LGPD and Security

Upload this to Amazon Web Services

Additionally, our customers benefit from the compliance programs of our AWS processor, which include CSA (Cloud Security Alliance) certification and the global standards ISO 9001, ISO 27017, and ISO 27018 (ISO personal data protection).

Podesubir does NOT own or use its own servers; our platform operates 100% on the Amazon cloud (AWS).

aws-certifications

General Data Protection Regulation (GDPR)

GDPR and Security

 

  • To analyze the existing legal bases for processing personal data.
  • IDENTIFY and ORGANIZE personal data, paying attention to those that require more care.
  • Inform the data subject, before processing the data, of the purposes of the action, the data collected, the recipients of the data, their rights, and the Privacy Policy and Terms and Conditions of the platform.
  • To clearly and regularly disclose on the website the grounds for processing personal data, the legal basis, the procedures and practices used.
  • To develop technical measures, standards, and policies that achieve compliance with the LGPD (Brazilian General Data Protection Law) and can be demonstrated to citizens and the ANPD (National Data Protection Authority).
  • IMPLEMENT a training and awareness plan for employees, contractors, and other collaborators regarding the importance of personal data privacy.
  • To appoint a person in charge who will interact with the public and with the ANPD (National Data Protection Authority).
  • Adapt and revise procedures and forms, enabling digital means, to serve citizens in requests for consent and revocation.
  • We provide contact information and other details in the Privacy Policy and Terms and Conditions.
  • To respond to citizen requests promptly, within a period of up to 15 days.
  • Knowing that citizens have the right to object to treatment even if it is for the public interest.
  • To conduct risk analyses and adopt measures to address failures that may infringe on the rights and freedoms of citizens.
  • Establish protocols for managing and, if necessary, reporting security breaches and data leaks.
  • Do NOT transfer personal data from databases to which you have access to private entities without the data subject's consent.
  • REMEMBER that the shared use of personal data from a public legal entity or a private legal entity depends on the consent of the data subject.
  • To provide the data in an interoperable format, as requested, to facilitate sharing with public agencies.
  • Please note that the LGPD (Brazilian General Data Protection Law) allows the transfer of data across borders, provided that it is with the specific consent or at the request of the data subject.