Privacy Policy

I – OBJECTIVE

 This policy defines the procedures by which Bymii collects, processes and stores personal data, applying to all services offered in its portfolio, considering safeguarding data protection rights as part of its social responsibility. This Policy applies to individuals who in any way interact with Bymii.

The objectives of the Privacy and Data Protection Policy are:

  • Ensure that data subjects understand, in a transparent manner, how Bymii collects and uses their personal data, as well as the ways in which it is shared;
  • Explain to holders of personal data their rights and choice options related to the personal data that is collected and processed and how Bymii preserves the privacy of holders.

 

 II – DEFINITIONS

 The terms adopted in this Privacy and Data Protection Policy follow the definitions established in Article 5 of Law 13,709 of 08/14/2018 and subsequent amendments.

III – PROCESSING OF PERSONAL DATA

The disclosure of any information relating to Bymii or customers can only be done by authorized people, respecting their classification and only after taking the necessary precautions so that such information reaches solely and exclusively to those entitled and with content that portrays the authentic and complete information.

Within the limits permitted by applicable legislation, Bymii may process the personal data described below:

Personal information collected and processed by Bymii:

  • Identification, qualification and contact data: full name, e-mail, telephone number, tax identification number (CPF, Tax Id, Social Security Number or other similar document), civil identification number (identity, passport, etc.), number professional identification (OAB, CREA or similar document), international identification numbers (visas, international card or similar document), health identification number (health plan card, dental plan, INSS, life insurance or other similar document), numbers bank account, as well as date of birth.
  • Sensitive data: Bymii may collect, process and store the following sensitive data linked to the natural person, such as those related to the race and special needs of its employees. The collection and processing of this type of data is carried out for the exclusive purposes of Law No. 8,213/1991. The collection, processing and storage of data relating to race is carried out for the exclusive purposes of law no. 12,288 of June 20, 2010. Other sensitive data processed includes: membership of unions for the purpose of union contributions; health-related data, in accordance with Occupational Health Regulatory Standards or in situations such as, for example, when the Human Resources sector is informed about health problems of its employees; fingerprint for access to the building; and data related to psychological profiles in the recruitment and selection process.
  • Academic and professional data: specifically for the selection processes conducted by Bymii, information may also be collected such as education level, work card, profession, certificates, information relating to technical and personal skills and other similar information passed on by the latter voluntarily to the HR;
  • Information produced in telephone conversations, personal meetings or in events involving the participation of members of Bymii’s professional staff, when in its service;
  • Technical data , such as information related to interactions between devices used to access the firm’s website, including IP addresses, geographic location, browser type, number of visits to the website, as well as hardware model, searches performed on the firm’s website and information on network that may be collected by third-party analytical tools working for Bymii and that use cookies or similar technologies.

 

Bymii may collect this information in a variety of ways and, regardless of the source of the data, its processing will be governed by this Privacy and Data Protection Policy. Questions can be clarified via our email dpo@bymii.com.br .

Forms of data collection

Bymii may collect data through the following sources:

  • Instructions given to Bymii via telephone, post, courier, e-mail, fax or via its website;
  • Surveys, feedback given to Bymii by telephone, fax, e-mail, via the website or in person;
  • Via cookies when browsing our website;
  • When accessing third-party websites or Bymii service providers whose purpose is directly linked to Bymii’s professional activities;
  • During in-person visits to Bymii or via tele or video conferences;
  • Via newsletter subscriptions, articles, news or other forms of mailing lists;
  • At events provided by Bymii, its customers or other entities;
  • In interactions with suppliers of goods or service providers;
  • Resumés sent to Bymii and in interviews carried out during the selection process;
  • Through our payment partners for sending invoices and processing payments.

 

In certain situations, Bymii may receive personal data from other sources, as shown in the examples below:

  • Recruitment agencies, employers and contact references, who may provide information about an individual in a selection process;
  • Service providers, in cases where Bymii uses solutions that have a direct connection with its professional activities (e.g. Google Analytics to monitor visits to the office’s website, among other services that the office may contract);
  • Security partners: the office receives data from the information security management and event management service (SIEM – Security Information and Event Management) capable of bringing together data from different sources, identifying non-standard activities and blocking suspicious activities, ensuring security of users;
  • From third parties, in situations in which obtaining contact data is essential for the office’s professional activities, such as in cases of infringements that clearly threaten the intellectual property rights of Bymii’s clients;
  • Public sources such as, for example, websites of the National Institute of Industrial Property (INPI), World Intellectual Property Organization (WIPO), Ministry of Economy, Ministry of Health, National Library, Federal University of Rio de Janeiro, among others that may support Bymii’s professional activities.

