cropped-download.png

privacy policy

  • Initial Provisions

1.1 OLLO Comunicação e Intermediação LTDA (“OLLO”), a limited partnership, enrolled in the CNPJ/ME under No. 39.828.081/0001-58, is committed to ensuring the privacy of personal data collected for carrying out its activities as well as complying with the General Law of Data Protection (Brazilian Law 13.709/18) and other applicable regulations on the treatment of Personal Data including Sensitive Personal Data. 

1.2 In order to define appropriate processes, techniques and organizational measures for the legally permitted data processing against accidental loss, damage and destruction of Personal Data, including Sensitive Personal Data, and to ensure that they are duly protected, OLLO implements this Privacy Policy (“Privacy Policy”) and clarifies to users in general, Clients and Freelancers (all together referred to as “Users”) its practices regarding the privacy of information provided by Users and demonstrates our commitment to safeguard your privacy and protect your personal data.

1.3 Any doubts about the applicable legislation and about processes involving the treatment of Personal Data by OLLO, including Sensitive Personal Data, should be directed to the “DPO” or “Data Officer”, whose function is the supervision of the Data Protection Policy, by means of the electronic contact andre@ollo.is. 

  • Definitions
  1. For purposes of this Privacy Policy, the following terms and expressions shall have the meanings set forth below:
    1. “LGPD” stands for General Law of Data Protection (Brazilian Law 13.709/18); 
    2. “Statute of the Legal Profession” means the Law that provides for the Statute of the Legal Profession and the Brazilian Bar Association (Brazilian Law 8.906/94);
    3. “OLLO Employees” all OLLO employees, including employees, partners, service providers, associate attorneys, interns, apprentices and any other person who has a direct relationship with OLLO;
    4. “Data Subject” means the natural person to whom the personal data that are subject to processing relate; 
    5. “Personal Data” means information relating to a natural person that allows in any way the natural person to be identified; 
    6. “Sensitive Personal Data” means personal data concerning racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data concerning health or sex life, genetic or biometric data, as well as other specific data deemed sensitive by the appropriate laws and regulations; 
    7. “Anonymized data” means data relating to the data subject which does not permit identification by reasonable and available technical means at the time of its processing; 
    8. “Data Controller” means the institution to which decisions concerning the processing of personal data are made, in this Policy OLLO;
    9. “Data Operator” means a natural or legal person under public or private law who performs the processing of personal data on behalf of OLLO;
    10. “Data Officer” or “DPO” means the person appointed by OLLO and the Data Operator to act as a channel of communication with the data subjects and the National Data Protection Authority (ANPD);
    11. “Data Processing” or “Processing” means any operation performed with personal data, such as those relating to: collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction of personal data;
    12. “Consent” means free, informed and unambiguous manifestation by which the data subject agrees to the processing of his or her personal data for a specified purpose;
    13. “Personal Data Protection Impact Report” or “RIPD” or “DPIA” means OLLO documentation that contains the description of personal data processing processes that may generate risks to civil liberties and fundamental rights, as well as risk mitigation measures, safeguards and mechanisms; and,
    14. “National Data Protection Authority” or “ANPD” means the public administration body responsible for overseeing, implementing and enforcing compliance with the LGPD throughout the national territory.
  • Subject
    1. OLLO, through its website, facilitates and optimizes the hiring, by interested legal entity (hereinafter “Customer”), of experienced and skilled service providers (hereinafter “Freelancer”) for the implementation of specific projects related to advertising, design, communication, among other related (hereinafter “Project”), promoting, to the Customer, a specialized curatorship.
  1. This Privacy Policy sets out the main rules for the Data Treatment Applicable to OLLO, in the context of performing its service and in order to ensure an adequate level of protection of Personal Data processed by means of protection actions in alignment with the LGPD and other regulations that establish rules on the subject, performed by its internal areas.
  1. The Policy applies to all forms of Processing of Personal Data at OLLO in connection with its activities, including but not limited to:
    1. the hiring of professionals to make up its OLLO staff;
    2. the hiring of service and material suppliers;
    3. the hiring of services with Customers and Freelancers;
    4. the development of new lines of action; 
