Letter of appointment of the Data Protection Officer

Through this communication, MCONF, through its legal duties as Controller and/or Data Operator, appoints as the Person in Charge of Processing Personal Data (IN CHARGE), under the terms of art. 41 of the General Law on the Protection of Personal Data (GDPR) and Articles 38 and 39 of the General Data Protection Regulation (GDPR), the Technical Director and Data Protection Officer, member of the company's staff: Leonardo Crauss Daronco, whose direct contact channel is the email address dpo@mconf.com

This appointment takes effect on the date of signing this letter and is valid for an indefinite period, being formalized before the Legal Representative of MCONF and the DPO himself.

Responsibilities and Tasks of the Data Protection Officer

The Data Protection Officer will perform the following tasks in accordance with Article 41 of the General Data Protection Law (LGPD):

  • Receive and Process Complaints and Communications: Accept complaints and communications from data subjects, provide clarifications, and take necessary measures.
  • Interact with the National Authority: Receive communications from the national authority and take appropriate actions.
  • Advise on Data Protection Practices: Guide and advise employees and contractors on practices concerning the protection of personal data.
  • Perform Additional Duties: Carry out other responsibilities as determined by the controller or established in supplementary regulations.
  • Assist in Data Protection Impact Assessments: Upon request, assist Controllers and Processors in conducting data protection impact assessments and their implementation.
  • Serve as Contact Point for National Authority: Act as a point of contact for the National Data Protection Authority on matters related to the processing of personal data, including prior consultations on data protection impact assessments.
  • Facilitate Data Subject Rights: Act as the contact point for the exercise of data subjects' rights under the LGPD and handle their inquiries related to data processing activities.

Obligations of MCONF

MCONF commits to:

  • Provide Necessary Resources: Provide the Data Protection Officer with all necessary means, financial resources, and personnel to enable the proper performance of their tasks and functions.
  • Involve the DPO in Data Protection Matters: Promptly involve the Data Protection Officer in all matters related to personal data protection.
  • Ensure Independence: Refrain from instructing the Data Protection Officer on how to perform their tasks and verify that the DPO executes their responsibilities autonomously and independently.
  • Verify whether the Data Controller performs his tasks autonomously and independently;
  • Make Prompt Decisions: Decide without delay on the implementation of measures such as adequacy and damage mitigation, addressing violations and incidents, public and authority communications, and other executive decisions concerning privacy and data protection as brought to senior management by the Data Protection Officer.
  • Maintain Public Availability of Contact Information: Keep the contact details of the Data Protection Officer publicly available.

The name and contact details of the Data Protection Officer will be shared by MCONF and, where necessary, officially communicated to the National Data Protection Authority and the public.

Lastly, the email address of the Data Protection Officer is provided for data subjects to exercise their rights: dpo@mconf.com.

Porto Alegre, July 4, 2024

About the company

Help

About the product

Talk to us

Contents