 

IV – PURPOSE OF PROCESSING PERSONAL DATA

Reasons for collecting, processing and storing information

Bymii will always use personal data based on legal permissions, including:

  • Consent from the holder of personal data;
  • By virtue of a service contract provided by Bymii;
  • To comply with legal and regulatory obligations;
  • To defend Bymii’s legitimate interests, considering the impacts of using the information and as long as the interests of the office do not override the interests of the holder of personal data.

 

Purpose of using information

We use personal data for purposes related to the provision of our services, so such information will be useful for:

  • Updating registrations, identifying and authenticating user identities and any other information that helps us increase security and prevent fraud;
  • Effectively offering and providing services, in addition to ensuring compliance with contractual obligations assumed;
  • Communication with data subjects for purposes related to services provided;
  • Responding to requests or complying with instructions from its customers or for the execution of contracts to which the data subject is a party at the request of the data subject, or for the regular exercise of rights in judicial, administrative or arbitration proceedings, or based on legitimate interests for conducting Bymii’s business;
  • Conducting the recruitment and selection process, with the holder of personal data being guaranteed that their data will not be used for other purposes;
  • Maintaining relationships with data subjects when sending information related to intellectual property, as well as changes in laws or updates to standards in certain sectors that are of interest to subscribers of circulars and newsletters issued by the office;
  • Ensure the safety of your employees;
  • Process or receive payments.

 

Important Considerations about Web Beacons and Navigation Cookies

With regard to navigation on the Bymii website, we emphasize that web beacons are used, but only to obtain website usage statistics, and no type of sale of services, invitation to events, marketing or transfer to third parties is carried out. A web beacon is a technique used on web pages and in emails that allows you to check whether a user has accessed a specific content.

Regarding the use of cookies, they are used to simplify the use of the Bymii website, improving navigation and increasing, for example, the efficiency of searches carried out by users. For this to happen, the user must allow cookies (a data packet sent to the user’s browser whenever the website is visited) to be installed on their device. However, if the user does not feel comfortable with such an installation, they can change the settings in their browser to reject cookies. This option can be consulted in the “help” section of the browser. However, if the user chooses to reject the installation of cookies in their browser, they may not be able to access all the features available on the website.

The Bymii website may contain materials and links to third-party websites, which also use cookies. However, it is not the firm’s responsibility to control such links, as well as the content made available by these third parties, that is, this privacy notice does not apply to such sites. In this case, the user must consult the cookie policies of each website responsible to find out how they collect, store and use personal information, as well as the purposes for using cookies.

V – SHARING OF PERSONAL DATA

Bymii may share personal data with:

  • Software providers and other information technologies for the purposes of managing registration, documentation and other measures necessary for the operation of Bymii;
  • Correspondents, experts, business partners, partner offices (national and international), auditors, accountants, translators and financial institutions to assist in the provision of legal services, depending on demand;
  • Non-governmental organizations so that the holder can receive any content and communications that may be of interest to them, in the field of Intellectual Property and related areas;
  • National or international legal publications;
  • Government agencies and other authorities, such as the National Institute of Industrial Property (INPI);
  • World Intellectual Property Organization (WIPO), Ministry of Economy, Ministry of Health, National Library, Federal University of Rio de Janeiro, among others.

 

International information transfers

Bymii may transfer personal data outside Brazilian territory, as long as it is to comply with legal, contractual obligations, or with consent given by the data subject, or to provide its services in foreign territory, in which case it will only pass on the data minimum necessary to provide the service, ensuring that data protection measures are applied during the transfer process.

Information security

Bymii follows procedures that guide all processing of personal data, adopting physical, technical and organizational security measures to protect its tangible and intangible information assets.

VI – RETENTION OF PERSONAL DATA

Bymii keeps personal data only when necessary to:

  • Comply with legal obligations, execution of contracts to which the data subject is a party (at the request of the data subject), or for the regular exercise of rights;
  • Resolve problems with the data holder’s account;
  • Comply with tax, audit and accounting obligations by retaining necessary personal data for the period required by applicable law;
  • Ensure the security of data subjects to prevent fraud;
  • Defend the legitimate interests of the office, without these overriding the rights guaranteed to data subjects.

 

The termination of the processing of personal data by Bymii will occur in the following cases:

  • When the purpose for which the Personal Data Holder’s personal data was collected is achieved and/or the personal data collected is no longer necessary or relevant to achieving such purpose;
  • When the Data Holder has the right to request the termination of processing and the deletion of their personal data and does so;
  • When there is a legal determination in this regard.

 

In these cases of termination of processing of personal data, except in the cases established by applicable legislation or by this Privacy and Data Protection Policy, personal data will be deleted.

Bymii adopts, for the disposal of physical files, safe ways that guarantee the impossibility of recovering any data, through evidence or a report that ensures the total disposal of the files.

