Legal overview
Home Privacy
Last Updated: August 04, 2024

monday.com & Brazil’s LGPD

Last Updated: August 04, 2024

The Brazilian General Personal Data Protection Law 13709/2018 (LGPD) is designed to strengthen personal data protection in Brazil and establish a structured framework for collecting, processing, using, and sharing (known as “processing operations”) personal data.

Like the EU GDPR, the LGPD defines and distinguishes between two types of roles and responsibilities regarding the processing of personal data: “data controller” and “data processor”.

A data controller is in charge of making decisions regarding the processing of personal data, while a data processor processes personal data in the name of the data controller. monday.com is the data processor where it processes personal data solely on behalf of its customers, and is the controller where it processes personal data for its own purposes.

How does monday.com comply with the LGPD?

monday.com is committed to compliance with the requirements of the LGPD where it applies to our data processing activities.

This includes:

  • Embedding a robust privacy program and regularly reviewing and updating policies and procedures to ensure the program remains appropriately targeted and fit for purpose.
  • Enabling our customers to respond to data subject requests to exercise their privacy rights, and having a process in place to respond to data subject requests where we are the controller.
  • Regularly performing security and privacy assessments of our data processing vendors and sub-processors to ensure their adherence to data processing principles.
  • Adopting security, technical and administrative measures aimed at protecting personal data from unauthorized access or any improper or unlawful processing;
  • Having an internal as well as external dedicated privacy teams for monitoring and ensuring that personal data processed by monday.com are protected and that we remain compliant with applicable data protection and privacy regulations;
  • Being transparent and fair in our data processing activities – monday.com’s Privacy Policy thoroughly details how in our capacity as data controller we process personal data and for which purposes; and our Data Processing Addendum sets the terms pursuant to which we process personal data on behalf of our customers, as their data processor;
  • Ensuring that personal data remains protected in line with the requirements under the LGPD, even if the personal data is transferred to another country;
  • Having procedures for handling data subject requests, suspected incidents concerning personal data, and regularly conducting privacy training for all relevant members of our staff.

If you have any questions concerning monday.com’s privacy program and our compliance with the LGPD, please feel free to contact our Data Protection Officer & Privacy Team at dpo@monday.com.

Empowering teams to accomplish more, together

14-day free trial | No credit card needed