cVortex Commitment to LGPD (Brazilian law)

LGPD Overview

Control over personal data is a right of every human being and, therefore, the processing of this data must consider the consent of the holder.


The LGPD brazilian law (Lei Geral de Proteção de Dados Pessoais, Law No. 13.709/2018) guarantees important definitions to ensure privacy, establishing a new structure to handle and protect personal data.

Compromisso LGPD | cVortex CRM



The controller is defined, according to the LGPD, as a natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data.


This means that the controller is the company or person who coordinates and defines how the personal data will be treated, from collection to elimination. Precisely for this reason, it is on who is most responsible for this treatment.


Policies should consider actions within the data lifecycle, such as:
















Diffusion or extraction


Controlador LGPD | cVortex CRM
LGPD Operador | cVortex CRM


The LGPD defines the operator as a natural or legal person, governed by public or private law, who processes personal data on behalf of the controller – processes personal data under the orders and policies of the controller.


Therefore, the operator must carry out the processing of data in accordance with the guidelines of the controller which, in turn, is based on the guidelines of the law.

Data Protection Officer (DPO)

According to the LGPD, DPO represents the person/entity, appointed by the controller and operator,  to act as the communication channel between the controller, the owner of personal data and the Brazilian National Data Protection Authority (ANPD).


The person in charge is known as DPO (Data Protection Officer), acting independently to technically guide and support corporate decisions so that they comply with personal data protection legislation, in addition to acting as a contact channel between controller, operator, holder and , eventually, ANPD.


Encarregado LGPD | cVortex CRM


The National Data Protection Authority (ANPD) is an organ of the public administration in Brazil, being the body responsible for monitoring compliance with the LGPD, imposing fines and sanctions and creating guidelines and guidelines on the law.


Princípios LGPD


These are the guiding principles to allow the LGPD to be duly respected.

Bases legais LGPD

Legal Basis

These are legal definitions that determine the LGPD’s hypotheses of how the processing of personal data should be applied to any stage of the life cycle of this data, from collection to disposal, in addition to the rights of the holder in relation to their own data.

Segurança LGPD


Security policies must be duly adopted by every company to ensure that processes, practices and tools guarantee the security of personal data during its treatment.

Direitos do Titular LGPD

Rights of the Holder

The LGPD provides for people’s control over their own information. This means that the owner of the data (holder) may ask a company to identify the use, alteration, anonymization or deletion of the data it holds about the holder, among other rights and guarantees.

Prestação de Contas LGPD


An obligation prove the measures taken in relation to compliance with the LGPD, in addition to the full functioning of continued provision to the holder, through the DPO.


Personal data

Personal data is any and all information that can uniquely identify a person. In Brazil, for example, we could cite the CPF or RG – these are just examples since any data that uniquely identifies a person will be considered personal data.

Sensitive data

It is any data of discriminatory potential, such as racial or ethnic origin, religious conviction, political opinion, religious, philosophical or political affiliation, data relating to health or sex life and genetic or biometric data.

Anonymized data

The LGPD indicates the anonymized data as being the one that, originally, was related to a person, but that went through stages that ensured the untying, making it impossible to uniquely identify that respective person.

Pseudoanonymized data

The LGPD indicates the pseudo-anonymized data as the one that, by path reconstruction, allows the identification of the holder again. An example could be encoded data (temporary removal of the holder’s identification) but , if decoded, could generate this respective identification again.

Public data

It is data that, on its own initiative or legal obligation, has been made publicly available.

Personal data holder

It is the natural person to whom the personal data refers.

Data processing

Treatment indicates the operations involved in the operation of the data, from collection to disposal. The LGPD stipulates rules for actions to process this data.

Our Commitment to LGPD

Data Privacy Policy

Over the past few months, our teams have been working to ensure our full alignment with the LGPD. Always aiming to ensure the correct handling of data and the consequent compliance with the privacy of personal data, policies have been duly established and implemented.

See more about our personal data privacy policy clicking here.

Frequently Asked Questions

If you want to know the most frequently asked questions about the LGPD, click here.

Wizz do cVortex