What is the LGPD?
The Brazilian General Personal Data Protection Law 13709/2018 (LGPD) – which came into force in August 2020 – is designed to strengthen personal data protection and establish a structured framework for collecting, processing, using, and sharing (known as “processing operations”) personal data. The LGPD has extraterritorial application and affects both organizations established in Brazil and organizations located outside of Brazil that offer goods or services to individuals located in Brazil.
Like the EU GDPR, the LGPD defines and distinguishes between two types of roles and responsibilities regarding the processing of personal data: “data controller” and “data processor”.
A data controller is in charge of making decisions regarding the processing of personal data, while a data processor processes personal data in the name of the data controller. monday.com is the data processor where it processes personal data solely on behalf of its customers, and is the controller where it processes personal data for its own purposes.
How is monday.com complying with the LGPD?
monday.com is committed to compliance with the requirements of the LGPD where it applies to our data processing activities.
- Adopting security, technical and administrative measures aimed at protecting personal data from unauthorized access or any improper or unlawful processing;
- Having a dedicated privacy team for monitoring and ensuring that personal data processed by monday.com are protected and that we remain compliant with applicable data protection and privacy regulations;
- Ensuring that personal data remains protected to the levels which are required under the LGPD even if the personal data is transferred to another country;
- Having procedures for handling data subject requests, suspected incidents concerning personal data, and regularly conducting privacy training for all relevant members of our staff.
If you have any questions concerning monday.com’s privacy program and our compliance with the LGPD, please feel free to contact our Data Protection Officer & Privacy Team at firstname.lastname@example.org.