The disposal of electronic media and IT and telecommunications equipment is carried out by third-party companies that use methods that guarantee the impossibility of recovering the data and thus making it not available for access by unauthorized people, preventing the leakage of confidential data.

VII – HOLDERS’ RIGHTS

Rights to the use of personal information

In order to preserve the freedom, intimacy and privacy of data subjects, they may, at any time, request Bymii to copy their data, partially or in full, provided that it is previously requested via dpo@bymii.com. br . Additionally, any holder has the following rights regarding their data stored on Bymii:

  • Right not to authorize the use of personal data for marketing purposes;
  • Right to request any type of update, data correction, deletion or anonymization of your personal data;
  • Right to be informed about the ways in which Bymii is using and/or sharing its holders’ data, whether with public companies or private companies;
  • Right to revoke consent previously provided for the processing of data by the office;
  • Right to receive a copy of any information held by the office, as well as the request to transfer the data to another service provider, as long as this is previously informed through one of the available communication channels and within an appropriate timeframe;
  • Right to request, limit or cease the processing of information from its holders.

 

Data Confirmation

Bymii may request specific data from its customers in order to confirm identity, differentiate homonyms and to allow the customer proper and secure access to portals and other communication systems at the service of Bymii. The purpose of this request is to ensure that security measures are followed, in addition to preventing personal data from being mistakenly passed on to third parties.

 

VIII – RIGHTS AND OBLIGATIONS OF THIRD PARTIES/CONTROLLERS

In cases where we receive personal data from third parties/controllers to be processed in our activities, it is up to the third parties/controllers who forward the data to us:

  • Prove that the personal data was obtained in accordance with one of the legal bases provided for in the General Data Protection Law – LGPD (Law nº 13,709/18);
  • Maintain records of the personal data processing operations carried out;
  • Upon request from the national data protection authority, prepare a data protection impact report;
  • Inform the holder if there is any change in the purpose for collecting data;
  • Respond jointly if you cause damage to third parties due to a violation of the LGPD.

 

The controller is entitled to formulate good practice and governance rules that stipulate organizational conditions, procedures, security standards, technical standards, specific obligations, internal supervision and risk mitigation mechanisms, as well as other aspects related to the processing of personal data, as long as their competencies are respected.

Data retention by the controller is permitted when the processing period ends so that it is possible to comply with legal and regulatory obligations. The controller may also make exclusive use of this data, as long as it is anonymized, and access by third parties is expressly prohibited by law.

Data deletion exceptions

The termination of the processing of personal data will occur in the following cases:

  • On the revocation of consent by the holder of personal data, when the processing is carried out solely on that basis;
  • When all objectives have been met and obligations arising from services provided by the office have been extinguished;
  • When all objectives have been met and legal and regulatory obligations applicable to the treatment have been extinguished;
  • When there are no longer situations of legitimate interest to Bymii that require continued treatment.

 

Please note that the deletion of personal data that may have been provided to one or more government bodies (such as INPI, the Judiciary, etc.), or international entities (such as WIPO) during data processing will NOT be deleted. of these automatically. The firm will only process deletion requests, and will eventually delete, only those personal data that are in its possession when deletion is requested.

Any requests for data deletion before national and/or international government bodies must be requested by the holder directly before these agencies.

The principles of prevention and security will also be observed when deleting data.

The following exceptions are provided for in cases of anonymization, blocking or deletion of unnecessary, excessive or non-compliant data, and/or deletion of personal data processed with the holder’s consent:

  • Compliance with legal or regulatory obligations;
  • Study by a research body, ensuring anonymity whenever possible;
  • Transfer to third parties;
  • Exclusive use of the controller (anonymized).

 

The data retention policy should be amended to define the legal and regulatory reasons for retaining categories of personal data for specified periods.

This policy needs to be implemented on new and existing systems.

IX – CHANGES IN THE PRIVACY POLICY

Bymii may change this privacy policy periodically and post such updates on its website or by email to those who have voluntarily opted to receive communications from Bymii. However, for customers or interested parties to receive such notifications, it is essential that their registration data is properly updated. Bymii will always request to be informed about any registration changes while the customer relationship is active.

This Privacy and Data Protection Policy will be reviewed annually, critically, or upon legal changes, to ensure the relevance, adequacy and effectiveness of this document. Bymii’s privacy and data protection policy must be known and followed by all its employees and service providers.

Users who wish to obtain information, clarify doubts or exercise rights provided by law must send an email to dpo@bymii.com.br . The request will be analyzed and responded to within the legal deadline or, failing that, within a reasonable period, unless there are factual or legal reasons that prevent it from being met.

Manager/DPO: Diego Perandin

Rua Arandú, 57, cj. 72 Cidade Monções

04562-030 São Paulo, SP

Update Date: 03/08/2024

Review Date: 03/08/2024