    5. the relationship with all government agencies, in all its spheres, whether of direct or indirect public administration, and,
    6. its relationship with the community in which it is inserted. 
  • Principles and Rules for Processing Personal Data
    1. The Processing of Personal Data under the responsibility of OLLO shall be carried out in accordance with the applicable laws as well as this Policy, observing the following principles:
      1. Personal Data, including Sensitive Personal Data, must be obtained fairly and lawfully. Where necessary, the Data Subject’s express consent shall be obtained in a clear and unambiguous manner. The Data Subject has the right to information about the data being processed, unless providing such information is impossible or would require a disproportionate effort by OLLO;
      2. Personal Data should only be collected for specific, explicit and legitimate purposes, and data processing for other purposes is prohibited. The sharing of data with third parties will be for the purposes specified above or as otherwise permitted or required by applicable laws; 
      3. OLLO shall implement appropriate technical and organizational controls and procedures to ensure security of the Personal Data, including Sensitive Personal Data, and prevent unauthorized access or disclosure which could result in possible alteration, accidental or unlawful destruction, loss of the data and all other unlawful forms of Data Processing. Considering the legal obligations and best practices, technical measures must be adopted to ensure a level of security appropriate to the risks represented by the Processing and the nature of the Personal Data to be protected; 
      4. The collection of Personal Data, including Sensitive Personal Data, must be adequate, relevant and limited to the purposes and intents for which it is collected and/or processed;
      5. Retention of Personal Data, including Sensitive Personal Data, shall be for a period no longer than is necessary for the specific purposes for which it was obtained, except when a different period is required by applicable law or regulation or when a different period is stated in the specific Consent obtained; and, 
      6. Procedures should be implemented to ensure prompt responses to inquiries from Data Subjects, ensuring the proper exercise of the right to access, rectify and refuse Data Processing, except where the LGPD otherwise allows.
  1. All personal data provided by the OLLO User is stored on servers, which contemplate high security mechanisms.
    1. The Personal Data collected and processed may be hosted on local servers and/or on third party servers and/or on cloud hosting providers.
    2. OLLO uses cookies and user monitoring software in order to provide its users with the best possible navigation based on their needs and for internal research. These cookies do not collect personal information, they only report the usage and navigation preferences of each user and provide OLLO with statistics and data to improve its services..
  1. OLLO takes all possible measures to maintain the confidentiality and security described in this clause, but shall not be liable for damage that may be derived from the violation of such measures by third parties using improper, fraudulent or illegal means to access the information stored on the servers or databases used by OLLO.
  1. OLLO collects and stores all information provided by its users during the use of its platform, including at the time of registration, for its own use and that of its business partners. 
  2. The registration information of each user serves to ensure your privacy and security. OLLO recommends its users not to share this information with anyone. OLLO shall not be responsible for any damages or harm caused to the User by the sharing of such information.
  3. OLLO has no access to the content of the links or communications between users. 
  1. The following are legitimate grounds for the Processing of Personal Data by OLLO:
    1. Consentimento inequívoco pelo Titular dos Dados; 
    2. For the fulfillment of legal or regulatory obligation by OLLO; 
    3. When requested and duly justified by the public administration, for the treatment and shared use of data necessary for the execution of public policies;
    4. Execution of a contract or of preliminary contract-related procedures to which the Data Subject is a party or at the Data Subject’s request; 
    5. Protection of the life or physical safety of the Data Subject or third parties; 
    6. Regular exercise of OLLO’s rights in judicial, administrative or arbitration proceedings; 
    7. For credit protection, and; 
    8. Legitimate interests of OLLO or of third parties (including its customers), except in the case where fundamental rights and freedoms of the data subject prevail and require protection of personal data.
  1. Where the Processing is carried out by a Data Operator on behalf of OLLO, OLLO shall choose a sub-processor which has sufficient technical, security and organizational conditions to ensure that the Processing will be carried out in accordance with this Policy. OLLO shall require the expression of consent of the processors to this Policy on Privacy and Protection of Personal Data..
