Privacy and Communication

Communications Policy and Payment Procedures


In view of the growing number of attempts at fraud and scams through phone calls or instant messaging applications such as WhatsApp, Telegram and the like, we have the following communications policy and payment procedures:

  • JG Assis de Almeida & Associados does not use WhatsApp or any other instant messaging application as a means of communication, favoring more secure and official channels, in particular emails.
  • We send all relevant information and communications through our official channels, namely email and telephone, or provide it in person at our offices in Rio de Janeiro and São Paulo.
  • Our lawyers do not take the initiative to contact clients via WhatsApp and other instant messaging applications.  
  • Although we may respond to messages received via WhatsApp and other instant messaging apps, these responses will be confirmed by email.
  • We never request payments via WhatsApp or instant messaging apps.
  • All procedures related to payments are conducted in a transparent and formal manner, accompanied by the corresponding documents and clear instructions, and always sent by email.


In the event of suspicious requests from our Firm or any member of our team, we ask that you do not make any payments or share personal information. Instead, contact one of our lawyers through the usual channels, or call (+55) (21) 2242-1077, which are our official communication channels.


Privacy Policy and Personal Data Protection


J.G. Assis de Almeida & Associados is a law firm with offices in Rio de Janeiro and São Paulo. Professional secrecy is inherent in our profession; it is imposed at all stages of our work. We have always striven for the confidentiality of the personal data of our clients, partners and collaborators; and we do it now in accordance with Law No. 13.709/2019 - General Data Protection Act ("LGPD").

This privacy policy aims at good governance of personal data and the self-determination of people over their data. We recommend reading it carefully and contacting us if you have any questions.

This policy may be amended at any time, upon prior notice through our website and/or social media. In case of a significant update that requires the consent of the interested parties, the notification will be made by email through the previously informed address.

  1. Data Subjects

Data subjects are any individuals, natural persons, whose personal data is subject to processing by J.G. Assis de Almeida & Associados. Not only our clients (present and potential), but also our employees, associates and partners, professionals interested in integrating our office, business partners and anyone who visits our website or subscribes to our content distribution lists.

Data subjects may request from our data governance team, at any time and under the law:

  1. confirmation of the existence of processing;
  2. access to data;
  3. correction of incomplete, inaccurate or outdated data;
  4. anonymization, blocking or deletion of unnecessary, excessive or processed data in violation of the LGPD;
  5. portability of data to another law firm;
  6. elimination of personal data processed with the consent of the data subject, except in cases of legal or regulatory obligation;
  7. information about public and private entities with which we share data;
  8. information about the possibility of the data subject not providing consent and about the consequences of this refusal;
  9. revocation of consent, in accordance with the law.

The conditions for implementing these rights may vary depending on their nature and volume, the terms of the LGPD, or the specific rules applicable to lawyers, such as the Statute of the Bar and the OAB (Law No. 8.906/94).

  1. Personal Data Collected and Processed

Personal data is any information relating to an identified or identifiable individual.

What data do we collect in the context of our activities?

Categories of Data Subjects Personal Data
Clients (current and potential) Name, CPF number and ID, email address, mailing address, phone number(s), profession, institution and/or company, as well as other data – including sensitive data – that may be necessary to provide legal services.
Employees, Associates and Partners Name, CPF number, gender, date of birth, ID card, OAB registration number, CTPS, email address, mailing address, phone number(s), resume, bank details.
Business partners and suppliers Name, CPF number, ID, email address, home/work address, phone number(s), company, bank details.
Mailing lists Name, email address.

What do we do with this data?

This data is:

  1. Collected, classified, stored, accessed and used in accordance with the purpose for which they were collected;
  2. Reproduced, shared and transferred to third parties, as necessary to achieve the purpose for which they were collected; and, finally,
  3. Deleted, when the purpose for which they were collected is achieved, when the legal basis for their processing disappears, or when the legal term for their storage expires.

In principle, J.G. Assis de Almeida & Associados collects personal data directly from the data subjects themselves. However, we may also receive personal data from third parties, especially in the context of our legal activities, when we receive information from the other party: court cases, administrative or arbitration proceedings; legal consultations; etc. This data is covered by the attorney-client privilege.

J.G. Assis de Almeida & Associados does not collect sensitive data (personal data on racial or ethnic origin, religious conviction, political opinion, membership in a union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, etc.) through its website, social networks or institutional email addresses. We ask for your cooperation not to send sensitive personal data through these means, and to disregard any contrary request.

The storage period varies depending on the purpose of the processing and any legal retention period; you may receive further details about the storage period for a specific data, or data category by emailing our data governance team.

J.G. Assis de Almeida & Associados does not make decisions that may affect the interests of the data subjects solely on the basis of automated processing of personal data.

  1. Sharing with Third Parties

J.G. Assis de Almeida & Associados does not disclose or market personal data. However, we may share it with third parties, as necessary for the performance of our activities.

This sharing is primarily intended for:
  1. The provision of legal services, covered by the attorney-client privilege: communication with the other party, the court, or the administrative authority, etc.; and
  2. The information technology (IT) infrastructure of our office, within the scope of service contracts that stipulate obligations in terms of personal data protection: email service, computer server, cloud system, etc

Within the scope of cloud computing services, personal data may be transferred and stored outside of Brazilian territory.

  1. Purposes and legal bases for Processing

What purposes do we use your personal data for?

