What We Do
THROUGH A PRACTICAL WORK APPROACH
and recommendations tailored to each business’s culture, we enable projects, assist in decision-making, and generate value for our clients.
LEARN MORE ABOUT OUR SERVICES
- Adaptation of companies to the requirements of the General Data Protection Regulation – GDPR.
- Memoranda, legal opinions, and advisory papers on complex issues involving the interpretation and application of personal data protection and privacy regulations, including LGPD, GDPR, the Bank Secrecy Law, sector-specific regulations, and others.
- Specific analyses to enable the launch of products, services, and features based on personal data. Personalized advertising (behavioral targeting), programmatic media, use of cookies, search history, aggregated data, and other ad tech mechanisms.
- Privacy policies, opt-in/opt-out models, email marketing, and newsletters.
- Open banking, open data, positive credit reporting, and common use of APIs for personal data sharing.
- Mapping of personal data processing activities through questionnaires and interviews with each business area, and the preparation of records of processing activities (RoPAs).
- Analysis of personal data flows and identification of appropriate legal bases according to the purpose of processing, risk identification, and compliance diagnosis, along with an action plan with recommendations.
- Contracts and documents for implementing GDPR requirements, such as information security policies, incident response plans, internal privacy notices, data governance policies, and others.
- Legitimate interest assessments (LIA), applying tests for purpose, necessity, and proportionality.
- Data protection impact assessments (DPIA) with recommendations for measures, safeguards, and risk mitigation mechanisms.
- Data processing agreements, tailored to each company’s role as data processor or controller. Practical implementation of privacy by design to document and record data protection concerns for new within the company.
- International transfer mechanisms: compliance, standard contractual clauses (SCCs), binding corporate rules (BCRs), and others. Legal support for the Data Protection Officer (DPO) in handling internal and external demands related to personal data protection, including mentoring, training, and customized workshops.
- Handling data subject rights, with the assessment of requests, development of responses, and specific recommendations for complex cases.
- Development of preventive measures for security incidents, including business continuity plans, simulations, and training.
- Personal data incidents and breaches: crisis management, risk assessment, communication with the National Data Protection Authority (ANPD), data subjects and third parties, press releases, and other necessary actions.
- Representation before the National Data Protection Authority (ANPD), the National Consumer Secretariat (SENACON), the Central Bank of Brazil (BACEN), and other authorities responsible for oversight and sanctions related to non-compliance with LGPD and other data protection laws.
- Specific expertise in personal data protection in the context of audits, due diligence, initial public offerings (IPOs), and mergers and acquisitions (M&As).
- Training for internal teams on the use of contracts and documents related to personal data protection.
- Corporate training for executives and employees on best practices in personal data protection and privacy.
- Development of courses, guides, and materials on privacy, data protection, and information security, customized according to business areas.
- Opinions, studies, and research on possible interpretations of Brazilian and comparative law, regulatory trends, market practices, leading cases, and new decisions.
- Terms of use, privacy policies, contracts, and other documents for websites, platforms, and online services.
- Advisory services on online advertising for advertisers, media outlets, agencies, intermediaries, and platforms, including administrative representation before CONAR – the National Advertising Self-Regulation Council.
- Marketplaces, e-commerce, intermediary websites, and payment systems.
- Contracts for hosting and platform integration, APIs, apps, and systems.
- Streaming and download services for music, videos, books, and other works.
- Partnerships for publishing and promoting content on websites and social media.
- Sponsored links and the use of third-party trademarks and distinctive signs.
- Digital influencers, customized campaigns, and targeted advertising.
- Promotions, cultural contests, sweepstakes, and sponsorships via the Internet.
- Partnerships for publishing and promoting content on websites and social media.
- Sharing of online traffic and advertising revenue.
- Assignment, licensing, and authorization of the use of name, image, and voice (publicity rights) in the digital environment.
- Issues related to the use of electronic contracts, encryption, digital signatures, and digital certification.
- Codes of conduct and best practices for Internet use in the workplace.
- Responsibility of users and third parties for content published online.
- Concrete application of the Civil Framework for the Internet and applicable legislation.
- Issues regarding the provision of registration data and online records.
- Notifications and responses regarding the removal and maintenance of online content.
- Conflicts between domain names, trademarks, trade names, and distinctive signs.
- Administrative and arbitration procedures concerning domain names (UDRP, SACI, and others), including freezing, deactivation, and transfer.
- Development, licensing, and assignment of software (proprietary, free, apps and mobile, GPL licenses, open source, and others).
- Use of computing platforms and cloud services.
- Implications of network neutrality in digital businesses.
- Study of projects, products, and services of startups.
- Analysis of the legal feasibility of new online business models.
- Assessment, negotiation, acquisition, and transfer of digital assets.
- Testing of products and services offered online to prevent legal risks.
- Issues of governance and regulation of the Internet.
- Opinions, studies, and research on possible interpretations of Brazilian and comparative law, regulatory trends, market practices, leading cases, and new decisions.
- Construction and Improvement of Public Policies and Legal Frameworks for Emerging Technologies and Business Models.
- Drafting of technical notes and contributions to public consultations, representation in public hearings, and the development and presentation of improvement suggestions for legislative projects and regulatory frameworks.
- Use of artificial intelligence (AI) systems, machine learning, big data, algorithms, and autonomous systems.
- Business intelligence (BI), predictive models, automated decision-making, credit scores, risk scores, and similar applications.
- Implementation of facial recognition and biometric technologies, including onboarding procedures, anti-fraud systems, authentication, identity validation, and related processes.
- Video games and new business models (digital distribution, subscriptions, microtransactions, DLC, freemium/ad-supported products, loot boxes, battle passes, gift cards, and similar mechanisms).
- Geolocation, Internet of Things (IoT), sensors, connected vehicles, and smart devices.
- Blockchain, crypto assets, cryptocurrencies, and NFTs (non-fungible tokens).
- Opinions, studies, and research on possible interpretations of Brazilian and comparative law, regulatory trends, market practices, leading cases, and new decisions.