites using the links provided, please check their policies before submitting any personal data.

It is important that the personal data we hold about you is accurate and current. Should your personal data change, please notify us of any changes of which we need to be made aware by contacting us, using the contact details below.

As set out above, you can ask us to stop sending you any marketing communications at any time.

We reserve the right to amend this privacy notice from time to time to reflect changing legal requirements or our processing practices. Any such changes will be posted on our Website and will be effective upon posting.

If you have any requests or queries concerning your personal data or any queries with regard to our practices, please contact us at ti@mtostes.com.br. This privacy notice was last updated on March 19, 2020.