The Power of a "Company of One"
Privacy and Data Protection Policy
This Internal Privacy and Data Protection Policy provides information about the collection, use, storage, processing, and protection of personal data of all our employees, third parties, partners, and clients of Sócrates. It was developed in accordance with the General Data Protection Law (Law 13.709/18) and the Brazilian Civil Internet Framework (Law 12.965/14).
We understand that all our employees, third parties, and partners of Sócrates value and care about their privacy and the protection of their personal data. Therefore, we have developed this Internal Privacy Policy, whose main objective is to inform you about the collection, use, sharing, and general form of processing your personal data, whether in digital or physical format, in order to provide greater transparency about how and for what purposes the company uses your data.
Our goal is to adopt security and privacy measures, in a transparent manner in the processing and protection of personal data, seeking to comply with the General Data Protection Law and giving visibility to our employees and collaborators about the processing of their data, protecting them and complying with the principles of current legislation.
Therefore, to guarantee the privacy and protection of your personal data, it is very important that you know and respect the guidelines of Sócrates' Internal Privacy and Data Protection Policy.
The guiding principles of this internal policy, aligned with the General Data Protection Law:
Adequacy:
The processing of data must be compatible with the purpose informed to the data subject.
Necessity:
The processing must be limited to the minimum necessary to achieve the proposed objective.
Free access:
Data subjects have the right to access information about the processing of their data at any time.
Data quality:
The processing of data must keep it accurate, clear, relevant, and up-to-date, without discrepancies or distortions.
Transparency:
The data processing must be explained to the data subjects in a transparent and accessible manner, observing the necessary commercial and industrial secrecy.
Security:
Personal data must be protected by the data controller so that it is not lost, altered, destroyed, or accessed inappropriately.
Prevention:
It is the responsibility of the data controller to take measures to prevent damage arising from the processing of personal data.
Non-discrimination:
The processing of personal data must not be carried out for discriminatory, illegal, or abusive purposes.
Accountability:
Demonstration, to the data subjects, of the measures used to guarantee compliance with the General Data Protection Law.
We will only collect personal information to the extent necessary to provide our services and, in all applicable cases, we will obtain your consent to process your data in accordance with the General Data Protection Law.
Within the limits established by applicable law, the categories and types of personal data collected by Socrates may include, subject to the guiding principles listed above: (1) your contact information, such as name, position, company name, email address, telephone number, or mailing address, among others, used to communicate with you; (2) account information such as your username, user ID, data about your registration or participation in training, webinars or other events; (3) professional or employment-related information, such as work history, resume, cover letter.
Socrates may also collect personal data directly through interactions and through its products and services, and personal data collected online may also be combined with personal data provided through offline channels, such as, for example, during a meeting, interviews, employment, events held, and also, automatically, related to the use of our websites and the response to our emails through the use of various technologies.
The processing of personal data is based on consent. Consent is the freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
In accordance with the General Data Protection Law, data will only be collected, processed, and stored with prior express consent.
Consent is required when requesting data from clients, partners, and employees who are natural persons, when necessary, by accepting it in the corresponding field of the system, or by accepting the response email with which the service request is completed, in the commercial phase. Prior consent is required upon request to sign an appropriate term when hiring new employees, interns, and service providers.
Consent will be specific for each described purpose, demonstrating Socrates’ commitment to transparency and good faith towards its users, clients, collaborators, partners, and employees, and may be revoked at any time.
The responsibility for the correct processing of personal data within the company is shared among all those who act as data processors, and the collaboration of all is fundamental for the company to always comply with the law, offering security to all data subjects.
Socrates may disclose personal data to business partners and service providers to support our operations. Such business partners and service providers are contractually obligated to maintain the confidentiality and security of the information received on behalf of Socrates and not to use it for any purpose other than that for which it was provided.
The exchange of personal data with persons or entities external to Socrates must be restricted to the minimum necessary for the execution of contracts and the provision of services in which the data subjects are involved, or the fulfillment of any legal obligation. Even when the processing directly involves the provision of services, prior consent must have been obtained for such processing and exchange.
Socrates may also disclose personal data that is required by law or judicial process, and that is essential for compliance with judicial, judicial, and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings, 1 which will be retained, despite the exclusion of other data.
The processing of personal data at Socrates must follow the principles defined in this policy and must be strictly focused on the purposes for which the data is collected, respecting the principles of this policy and the criteria for security and information exchange, as well as the applicable legislation.
Personal data should only be processed by individuals who need to process it. This reduces the risk of human error causing leaks or misuse of information. The best way to ensure this is to divide the data by sectors and by specific responsibilities within each sector. In this way, it will be known in each situation who the data processors are and the risks of an information security incident will be greatly reduced.
