B3 S.A. - BRASIL, BOLSA, BALCÃO PERSONAL DATA PROTECTION GOVERNANCE POLICY
04/26/2021 | INFORMAÇÃO PÚBLICA - PUBLIC INFORMATION |
PERSONAL DATA PROTECTION GOVERNANCE POLICY
TABLE OF CONTENTS | ||
5 | GUIDING PRINCIPLES ................................................................................ | 7 |
6 | RESPONSIBILITIES..................................................................................... | 9 |
7 | CONTROL INFORMATION ........................................................................ | 10 |
2 | INFORMAÇÃO PÚBLICA - PUBLIC INFORMATION |
PERSONAL DATA PROTECTION GOVERNANCE POLICY
1 PURPOSE
B3 S.A. - Brasil, Bolsa, Balcão is committed to always maintaining best market practices in relation to the protection of personal data processed in its environments.
The purpose of this Policy is to present the principles and guidelines governing the personal data processing activities carried out by B3 S.A. - Brasil, Bolsa, Balcão.
The specific provisions of subsection 5.2 of this Policy also bear on the following situations associated with the European Union General Data Protection Regulation (GDPR):
- When processing is applied in the context of the activities developed in B3's establishments in the European Union; or
- When processing is applied to Data Subjects, established in the European Union, whose personal data (a) are processed in relation to the offering of goods or services to them, or (b) whose behavioral profile is monitored and such behavior monitoring occurs in the European Union.1
2 SCOPE
This Policy applies to all administrators, employees, interns, trainees, suppliers, service providers and partners of B3 S.A. - Brasil, Bolsa, Balcão, its subsidiaries and affiliates abroad, B3 Bank, BSM Market Supervision, Cetip Info Tecnologia S.A., B3 Social, and other associations (Company).
3 REFERENCES
• Brazilian Federal Law 13709/2018 - General Data Protection Law (LGPD);
1 Follow this link for an updated list of European Union member states: https://europa.eu/european-union/about-eu/countries_en.
3 | INFORMAÇÃO PÚBLICA - PUBLIC INFORMATION |
PERSONAL DATA PROTECTION GOVERNANCE POLICY
- Regulation (EU) 2016/679 of the European Parliament and of the Council dated April 27, 2016 ("GDPR"); and
- The Company's Information Security Policy.
4 CONCEPTS
- Personal Data means any information that, directly or indirectly, alone or jointly with other data, identifies or may identify an individual. Examples of Personal Data are: Name, individual federal taxpayer number (CPF), Internet Protocol (IP) number, email address, bank account number, financial profile, taxpayer identification, professional register and geolocation, among others. This concept includes Sensitive Personal Data, as defined below;
- Sensitive Personal Data, when linked to an individual, means personal data on racial or ethnic origin, religious belief, political opinion, affiliation to a trade union or organization of a religious, philosophical or political nature, data on health or sex life, genetic or biometric data;
o For GDPR purposes, Sensitive Personal Data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic or biometric data that uniquely identify an individual, or data concerning health, sex life or sexual orientation; - Anonymized Data means information on a Data Subject that cannot be identified, considering the use of reasonable and available technical means at the time of processing;
o For GDPR purposes: Anonymized Data means information on a Data Subject who cannot be identified after anonymization techniques are employed. Anonymization is a technique that results from the Processing of Personal Data to remove from them sufficient elements
4 | INFORMAÇÃO PÚBLICA - PUBLIC INFORMATION |
PERSONAL DATA PROTECTION GOVERNANCE POLICY
that irreversibly alter data, so that the Data Subject is no longer identifiable;
- Pseudonymized Data means a type of Personal Data that is processed in such a manner that it can no longer be attributed to a specific individual without the use of additional information, provided such additional information is kept separately and is subject to technical and organizational measures to ensure that Personal Data are not attributed to an identified or identifiable person;
- Data Subject means any individual identified or identifiable through Personal Data or Sensitive Personal Data Processing;
- Processing means any and all operations performed on Personal Data or Sensitive Personal Data, including, but not limited to, collection, production, reception, classification, use, access, reproduction, transmission, distribution, filing, storage, elimination, information assessment or control, modification, communication, transfer, dissemination or extraction;
- Personal Data Breach means any and all accidental or intentional situations, resulting from fault or willful misconduct, that cause Personal Data to be: (i) destructed; (ii) lost; (iii) altered; (iv) transmitted, disseminated or disclosed; or (v) accessed without permission;
- Controller means the party responsible for making decisions regarding Personal Data Processing;
- Processor means the party responsible for Processing Personal Data on behalf or under the instruction of a Controller;
- Joint Controllers means when two or more Controllers are competent to jointly decide on Personal Data Processing;
5 | INFORMAÇÃO PÚBLICA - PUBLIC INFORMATION |
This is an excerpt of the original content. To continue reading it, access the original document here.
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
B3 SA Brasil Bolsa Balcao published this content on 28 June 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 22 July 2022 22:23:02 UTC.
