What is the LGPD?
The Brazilian Data Protection Law – “Lei Geral de Proteção de Dados Pessoais” – or LGPD (effective September 18, 2020) is a set of regulations meant to give citizens and residents of Brazil control over their Personally Identifiable Information. Anyone who deals with the Personally Identifiable Information of a resident of Brazil is bound by these new rules to take sufficient action to ensure that their data is protected and is not shared with any third party without the express permission of the person whose data it is.
What is Personally Identifiable Information?
Personally Identifiable Information (or personal data) is any information alone or in conjunction with other information that can be used to identify a person. This information includes birthdates, addresses, email addresses, financial information, usernames, etc.
The LGPD and You
If your site retains or processes any data that could be construed as personally identifiable of an Brazilian citizen or resident, the LGPD affects you.
As a site owner, you will need to adopt a data privacy statement to include what data you retain/process, how it is used, and a clear path for your visitors/customers to request for their data to be purged upon request (the right to be forgotten).
IMH and LGPD Compliance
As a company with a customer base around the world, specifically with many of our subscribers in Brazil, InMotion Hosting is acutely aware of the increased privacy requirements resulting from the LGPD. We care about the security of our customers’ information and have implemented internal measures compliant with the strictures of the LGPD regarding notification of the types of personal data collected, information regarding who may access said data, and for what purpose that data was collected.
Additionally, we have implemented security measures to safeguard the personal data that we do keep, minimized the data collected to that which is relevant to the operation of our business and the customer’s site, made available the data collected in an easily accessible way to the customers to whom it belongs, as well as provide an easy method by which they can request that their personal data be purged from our system.
In the event of a data breach affecting your personal data, all appropriate authorities will be notified in a timely manner consistent with the rules laid out by the LGPD.
Will we be participating in Privacy Shield? What are we doing to ensure that data is secure?
As we have taken the necessary measures for compliance with GDPR internally and as Privacy Shield is optional (with the measures we have already taken), we have decided not to enroll in Privacy Shield.
Under the LGPD, Brazilian residents and citizens have the following rights regarding their personal data.
- The right to confirm the existence of the processing. They have the right to ask that we confirm whether we process their personal data.
- The right to access the data. They have the right to access the personal data we hold about them and certain information about how we use it and who we share it with, including information about any public and private entities we have shared their personal data with.
- The right to correct incomplete, inaccurate or out-of-date data. If they want to correct or revise any of the data we retain on them, they may do so by accessing their account and the information contained within it.
- The right to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD. Please note that, depending on the request, this may result in a suspension or discontinuation of certain services and may be governed by legal and/or contractual retention guidelines.
- The right to the portability of data to another service or product provider, by means of an express request. We provide them with the ability to move any of their account data to a third party, at any time.
- The right to delete personal data processed with the consent of the data subject. They have a right to request the permanent deletion of their data, subject to certain exceptions. However, please note that exercising this right may result in a suspension or discontinuation of services and may also be governed by legal and/or contractual retention guidelines.
- The right to information about the possibility of not giving consent and about the consequences of the refusal. They have the right to ask us to provide information about the possibility of not giving consent for the processing of their personal data and the consequences of such refusal.
- The right to revoke consent.
If you have any other questions regarding the LGPD and InMotion Hosting, please email [email protected].
Last Updated July 12th, 2021