Categories of data subjects Purposes
Clients (current and potential)
  • Provision of legal services
  • Answering any questions
  • Commercial relationship
  • Payment processing
  • Compliance (Know Your Clients)
Employees, Associates and Partners
  • Hiring and processing of resumes from job applicants
  • Management of the employment relationship
  • Payroll
  • Payment of dividends
  • Taxes and social contributions
  • Office access control
Business partners and suppliers
  • Suppliers database
  • Payment processing
Mailing lists
  • Registration in the contacts database
  • Sharing of legal content by email
  • Institutional announcements and supported events
  • Other institutional promotion actions

What is the legal basis for this use of personal data?

Consent is only one of the hypotheses for which personal data processing can be carried out, so it may not be necessary.

J.G. Assis de Almeida & Associados collects and uses personal data:

  1. with the consent by the data subject;
  2. to comply with legal or regulatory obligations;
  3. when necessary for the performance of a contract of which the data subject is a party, including in the preliminary stages when requested by the data subject;
  4. for the exercise of regular rights in judicial, administrative or arbitral processes; or,
  5. when necessary to meet the legitimate interests of our law firm (including for institutional communication), provided that it is in accordance with the rights and fundamental freedoms of the data subject.

Consent is the free, informed and unambiguous statement by which the data subject agrees to the processing of their personal data for a specific purpose; it can be revoked at any time. The lack of consent or the revocation of consent may have an impact on our activities and may even make them impossible, in particular, the provision of legal services.

  1. Guiding Principles

J.G. Assis de Almeida & Associados applies the principles of purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination and accountability.

  1. Purpose, adequacy, necessity and non-discrimination

J.G. Assis de Almeida & Associados collects, stores and uses personal data only to the extent necessary to achieve the applicable specific purposes. We seek to minimize the amount of personal data we process, in a manner consistent with these purposes and our legal and regulatory obligations.

As a law firm, J.G. Assis de Almeida & Associados has always been attentive to human rights, human dignity and freedom of expression, among other fundamental rights. We condemn any use of personal data for discriminatory, unlawful or abusive purposes.

  1. Security and prevention

Our activities require the collection of personal data, including sensitive data; it is our responsibility to ensure that these data are secure

Technological evolution constantly brings new risks and threats, which poses a challenge in terms of security. In this context, we follow three fronts:

  1. the use of adequate protection mechanisms, both physical (access control to our offices and files) and technological (access control to our switches and servers, cloud backup, files accessible only by authorized professionals, remote secure access, professional antivirus, access passwords, etc.), in accordance with market practices;
  2. preventive measures to raise awareness of our employees about the adoption of safe procedures;
  3. specific contractual clauses with our partners who may have access to the personal data under our control (in particular, IT companies).

J.G. Assis de Almeida & Associados stores personal data on its own server, located in Brazil, as well as on cloud servers, which may be located outside of Brazil. This international data transfer is motivated by the need for greater security and privacy incident tool.

Despite these measures, no security system is infallible. J.G. Assis de Almeida & Associados cannot be held liable for any damages and/or losses arising from failures, viruses or unauthorized access, except in cases where there is proven intent or negligence.

Security is a matter for everyone, including data subjects. Therefore, we invite everyone:

  1. to limit the communication of personal data only to the data requested for the performance of our activities;
  2. to use the internet safely, with an appropriate antivirus;
  3. do not open emails or attachments of unknown or doubtful origin; or,
  4. in case of any doubt about the integrity of a communication from our office, do not hesitate to contact us by phone.
  1. Free access, transparency and accountability.

Everyone can, at any time, request access to the entirety of their personal data stored by J.G. Assis de Almeida & Associados and relevant information about its use and storage period.

We do our best to store this data in a format that facilitates its access by the data subjects, and to provide information in a clear and precise manner, subject to the professional secrecy of the Bar association.

Delivering your personal data to a third party is an act of trust. To deserve this trust, our data governance team is at your disposal to provide any additional information or explanation.

  1. Data quality

The accuracy, clarity and updating of personal data is not only a right of the data subjects but also a necessity for the correct execution of our activities and to achieve the purpose for which they were collected.

Thus, the cooperation of the data subjects themselves is essential. J.G. Assis de Almeida & Associados collects and stores personal data as it is communicated to it, without prior verification. The data subjects are responsible for the veracity and updating of this data.

  1. Website

Our website uses cookies only to improve navigation (e.g., language selection) and/or for statistical purposes (analysis of visitors' activities and behavior).

Reading and agreeing to the terms of the present Privacy Policy are a condition for browsing our website and accessing its contents (including legal content), news and other features.

The eventual provision of external links to third-party websites is not a guarantee in terms of personal data protection by these websites. J.G. Assis de Almeida & Associados does not carry out any assessment of the practices and policies of these third parties in terms of privacy and protection of personal data, and does not assume any responsibility for the practices of these third parties.

  1. Contact

Our data governance team is responsible for responding to any request for information, complaint or concern regarding this policy and the management of personal data, including in the event of a privacy incident.

Requests can be sent by email to rj@aaalaw.com.br.

We do our best to respond to requests within the shortest possible timeframe, which may vary depending on the scope of the request and the nature of the data. In any case, we will confirm receipt of your request within 48 hours with an indication of a maximum response time, which will not exceed 15 days.

If you prefer to be contacted by telephone, a member of our team will contact you as soon as possible at the telephone number provided in your request.

Last update: 19/07/2023