Nuvia's Basic GDPL Manual

Intro

A Law No. 13,709/2018 (General Data Protection Law - GDPL) was approved on August 14, 2018. Its approval represented an initial milestone of a new culture, both in the private sector and in the public sector, aimed at transparency and the centrality of the individual in the processing of personal data. This new culture brings more legal security to companies and more rights and guarantees to the holders of their information, in addition to requiring greater protection and care in the processing of personal data.

It is now possible to observe increasing transformations in the market since the GDPL came into force: companies implementing the principles and norms of the law in their processes, privacy awareness initiatives, clearer and more accessible contractual texts and privacy policies, greater investment in information security tools and systems, training and certification of data protection professionals, among other actions.

Although the GDPL topic has gained a lot of publicity, doubts and misinterpretations about the law still persist. With that in mind, Nuvia developed this Basic GDPL Manual, addressing the following topics:

• Main Concepts
  
• Law Enforcement
  
• Principles
  
• Legality of the Treatment
  
• Rights of the Owner
  
• International Data Transfer
  
• Safety and Good Practices
  
  

At the end of each section, we present the table “Nuvia and the GDPL”, in which we contextualize the topics discussed with the reality of Nuvia.

We hope you find this material useful and wish you a great read!

‍

1. Main Concepts

Nuvia DOES NOT process sensitive personal data or data from children or adolescents. We do not use or store data such as social security number, home address or personal emails. The only information processed by Nuvia relates to data professional and corporate sources obtained from public sources or on an appropriate legal basis.

Below, we highlight the main concepts of the GDPL:

• Personal data: Any data that identifies a natural person. In the case of Nuvia, this is restricted to data of professionals in the business context, such as name, position and professional email.
  
• Sensitive personal data: Nuvia does not collect or process data of this nature.
  
• Anonymized data: Occasionally used for statistical purposes.
  
• Controller: Nuvia, for the most part, is the Data Controller.
  
• Operator: Nuvia can act as an Operator when processing data provided by its customers.
  
• Treatment: All activities performed with data, such as collection, analysis, storage.
  
  

NUVIA AND THE GDPL Nuvia acts strictly within the limits of the GDPL, processing professional data of individuals (name, position, professional e-mail, career movements, etc.) and public data of companies (CNPJ, corporate address, corporate structure, sector of activity). No sensitive or personal/domestic data is treated.

‍

2. Law Enforcement

The GDPL applies to Nuvia because:

• Nuvia is headquartered in Brazil.
  
• It collects and processes data from individuals and companies in Brazil.
  
• It provides solutions that use data for legitimate business purposes.
  
  

3. Principles

Nuvia follows all the principles of the GDPL, with emphasis on:

• Purpose and Suitability: The data is processed for the purpose of B2B prospecting, market analysis and lead enrichment.
  
• Necessity: Only the minimum and relevant data for commercial strategies are used.
  
• Safety: Data is stored with layers of protection and robust protocols.
  
• Transparency: Whenever data is collected directly, the data subject is informed and can revoke consent at any time.
  
  

NUVIA AND THE GDPL Nuvia collects and processes exclusively professional and business data, based on public sources or legitimate private bases. The data is kept up to date, securely stored and is not used for discriminatory purposes.

‍

4. Legality of the Treatment

Nuvia relies on the following legal bases for data processing:

• Legitimate interest: to enrich information about companies and professionals in B2B contexts.
  
• Consent: when the user himself provides data in a form.
  
• Public Bases: such as corporate websites, LinkedIn, government portals, and business boards.
  
  

NUVIA AND THE GDPL Nuvia does not process sensitive personal data, nor data of an intimate nature. All information treated is for professional or corporate use and has a clear legal basis for use, with registration of consent when applicable.

‍

5. Rights of the Owner

Nuvia respects all the rights provided for in the GDPL:

• Confirmation of the existence of treatment
  
• Access to data
  
• Correction
  
• Anonymization
  
• Portability
  
• Revocation of consent
  
• Deletion of data when applicable
  
  

NUVIA AND THE GDPL The owners can contact Nuvia through the channel [INSERT EMAIL FROM THE DPO] or [INSERT LINK TO THE PRIVACY PORTAL] to exercise their rights. We do not process underage data, medical data, genetic data, or private data such as social security number, home address, or personal emails.

‍

6. International Data Transfer

Nuvia uses technology providers located in Brazil and abroad. The transfers are carried out with contractual guarantees and technical measures to protect the data.

‍

7. Safety and Good Practices

Nuvia adopts measures such as:

• Secure storage with encryption
  
• Access control and traceability
  
• Internal policies and training
  
• Continuous monitoring
  
  

NUVIA AND THE GDPL All employees involved in data processing sign confidentiality terms and are trained to ensure the correct use of the data. There is no collection of sensitive, personal, or minor data.

‍

Conclusion

Nuvia combines data intelligence with compliance with the GDPL. It deals exclusively with public and professional information from companies and individuals that operate in the corporate environment. It does not process sensitive personal, domestic data of minors, nor data such as social security number, home address or personal e-mail. Thus, it guarantees assertive results with responsibility and transparency.