Supplement C: Brazilian Privacy Rights
11.1. If the Brazilian General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais, hereinafter: the “LGPD”) applies to the processing of personal data related to you by Tailor Brands, then, as of August 1, 2020, the following information, rights and obligations also apply –
11.2. Our Position under the LGPD
Tailor Brands assumes the position of a “controller”, as defined under Section 5 of the LGPD. Tailor Brands has the competence to make decisions about the processing of personal data related to you, as further described in this privacy policy.
11.3. DPO Contact Details
Tailor Brands has appointed a data protection officer in accordance with Article 41 of the LGPD (“DPO”). The DPO’s contact details are as follows: [email protected]. The activities of the DPO consist of the following –
11.3.1. to accept complaints and communications from data subjects, provide clarifications and take measures;
11.3.2. to receive communications from the supervisory authority and take measures;
11.3.3. to instruct the employees and contractors of the entity on the practices to be adopted in relation to personal data protection;
11.3.4. to carry out any other duties established by the controller or in supplementary rules; and,
11.3.5. to comply with the Brazilian data protection authority (‘ANPD’)’s supplementary rules, where applicable.
11.4. Types of Processing
We process personal data related to you for the following lawful grounds –
11.4.1. based on your consent;
11.4.2. for compliance with our statutory or regulatory obligation;
11.4.3. when necessary for the performance of agreements or preliminary procedures relating to agreements to which you are a party to, following your request;
11.4.4. for our regular exercise of rights in lawsuits, administrative or arbitration proceedings;
11.4.5. for protection of the life or of the physical safety of you or third parties; or,
11.4.6. when necessary to serve our relevant third-parties’ legitimate interests or our own legitimate interests, in accordance with the LGPD, except for cases in which your fundamental rights and liberties prevail.
11.5. Our Main Responsibilities under the LGPD
11.5.1. It is Tailor Brands’ responsibility to engage with all its processors (service providers who have access to personal data related to you) in order to protect personal data related to you in a suitable and secure manner as well as to indicate where personal data related to you is stored or processed.
11.5.2. In addition, Tailor Brands is responsible to provide you, where applicable, with the following privacy rights –
11.5.2.1. You have the right to request a confirmation of the existence of processing of personal data related to you.
11.5.2.2. You have the right to request an access to data personal data related to you.
11.5.2.3. You have the right to request the correction of incomplete, inaccurate or outdated personal data related to you.
11.5.2.4. You have the right to request a confirmation that anonymisation, blocking, or elimination of unnecessary or excessive of personal data related to you or personal data processed in noncompliance with the provisions of the LGPD have been implemented by Tailor Brands.
11.5.2.5. You have the right to be notified if a data breach related to personal data related to you occurs. The notification will include: (a) a description of the nature of the affected personal data; (b) information on the data subjects involved, without violating their privacy; (c) indication of the technical and security measures used for data protection, with due regard for trade and industrial secrets; (d) the risks relating to the data breach; (e) the reasons for the delay, in case the notice is not immediate; and, (f) the measures that were or will be adopted to reverse or mitigate the effects of the loss related to the data breach.
11.5.2.6. You have the right to request the portability of personal data related to you to other service providers or suppliers of product, at the express request, and observing the business and industrial secrets, in accordance with the regulation of the controlling body.
11.5.2.7. You have the right to request the elimination of personal data related to you, processed with the consent, except for the cases set forth in Article 16 of the LGPD (for example, to comply with legal obligations).
11.5.2.8. You have the right to request us to provide you with information about the public and private entities with which Tailor Brands has shared personal data related to you, as described in this privacy policy.
11.5.2.9. You are not obligated to provide us with your consent for the processing of personal data related to you. Without your consent, we will still provide you with any service that is not based on the processing of personal data. Please bear in mind that most of our Services require a membership which are based on the processing of personal data related to you, and we cannot provide such Services otherwise.
11.5.2.10. You have the right to withdraw your consent, pursuant to the provisions of paragraph 5 of Article 8 of the LGPD – by simply contacting our DPA at: [email protected].
11.6. Should you wish to exercise any of your LGPD’s rights, please contact our DPO at: [email protected].
11.7. We do not charge a fee to process or respond to your request unless otherwise provided or permitted under the LGPD, in which case we will provide you with the relevant notice in advance.