Privacy policy

1. introduction and purpose

At Pereira e Pelizzari Sociedade de Advogados, we value your privacy and the protection of your personal data. This Privacy Policy describes how we collect, use, store, share and protect your personal information, in compliance with the General Personal Data Protection Law (Law No. 13,709/2018 - LGPD) and other applicable regulations.

Our commitment to information security and data protection is a strategic pillar, reflecting our ESG (Environmental, Social, and Governance) seal and our specialization in legal technology. We believe that transparency and trust are fundamental to our relationship with you.

As a technology law firm, we understand that digital information has become the most valuable and, at the same time, the most vulnerable asset in today's business landscape. That's why our approach to data protection transcends mere legal compliance, establishing itself as a fundamental strategic pillar for the trust and prosperity of our professional relationships.

2. Scope and applicability

This Policy applies to all personal data processing operations carried out by Pereira e Pelizzari Sociedade de Advogados, regardless of the location of the organization or the data, and covers:

  • Our clients and potential clients;

  • Employees, trainees and job applicants;

  • Business partners and suppliers;

  • Visitors to our website and social networks;

  • Any other natural person whose personal data we process.

3. Important definitions

To facilitate understanding of this Policy, we present some key definitions, in accordance with the LGPD:

  • Personal Data: Information relating to an identified or identifiable natural person.

  • Sensitive Personal Data: Personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data relating to health or sex life, genetic or biometric data, when linked to a natural person.

  • Data subject: Natural person to whom the personal data being processed refers.

  • Data Processing: Any operation carried out with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of the information, modification, communication, transfer, dissemination or extraction.

  • Controller: A natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data. In our case, Pereira e Pelizzari Sociedade de Advogados is the Controller.

  • Operator: A natural or legal person, governed by public or private law, who processes personal data on behalf of the Controller.

  • Data Protection Officer (DPO): Person appointed by the Controller to act as a communication channel between the Controller, the data subjects and the National Data Protection Authority (ANPD).

  • ANPD: National Data Protection Authority, the body responsible for ensuring, implementing and monitoring compliance with the LGPD in Brazil.

  • Information Security (IS): Set of practices, technologies, processes and controls designed to protect systems, networks, programs, devices and data against attacks, damage, unauthorized access or any other form of malicious exploitation, ensuring Confidentiality, Integrity and Availability (CIA).

4. Personal Data Collected and Purposes of Processing

We collect and process your personal data only for legitimate, specific, explicit and informed purposes, in accordance with the LGPD. Below we detail the categories of data and the purposes for which we use them:

Category of Personal Data

Purpose of treatment

Legal Basis (LGPD)

Financial Data: Bank details, payment information, transaction history.

Processing payments and receipts; Compliance with tax and accounting obligations.

Execution of a contract (Art. 7, V); Compliance with a legal or regulatory obligation (Art. 7, II).

Provision of legal services; Communication with clients and potential clients; Contract management; Sending relevant information about the case or services.

Identification and Contact Details: Full name, CPF, ID, e-mail, telephone, address, date of birth.

Execution of a contract or preliminary procedures (Art. 7, V); Compliance with a legal or regulatory obligation (Art. 7, II); Legitimate interest (Art. 7, IX).

Profile analysis for specific legal services; Recruitment and selection of employees; Partnership management.

Professional details: Position, company, professional history, qualifications.

Execution of contract or preliminary procedures (Art. 7, V); Legitimate interest (Art. 7, IX).

Improving the user experience on our website; Traffic and performance analysis; Targeted marketing and advertising (with consent, where applicable).

Browsing and Usage Data: IP address, browser type, pages visited, visit time, cookies and other tracking technologies.

Legitimate interest (Art. 7, IX); Consent (Art. 7, I).

Provision of legal services that require the processing of such data (e.g. labor law cases, social security cases); Compliance with legal or regulatory obligations; Regular exercise of rights in judicial, administrative or arbitration proceedings.

Sensitive Data (if applicable): Health data, trade union membership, biometric data, etc.

Specific and detached consent (Art. 11, I); Compliance with a legal or regulatory obligation (Art. 11, II, "a"); Regular exercise of rights (Art. 11, II, "d").

Answering requests; Customer support; Recording communications for auditing and compliance purposes.

Communication Data: Content of emails, messages, call recordings (with prior notice).

Performance of contract (Art. 7, V); Legitimate interest (Art. 7, IX).

