Privacy Policy - LGPD

Additional Notice for Brazilian Residents LGPD (Lei Geral de Proteção de Dados)

The Brazilian Privacy statute, Lei Geral de Proteção de Dados (LGPD), enhances privacy rights and consumer protection for individuals who reside in Brazil. FortifyIQ is committed to full LGPD compliance.

Please refer to our Privacy Policy for general information about what kind of personal data we collect, and how we collect, use, and store your personal data. Please see below for additional information relevant to the LGPD.

The provisions contained in this section apply to residents of Brazil, according to the “Lei Geral de Proteção de Dados” (LGPD). These provisions supersede any conflicting provisions contained in the privacy policy. In addition, the term “personal information“ is used in this notice as it is defined in the Lei Geral de Proteção de Dados (LGPD).

The grounds on which we process your personal information

We can process your personal information only if we have a legal basis to do so. The following legal bases are recognized under the LGPD:

Your consent to processing activities;

Our compliance with a legal and regulatory requirements;

Carrying out of public policies provided in laws or regulations or based on contracts, agreements and similar legal instruments;

Studies conducted by research entities, preferably carried out on anonymized personal information;

Carrying out of a contract and its preliminary procedures, in cases where you are a party to said contract;

Exercising of our rights in judicial, administrative or arbitration procedures;

Protection or physical safety of yourself or a third party;

Protection of health – in procedures carried out by health entities or professionals;

Our legitimate interests, provided that your fundamental rights and liberties do not prevail over such interests;

Credit protection.

Legitimate Interest Summary

Primarily, FortifyIQ collects, receives and processes personal information of individuals, exclusively in a business context, in order to contact them about goods and services in which their business may be interested.

This information is processed by FortifyIQ in accordance with its (and its customer’s) legitimate interests except when the data subject’s fundamental rights and liberties which require personal data protection prevail. “Legitimate Interest” is our chosen legal basis for processing the Personal Data of Brazilian citizens. (LGPD Article 7, IX).

Based on an individual’s role and responsibilities within their organization, as well as being a decision maker, recommender or influencer within their organization, we may contact them occasionally with marketing offers or useful educational information relevant to them directly as well as on behalf of our Customers. They will always have the right to opt out of receiving marketing offers from us.

We follow the principle of data minimization, ensuring the personal data collected is kept to a minimum (LGPD Article 6, III). The Personal Data we process is restricted to Business Card Information of corporate employees who are appropriate to the service/product we would be marketing to them. (See LGPD Article 10, §1). An extensive assessment has been completed, ensuring the personal data we process does not disproportionally affect the privacy rights of the Business Card Owner. We practice transparency by clearly informing all Business Card Owners that we are processing their personal data, and for what purposes (LGPD Articles 6, IV and 10, §2). We provide a simple and clear route for Business Card Owners to obtain a copy of the personal data we process, and to remove permission to process their personal data (Art.19, §3). We keep the data up to date (LGPD Article, III).

Categories of personal information processed

To find out what categories of your personal information we process, please read the section in our Privacy Policy titled, “What Information about me do you collect?”

Why we process your personal information

To find out why we process your personal information, please read the sections in our Privacy Policy titled “How do you collect the information about me?”“Why are you collecting my information and how do you use it?”, and “With whom do you share my personal information?”

Your Brazilian privacy rights

You have the right to:

Obtain confirmation of the existence of processing activities on your personal information;

 Access your personal information;

 Have incomplete, inaccurate or outdated personal information rectified;

 Obtain the anonymization, blocking or elimination of your unnecessary or excessive personal information including information that is not being processed in compliance with the LGPD;

 Obtain information on the options to provide or deny your consent and the consequences thereof;

 Obtain information about the third parties with whom we share your personal information;

 Obtain, upon your express request, the portability of your personal information (except for anonymized information) to another service or product provider, provided that our commercial and industrial secrets are safeguarded;

 Obtain the deletion of your personal information being processed if the processing was based upon your consent, unless one or more exceptions provided for in Article 16 of the LGPD apply;

 Revoke your consent at any time;

 File a complaint related to your personal information with the Brazilan National Data Protection Authority (Autoridade Nacional de Proteção de Dados or “ANPD”);

 Oppose a processing activity in cases where the processing is not carried out in compliance with the law;

 Request clear and adequate information regarding the criteria and procedures used for an automated decision;

 Request the review of decisions made solely on the basis of the automated processing of your personal information, which affect your interests. These include decisions to define your personal, professional, consumer and credit profile, or aspects of your personality.

You will never be discriminated against, or otherwise suffer any sort of detriment, if you exercise your rights.

How to file your request

You can file your express request to exercise your rights free from any charge, at any time, by using the contact details provided in this document, or via your legal representative.

How and when we will respond to your request

We will strive to promptly respond to your requests. In any case, should it be impossible for us to do so, we’ll make sure to communicate to you the factual or legal reasons that prevent us from immediately, or otherwise ever, complying with your requests. In cases where we are not processing your personal information, we will indicate to you the physical or legal person to whom you should address your requests, if we are in the position to do so.

In the event that you file an access or personal information processing confirmation request, please make sure that you specify whether you’d like your personal information to be delivered in electronic or printed form.

You will also need to let us know whether you want us to answer your request immediately, in which case we will answer in a simplified fashion, or if you need a complete disclosure instead.

In the latter case, we’ll respond within 15 days from the time of your request, providing you with all the information on the origin of your personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.

In the event that you file a rectification, deletion, anonymization or personal information blocking request, we will make sure to immediately communicate your request to other parties with whom we have shared your personal information in order to enable such third parties to also comply with your request – except in cases where such communication is proven impossible or involves disproportionate effort on our side.

Transfer of personal information outside of Brazil permitted by the law

We are allowed to transfer your personal information outside of the Brazilian territory in the following cases:

When the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, according to the legal means provided by the international law;

 When the transfer is necessary to protect your life or physical security or those of a third party;

 When the transfer is authorized by the Brazilan National Data Protection Authority (Autoridade Nacional de Proteção de Dados or “ANPD”);

 When the transfer results from a commitment undertaken in an international cooperation agreement;

 When the transfer is necessary for the execution of a public policy or legal attribution of public service;

 When the transfer is necessary for compliance with a legal or regulatory obligation, the carrying out of a contract or preliminary procedures related to a contract, or the regular exercise of rights in judicial, administrative or arbitration procedures.

300 Washington Street, Suite 850, Newton, MA 02458 USA