  1. When transferring Personal Data out of the country OLLO shall observe, mainly, but not only, the following provisions:
    1. Recipient countries or foreign institutions must provide a degree of protection for transferred Data as provided for in the LGPD;
    2. OLLO shall ensure that the foreign Data Operator provides the conditions for compliance with the principles and rights of Data Subjects under the LGPD and this Data Privacy Policy, either contractually or by providing documentary evidence. 
  • Rights of the Data Subjects
    1. According to the General Law of Data Protection – Brazilian Law No. 13.709/18, the User may request at any time:
      1. Access to Personal Data: guarantees the User to receive a copy of all his/her Data in our database. 
      2. Confirmation of Personal Data Processing: provides the User confirmation that we are processing his/her personal data. 
      3. Revocation of consent: guarantees the User the possibility to revoke the consent, previously demonstrated. 
      4. Portability: possibility of providing the User or third parties indicated by the User, with Personal Data in a structured format, as long as the commercial confidentiality of our products is respected; 
      5. Rectification: enables the request, at any time, of the rectification of any Personal Data, should they be incomplete, inaccurate or outdated, which are in the care of OLLO; 
      6. Exclusion: allows you to request the exclusion of your Personal Data, even if the User has given prior consent. Upon request, all data that is not relevant for the provision of our services (such as, for example, data that is required to fulfill a legal obligation), will be deleted.
    2. The request for exercising the rights of the data subjects shall be requested through the electronic contact andre@ollo.is and under the conditions established by the General Data Protection Law, so that OLLO will undertake to use its best efforts to fulfill the requests when applicable.
      1. Requests shall be evaluated and answered within the deadlines established in the LGPD.
    3. OLLO will provide all information requested by public agencies, as long as duly justified and compatible with the law in force. 
    4. In case of a suspected or actual violation of the Users’ personal data, OLLO undertakes to notify the affected Users. 
  • Protective Actions
    1. OLLO shall periodically conduct a training program for the guidance of its OLLO Employees on the caution and processes required for the Handling of Personal Data under this Policy. The relevance of personal data protection shall, in addition to the training program, be reiterated in the daily life of OLLO, mainly by sharing practical examples through awareness sessions. 
    2. Training will be based, as a minimum, on this Privacy Policy, the Guidelines and Rules of Use, and the LGPD. 
    3. OLLO shall appoint a DPO, who shall be responsible for collaborating in the privacy strategy of the Personal Data processed by the company, as well as for the control of its effectiveness. The DPO shall also be in charge of responding and serving the Data Subjects and the ANPD. The contact information of the DPO will be available in all communication channels of OLLO. 
    4. To support the DPO and the OLLO partners, a Privacy and Personal Data Protection Committee will be constituted, composed of at least three members, being: the DPO; a representative of the Technology and Information Security area and a managing partner. 
    5. OLLO shall adopt compliance, security and control policies and programs in order to prevent violations of the LGPD by preventing, detecting, monitoring and addressing potential violations, including the Privacy Policy.
    6. OLLO will cooperate with the ANPD on issues related to the privacy of Personal Data under its Treatment, within the limits of the LGPD, maintaining its right to contradictory.
      1. If the ANPD requests information or determines any order, any employee receiving the information/order shall immediately inform the DPO. The DPO shall prepare the response to the Authority, with the support of OLLO Employees, Data Operators, service providers eventually involved, administrators, officers and/or, if necessary, the Privacy and Data Protection Committee.
      2. The DPO shall be the direct and primary contact between the OLLO and the ANPD. 
  • General Provisions
    1.  This Data Protection Policy shall enter into force on August 5, 2020, for an indefinite period of time. 
    2.  This Policy may be updated and changed at any time, without prior notice. 
    3.  The implementation of this Data Privacy Policy and the actions arising from it will be subject to periodic internal audits. 
    4.  In case of involvement of Personal Data processed by OLLO, any employee or third party who has knowledge shall immediately notify the DPO. Once the risks are assessed, the DPO shall be responsible, if applicable, for communicating to the ANPD and the Data Subjects.
    5. In case of changes or amendments to this Privacy Policy, OLLO undertakes to notify Users through its platform. 


Date of last revision: September 14th, 2021.