Ensuring the security of our information, as well as data privacy, is a fundamental part of the strategic and operational conduct of our business. Therefore, we value the transparent, ethical, and secure processing of the personal data we handle. The activities involving such data are carried out legitimately, lawfully, and based on laws, internal regulations, and market best practices.
Learn more about this topic and the actions we take to ensure the privacy and security of the data of everyone who interacts with us.
About privacy and data protection:
Privacy is the right to respect for an individual’s private and family life, their home, and correspondence. In other words, it is the ability of people to determine for themselves when, how, and to what extent personal information about them can be shared or communicated to others.
But after all, what is the difference between Privacy and Data Protection?
They complement each other, but they are not the same thing. Privacy is a fundamental right that must be protected, while Data Protection is the set of measures used to guarantee that Privacy.
What about the LGPD?
The Brazilian General Personal Data Protection Law (Law No. 13,709/2018) (“LGPD” or “Law”) was inspired by the European General Data Protection Regulation (GDPR) and entered into force in August 2020.
With the LGPD, Brazilian citizens now hold various rights regarding their personal data and gain greater control over it. The Law guarantees protection for all data belonging to natural persons (individuals), whether in physical or digital format. Thus, the LGPD does not cover data held by legal entities (companies)—which are not considered personal data for the purposes of the Law.
It is essential to clarify that the LGPD does not aim to prohibit data processing, but rather to establish rules and limits to protect data subjects. However, the LGPD provides definitions and establishes roles and responsibilities for the actors involved in the processing of this personal data:
Principles that guide the LGPD
ANPD sanctions:
The LGPD established the National Data Protection Agency (“ANPD”) as the body responsible for overseeing and enforcing compliance. Non-compliance with the LGPD may result in sanctions by the ANPD. These sanctions may include:
Frequently Asked Questions (FAQ):
LGPD is the acronym for the Brazilian General Data Protection Law (Law No. 13,709/2018). The LGPD establishes rules for the collection, storage, and sharing of personal data, providing greater protection to the subjects of such data.
Any data relating to an identified or identifiable individual, or a person who can be identified by means reasonably likely to be used. Examples of personal data include: name, age, gender, parentage, physical and email address, document numbers, corporate identifiers, electronic identifiers (IP, IMEI), among others.
Personal data concerning racial or ethnic origin, religious conviction, political opinion, trade union membership, or membership in a religious, philosophical, or political organization, as well as data concerning health or sex life, or genetic and biometric data, when linked to a natural person.
How does Cosan process my personal data?
Cosan collects, stores, and uses personal data. To understand how this processing of personal data is performed and for what purposes, we recommend reading our Privacy Notice
To access Cosan’s Data Privacy Notice, click here! |
At Cosan, the role of Data Protection Officer (DPO) is carried out by Focaccia, Amaral e Lamonica Sociedade de Advogados, with Dr. Danilo Weiller Roque, Brazilian Bar Association (OAB/SP) No. 347,658, as the person in charge.(Contact us via e-mail: dpo.cosan@cosan.com) |