To guarantee this sectoral data processing, each employee or service provider of Socrates has individual access to the company's database, protected by an untransferable password. Therefore, only authorized persons will be able to access personal identification data of employees and service providers, for example.
The only permitted processing of personal data contained in electronic waste received and managed by Socrates is its elimination. To ensure that none of the data that may be stored on the devices that Socrates receives for its management is misused, all of them are destroyed during the processing of the materials, after prior certification to the clients of where this data comes from. Access by Socrates employees and service providers to materials and information about them contained in the Socrates computer system is restricted to the provision of the Service Order and the role determined for each employee.
The mere access and/or misuse of any personal data stored in the technological waste processed by the company is strictly prohibited, under penalty of dismissal for just cause (or termination of the service contract) without prejudice to civil and criminal liability.
The personal data collected by Socrates will be used and stored for the time necessary to provide the service or to achieve the purposes listed in this Privacy Policy, taking into account the rights of the data subjects and the data controller. Thus, the data will be retained for the duration of the contractual relationship between the data subject and Socrates and, after the data retention period has expired, it will be deleted from our databases or anonymized, except in the cases legally provided for in art. 16 LGPD, namely:
I – fulfillment of legal or regulatory obligations by the controller; II – study by a research organization, guaranteeing, whenever possible, the anonymization of personal data; III – transfer to a third party, provided that the requirements for data processing provided for in this Law are respected; IV – exclusive use by the data controller, with access by third parties being prohibited, provided that the data is anonymized.
Therefore, when the purpose of processing personal data has been achieved, and its retention is no longer necessary to comply with legal requirements, it must, with the exception of the cases in the preceding paragraph, be duly deleted physically and digitally, with communication of this deletion to the data subject in cases where it occurs in a manner other than that provided for in the applicable consent form.
Thus, Socrates is committed to the security and privacy of the personal data collected, through the use of technical protection measures and solutions capable of guaranteeing the confidentiality, integrity, and inviolability of the data, also equipped with security measures appropriate to the risks and controlled access to the stored information.
To protect your personal information, we use physical, electronic, and administrative safeguards designed to protect your privacy. We apply these safeguards considering the nature of the personal data collected, the context and purpose of the processing, and the risks that would be generated by possible violations of the rights and freedoms of the data subject.
Socrates is committed to adopting best practices to prevent security incidents.
Among the measures adopted, we highlight the following:
Only authorized personnel have access to personal data;
Access to personal data is granted only after a confidentiality agreement is signed;
Physically stored personal data is kept in a locked location, inaccessible to unauthorized personnel.
Digitally stored data is encrypted and access is restricted through personal passwords.
Copies of personal data are only made when necessary and are securely stored and tracked.
This Privacy Policy may be updated from time to time. We recommend that you visit this page periodically to review any changes. However, Socrates will not use your information for purposes other than those defined in this Privacy Policy without first obtaining your consent.
Socrates’ personal data operators must provide all information required by data subjects regarding the processing of their personal data, respecting the company's right to trade secrets where applicable. The purpose of the processing must always be evident and transparent.
Whenever a request for information about personal data is made by a data subject, operators must inform the Data Protection Officer and subsequently provide the requested information to the data subject.
The Data Protection Officer will be responsible - in the terms of the LGPD - for communication between data subjects, Socrates, and the National Data Protection Authority (ANDP). The DPO is responsible for verifying existing risks, indicating corrective measures, and periodically assessing the security of personal data within the company, and must also carry out the necessary communications with data subjects or public authorities.
Any doubts that arise in the day-to-day operations of the company regarding the protection of personal data should be brought to the DPO for immediate advice or to seek appropriate guidance from the ANDP and other specialized entities.
The Data Protection Officer will maintain a risk and impact assessment report related to the protection of personal data, through which the necessary measures for the security of personal data can be structured, implemented, and evaluated.
Socrates Live Ideas SPA has appointed Socrates Baquedano as its Data Protection Officer, providing the following contact information to exercise your rights:
Email: info@socrates.la
Request a Quote
Today we work in Brazil, Chile, and the United States, serving clients across various industries and markets, successfully fulfilling and completing all their requirements and projects!
Chat with Us
We are here to solve all your graphic needs and requirements. Contact us today and discover how Sócrates ONE can help you solve everything at the highest level and at a fair price.
Request a Quote
Today we work in Brazil, Chile, and the United States, serving clients across various industries and markets, successfully fulfilling and completing all their requirements and projects!
Chat with Us
We are here to solve all your graphic needs and requirements. Contact us today and discover how Sócrates ONE can help you solve everything at the highest level and at a fair price.
We facilitate global reforestation
and the fight against climate change.
International Presence
- CHILE
- BRASIL
- COLOMBIA
- USA
