After the European Union adopted a data protection law aimed at unifying and updating the laws dealing with the matter, called the General Data Protection Regulation (GDPR), in force since May 25, 2018, Brazil also decided to publish its own personal data protection law and the LGPD is based on the GDPR.
The Brazilian General Personal Data Protection Act (LGPD) covers only the processing of personal data. That is, it does not apply to data from legal entities. Neogrid is committed to ensuring compliance with the LGPD and has been consistent in its approach to data protection as part of its overall product standards, since the GDPR came into effect and now under the LGPD.
It is worth mentioning that Neogrid processes commercial data from legal entities. In some specific situations, personal data may be processed for the purpose of communicating with customers and users. Hence, we have prepared this FAQ (Frequently Asked Questions) on the collection and processing of personal data related to the services offered by Neogrid.
Questions about GDPR
Processing agents: Article 5 (IX) “controller and operator”;
Controller: Article 5 (VI) of the LGPD and Article 4 (7) of the GDPR, establish that: “'controller' means the individual or legal entity, public or private, that is responsible for decisions regarding the processing of personal data” . In general, the controller is involved in all processing of the personal data collected and must ensure that the subject's rights and the controller's legal obligations are also covered by the processor/operator.
Operator/Processor: Article 5 (VII) of the LGPD and Article 4 (8) of the GDPR establish that: “'operator/processor' means the individual or legal entity, public or private, that performs the processing of personal data on behalf of the controller”. In general, it refers to data processing based on the instructions of the data controller, as contracted according to legislation.
Neogrid, as a service provider, is the operator/processor for customers and partners, and controller for suppliers and providers that are contracted to perform different services and deliveries.
The GDPR has a wide territorial scope and applies to any activities of a data controller or processor in the European Union, which include the processing of personal data. The GDPR also applies to processing agents located outside the European Union, when offering goods or services to citizens residing in the European Union or to monitor the behavior of data subjects residing in the European Union.
Likewise, the LGPD requires compliance throughout Brazil and applies to any personal data processing activities in the national territory, or personal data that has been collected in the national territory.
In accordance with its general processing principles, the GDPR requires that processing of personal data is lawful, proportionate, transparent, appropriate, accurate, secure, confidential, limited in time and for designated purposes, and conducted in a responsible manner (which means applying appropriate security - including technical and organizational measures - to ensure integrity and confidentiality).
The GDPR has the following definition for “personal data”: any data related to an identified or identifiable individual. Article 4, no. 1 of the GDPR states: “an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or other related specific data to that person's physical, physiological, genetic, mental, economic, cultural or social identity.
The LGPD has the following definition for “personal data”: Article 4, no. 1 “information related to an identified or identifiable individual”, such as name, identification number, location data, IP addresses, cookies or other identifiers - also a combination of these data - which may result in the individual being tracked.
Based on the principle that the individual should always be aware of what personal data is being processed, by whom, for what purpose and for how long, processing agents should actively provide specific or general information.
When internal organizational measures have not prevented a data breach, or the processing of personal data has been considered outside the legal purpose, processing agents must notify the national authority and affected individuals within the shortest possible time after becoming aware of the situation. Data operators must inform data controllers without undue delay after becoming aware of a personal data breach.
Neogrid | LGPD/GDPR - Questions about your personal data
A. Yes, we collect and process personal data from customers and suppliers so that we can provide services.
Personal data we collect through:Platform Access:a) Name and surname;b) Email address;c) Address;d) Phone;Websites, phone calls and Landing Pages:a) Name and surname;b) Business email address;c) Business phone;d) Company the person works for;e) Position held;
Our goal is to provide our customers with secure, fast, and reliable service. As a global service provider, we perform our services with operating practices and capabilities common to many countries.
The data collected from users will be stored in SaaS data centers or on-premises infrastructure. The datacenters can be third-party infrastructure, cloud (Cloud Computing) located in the United States, Europe, or in any other location where Neogrid and/or the Customer has operations.
In cases where data is transferred outside the European Union, Neogrid guarantees that such transfers comply with the international standard established by all applicable standards, including the General Data Protection Regulation (GDPR).
A. Yes, we are constantly updating and seeking to comply with the best data security practices.
A. You can correct or update your registration data at any time in the login area of the Neogrid platform, Customer Portal (help.neogrid.com) or by contacting our Data Officer/DPO. If you have questions or need help, please contact our support team or ombudsman.
Yes, you can request the deletion of your personal data by opening a ticket with the support team or our Data Protection Department. However, Neogrid may retain some data for a longer period due to legal requirements (for example, for tax purposes).