5. How We Collect Your Data

We collect your personal data in various ways, depending on your interaction with us:

  • Directly from you: Through forms on our website, emails, telephone, face-to-face meetings, service contracts, or when you voluntarily provide us with information.

  • From third parties: We may receive data from partners, service providers, or public sources, always in compliance with the LGPD and other applicable laws.

  • Automatically: Through tracking technologies on our website (such as cookies), which collect browsing and usage data.

6. Sharing Personal Data

Pereira e Pelizzari Sociedade de Advogados may share your personal data with third parties only when strictly necessary and for the purposes described in this Policy, always with the appropriate safeguards and in compliance with the LGPD. This may include:

  • Judicial, Administrative or Regulatory Authorities: For compliance with legal or regulatory obligations, or for the regular exercise of rights in proceedings.

  • Service Providers: Companies that help us provide our services (e.g. information technology services, data hosting, communication platforms, accounting services), always under contracts that require data protection and confidentiality.

  • Business Partners: In specific cases and with your consent, to offer complementary services or in joint projects.

  • International Data Transfers: If your data needs to be transferred outside Brazil, we will ensure that the transfer takes place only to countries with an adequate level of data protection, or through the adoption of specific contractual safeguards (standard clauses) or your explicit consent, in accordance with Art. 33 of the LGPD.

7. Data Retention Period

Your personal data will be stored for as long as necessary to fulfill the purposes for which it was collected, for compliance with legal or regulatory obligations, for the regular exercise of rights in judicial, administrative or arbitration proceedings, or for auditing and accountability purposes. After the end of processing, the data will be securely deleted, with the exceptions provided for in Art. 16 of the LGPD.

8. Security measures

We adopt robust technical and administrative measures to protect your personal data against unauthorized access, destruction, loss, alteration, communication or improper dissemination. Our security approach is based on the three fundamental pillars of information security, known as the CIA triad: Confidentiality, Integrity and Availability.

8.1. Confidentiality

We ensure that information is accessible only by authorized persons, protecting sensitive data from improper disclosure. Our measures include:

  • Advanced Encryption: Use of end-to-end encryption for data in transit and AES-256 encryption for data at rest, ensuring that even in the event of interception, the information remains unreadable to unauthorized third parties.

  • Strict Access Controls: Implementation of access policies based on the principle of least privilege, ensuring that only authorized people have access to the data required for their specific functions.

  • Multifactor Authentication (MFA): Requirement of multiple authentication factors for access to critical systems and sensitive data, including something you know (password), something you have (token) and something you are (biometrics).

  • Information classification: Implementation of clear information classification policies (public, internal, confidential, restricted) with controls proportional to the sensitivity of the data.

  • Data Masking and Tokenization: For highly sensitive data, we use masking techniques where only specific parts of the information are visible to certain users, and tokenization, replacing sensitive data with non-sensitive identifiers.

8.2 Integrity

We ensure the accuracy, completeness and reliability of the information, guaranteeing that the data is not altered or destroyed in an unauthorized way:

  • Cryptographic hash functions: Use of algorithms that are unique to files, making it possible to check for unauthorized changes.

  • Digital Signatures: Combination of hashing with public key cryptography to authenticate the origin of data and ensure that it has not been modified during transmission or storage.

  • Version Control: Implementation of systems that track all changes to documents and data, allowing reverting to previous versions if necessary and maintaining complete audit trails.

  • Audit Logs: Detailed records of who did what, when and where, creating evidence trails for investigations and guaranteeing the traceability of all operations with personal data.

  • Automated Integrity Checks: Implementation of regular, automated checks to detect discrepancies or corruptions before they cause significant damage.

8.3 Availability

We ensure that the systems, services and information are accessible and usable whenever necessary by authorized users:

  • System redundancy: Implementation of clustered servers, multiple internet links from different providers, uninterruptible power supplies (UPS) and generators to ensure operational continuity.

  • Backup and Recovery: Regular, automated and tested backups, with disaster recovery strategies (DRP) that guarantee the rapid restoration of data and systems in the event of failures or attacks.

  • Continuous Monitoring: Security monitoring systems (SIEM) for rapid detection and response to incidents, with real-time alerts that enable early detection of problems.

  • Load balancing: Distribution of traffic between servers to avoid overloading and guarantee consistent response times, even during peaks in demand.

  • High Availability Architectures: Implementation of active-active or active-passive systems that allow automatic failover in the event of failure of critical components.

