Privacy and Data Security Policy

OBJECTIVE

NTICS Projetos establishes its Information Security and Privacy Policy, as an integral part of its corporate management system, in line with the best practices of the market, internationally accepted standards and pertinent Brazilian legislation, in particular the General Law of Data Protection (LGPD). The goal is to ensure adequate levels of protection for the personal information and data operated by the organization, its customers and employees under its responsibility.

 

DATA SUBJECT RIGHTS

In compliance with the LGPD, we guarantee data subjects the right to access, correct, anonymize, block, or delete data that is unnecessary, excessive, or processed in violation of the LGPD.

 

PURPOSE

The purpose of this policy is to establish guidelines and norms of Information Security and Privacy that allow the employees of NTICS Projetos to adopt secure behavior patterns. This includes guidance on the adoption of controls and processes to meet the requirements for Information Security and Privacy of Personal Data; safeguard the information of NTICS Projetos, ensuring basic requirements of confidentiality, integrity and availability; prevent possible causes of incidents and legal liability of the institution and its employees, customers, suppliers and partners; and minimize the risks of financial losses, market share, customer confidence or any other negative impact on the business of NTICS Projetos as a result of security breaches.

 

DATA PROTECTION RESPONSIBILITY

Responsibility for compliance with the LGPD and this policy rests with all NTICS Projects employees, suppliers and partners The Data Protection Officer (DPO), if applicable, will be tasked with overseeing and implementing our data protection strategy and ensuring compliance with privacy regulations.

SANCTIONS AND DUTIES
Violations of this policy and other security rules and procedures, even in the form of a simple omission or unconsummated attempt, are subject to penalties including verbal warning, written warning, unpaid suspension, and dismissal for cause for employees with employment contracts. [...]

In the case of violations that involve illegal activities, or that may cause damage to the Organization, in addition to internal sanctions, the violator may be held legally responsible for the damages, and the pertinent legal measures may be applied.

 

SECURITY MEASURES

NTICS Projects will adopt the following security measures to protect personal data:

 

Access Controls: We will implement measures to ensure that only authorized persons have access to personal data and that such access is logged appropriately.

Encryption: We will use encryption techniques to protect personal data during transmission and storage.

Monitoring and auditing: We will perform constant monitoring and audits to identify and correct possible security vulnerabilities.

Training and awareness: We provide regular training for employees to ensure they understand security and data privacy best practices.

Physical Protection: We implement physical measures to protect the places where personal data is stored.

 

INTERNATIONAL DATA TRANSFERS

In compliance with the LGPD, NTICS Projects is committed to ensuring that any international transfers of personal data are conducted with an adequate level of protection and in compliance with all applicable laws.

 

DATA BREACH MANAGEMENT

In case of a security breach resulting in the destruction, loss, alteration, unauthorized access or disclosure of personal data, we will immediately notify the National Data Protection Authority (ANPD) and the affected data subjects, as required by the LGPD.

 

POLICY REVIEW

This policy will be reviewed regularly to ensure its effectiveness and compliance with current practices and data protection laws.

 

OMISSIVE CASES

The omitted cases will be evaluated by the Information Security Board for further deliberation. The guidelines established in this policy and in the other security norms and procedures are not exhaustive due to the continuous technological evolution and the constant appearance of new threats. Thus, it is not an enumerative list, and it is the obligation of the user of the information of the NTICS Projects to adopt, whenever possible, other security measures in addition to those foreseen herein, with the aim of guaranteeing protection of personal information and data.

 

HISTORY OF CHANGES

 

Review Privacy Preferences.