INFORMATION SECURITY – LGPD
SANEPAR‘s purpose is to provide health and environmental sustainability to society.
Our values such as Respect, Commitment, Professionalism and Transparency are in line with what is proposed in the General Law for the Protection of Personal Data – LGPD. Sanepar has the SGSI – Information Security Management System, which, in addition to taking care of the security of the Company’s information, handles personal data under its control, according to the LGPD, ensuring everyone’s privacy. With transparency, we clarify how we process personal data.
NOTICE AND DATA PRIVACY STATEMENT
The LGPD, (Law 13.709/2018), which entered into force on September 18, 2020, regulates the use, protection, processing and transfer of personal data, including by digital means, both natural and legal, of public and private law, in the domestic territory.
The new law applies to any and all personal data of Brazilians or foreigners. The objective is to guarantee data subjects greater control over personal information, requiring express consent for its collection, processing and use of data, as well as its consultation, correction and deletion.
Personal data that Sanepar makes available through its activities may reveal personal information, consumption profile and history, income categorization, religious or sexual political affinities. The LGPD aims at developing a legal security scenario, with uniformity and standardization of norms and practices, in order to provide protection, with equity in Brazil and in the world.
WHAT DATA DOES SANEPAR COLLECT AND HOW DOES IT USE IT?
When subscribing to Sanepar’s services, public and private data is requested, such as: Name, CPF [Individual Taxpayer Registry No.], RG [Identification Card No.], Date of Birth, Mother’s Name and the address where the water supply and/or services of sewage collection and treatment will be made available to you and your family. You sign the adhesion instrument and your data is stored in our systems, in order to provide the services of implementing your connection, preventive and corrective maintenance, in addition to establishing communication with you through the delivery of the monthly bill.
HOW LONG DOES SANEPAR PROCESS YOUR DATA?
Sanepar processes your data for as long as the provision of its services lasts, however, by law, it needs to keep your data in the system after the end of the contractual relationship with Sanepar, as in cases where it is necessary to provide data to public authorities through judicial requisition.
REGARDING THE DATA, WHAT ARE YOUR RIGHTS?
- Confirm the existence of the treatment;
- Right of access;
- Correction of data that is inaccurate and out of date. Remember that keeping your registration complete and correct is very important to you and is your responsibility, according to the Sanitation Regulation in the AGEPAR [Regulatory Agency of Paraná State].
- Anonymization, blocking of excessive data or data processed in violation of the law – Sanepar will analyze your request, within the need for treatment for the provision of services, in accordance with the provisions set forth by the LGPD regulation by the National Data Protection Authority (ANPD).
WHO DOES SANEPAR SHARE DATA WITH?
Sanepar is the controller of the personal data of customers and in order to carry out certain activities it is necessary to share data with third parties. They are hired to perform some services, are equally responsible for the safekeeping, care and confidentiality of their personal data and must observe and apply all necessary security mechanisms. See who these third parties are:
- Call Center service providers;
- Field service companies for maintenance and installation of water connection, sewerage and replacement of equipment, such as water meter;
- Companies that operate in the Credit Protection Service and Positive Registration system;
- Public sector agencies and entities, with regard to the service and inspections of the granting authority, the regulatory agency and upon request from police and judicial authorities or court decisions;
- Arbitration chambers when their ownership is one of the interested parties and there is their authorization to do so; and
- Municipal Governments (Granting Power that allows us to act in their municipality) when established in the Program and/or Grant contract or in the Technical Cooperation Contract between the Municipality and Sanepar to subsidize the execution of Public Policies. An example is the Collection of Municipal Garbage Fee, which can be used to pay the water bill.
HOW DOES SANEPAR PROTECT YOUR DATA?
- Technical security solutions and measures, aiming at preserving the inviolability of data, compatible with industry standards and best practices.
- Appropriate security measures in acting against the risk of accidental or illegal loss, disclosure or unauthorized access.
Still, malicious people may always seek to take advantage and commit fraud. It is important that you be very attentive. In the event of a suspected breach of security, contact Sanepar through the LGPD page available on the Sanepar website.
Don’t forget, your data is very important to us, so we handle it with great care and professionalism.
Cookie is a technology that works through a small text file that is downloaded to your computer or smartphone when you access our website. It allows the website to recognize the user’s device and store some information about the user’s preferences or previous actions, which will facilitate their browsing.
DATA PROTECTION OFFICER’S CONTACT
Dalton Issao Ito
Data Protection Officer (DPO)
Governance, Risk and Compliance Deputy Office
Address: Rua Engenheiros Rebouças, 1376, Curitiba – PR
Service Hours: from 8:00 am to 12:00 pm and from 1:00 pm to 5:00 pm
Business phone: (41) 3330-3428
If you have any questions, please do not hesitate to contact us through the Sanepar Transparency Portal, here on the website or through the e-mail firstname.lastname@example.org.
- LGPD no Planalto [LGPD in the Planalto]
- Política de Segurança da Informação da Sanepar [Sanepar’s Information Security Policy]
- Regulamento – Proteção às Informações [Regulation – Information Protection]