8.4 Additional protection measures

  • Malware protection: Use of state-of-the-art anti-virus and anti-malware solutions, web application firewalls (WAF) and other security solutions to prevent infections and attacks.

  • Network Segmentation: Isolation of critical systems in separate network segments, limiting the potential impact of security breaches.

  • Vulnerability Management: Proactive processes to identify, assess and correct vulnerabilities in our systems and applications, including regular penetration tests.

  • Awareness and Training: Ongoing information security training and awareness programs for all employees, recognizing that the human factor is often the most vulnerable link in the security chain.

  • Incident Response Plans: Well-defined procedures for detecting, containing, eradicating and recovering from security incidents, minimizing response time and potential impact.

  • Service Level Agreements (SLAs): Establishment of clear availability expectations with suppliers, often expressed in "nines" (99.9%, 99.99%, etc.), guaranteeing high standards of service.

We recognize that cybersecurity is a continuous process of assessment, protection, detection, response and recovery. That's why we regularly review and update our security measures to respond to new threats, vulnerabilities and regulatory requirements, always maintaining the right balance between the three pillars of the CIA triad according to the specific needs of each type of data and process.

9. Your Rights as a Data Subject

The LGPD guarantees you, as the data subject, a series of rights that can be exercised at any time, upon request. We will do our best to respond to your requests free of charge and within reasonable timeframes. Your rights include:

  • Confirmation of the Existence of Processing: Right to know if we are processing your personal data.

  • Access to Data: Right to obtain a copy of your personal data that we hold.

  • Correction of Incomplete, Inaccurate or Outdated Data: Right to request the rectification of incorrect information.

  • Anonymization, Blocking or Deletion of Unnecessary, Excessive or Non-Compliant Data: The right to request that your data be anonymized, blocked or deleted when it is no longer necessary for the original purpose or is processed in breach of the LGPD.

  • Data Portability: Right to request the transfer of your personal data to another service or product provider, upon express request.

  • Information on Sharing: Right to know with which public and private entities we share your data.

  • Information on the Possibility of Not Providing Consent and the Consequences: Right to be informed about the implications of not consenting to the processing of your data, when consent is the legal basis.

  • Revocation of Consent: The right to revoke your consent at any time, easily and free of charge, when the treatment is based on it.

  • Review of Automated Decisions: Right to request a review of decisions made solely on the basis of automated processing of personal data affecting your interests.

  • Opposition to Processing: The right to oppose data processing carried out on the basis of one of the hypotheses for waiving consent (such as legitimate interest), if you consider that it violates the LGPD.

How to exercise your rights

To exercise any of your rights, please contact our DPO by e-mail: privacy@pereirapelizzari.com.br or via the form available on our website: https://pereiraepelizzari.com.br/contato.


When making your request, we may ask for additional information to confirm your identity, ensuring that the data is provided only to you.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to improve your browsing experience, analyze traffic and personalize content. You can manage your cookie preferences through your browser settings or our cookie consent banner.

For more details, see our Cookie Policy.

11. Updates to this Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in our data processing practices, new technologies, or changes in legislation. The latest version will always be available on our website. We recommend that you review it regularly. In the event of significant changes, you will be notified by email or notice on our website.

12. Contact person in charge (DPO)

For any questions, comments or requests regarding this Privacy Policy or the processing of your personal data, please contact our DPO:

Name/Position: Caroline Dipp (Coordinator)
E-mail : [email protected] privacy@pereirapelizzari.com.br
Address: Avenida Moema, 170, conjunto 125
Website: https://pereiraepelizzari.com.br

13. Final considerations

Pereira e Pelizzari Sociedade de Advogados is committed to the protection of your personal data and full compliance with the LGPD. Our approach to information security reflects our understanding that, in the contemporary digital landscape, data protection transcends legal compliance to establish itself as a competitive differentiator and a pillar of trust in our professional relationships.

We recognize that cyber security is a constantly evolving battlefield, where organizations of all sizes are targeted by increasingly sophisticated threats. That's why we maintain a proactive stance, continually investing in technologies, processes and training our staff to ensure that your data is always protected by the highest security standards.

Our specialization in legal technology allows us not only to comply with the requirements of the LGPD, but also to anticipate trends and implement the best data protection practices, always balancing the three fundamental pillars of information security: Confidentiality, Integrity and Availability.

We are happy to answer any questions you may have about this Policy or how we handle your personal data. Your trust is our most valuable asset, and we work hard every day to earn and keep it.