Data protection and customer privacy

GRI 418-1

Faced with the need to expand security mechanisms constantly, we mapped, in 2021, the main weaknesses of the Company's systems, with firewall devices set by a specialized manufacturer. To reduce the risks regarding corporate data and protect customers' privacy, we have adopted remediation plans, including data encryption, corrections of flaws evidenced in tests that reproduce cyber-attacks, conses data backups, and guarantees low unavailability of our tools by monitoring network availability, besides successive hardware upgrades.

Data protection and customer privacy also rely on a big data tool, which monitors the registration of suppliers, protects corporate data and prevents money laundering.

On another front, we set up a team exclusively dedicated to implement and develop actions to adapt Even to the Personal Data Protection General Law (LGPD). These initiatives prevented the Company from leaks, theft or loss of customer data during the year.

In 2021, we received 65 calls from holders. Among them, 07 intended to revoke consent, 42 to delete data, 14 to consult data, 1 to correct data and 1 to inform about the conduct of independent brokers. We have verified and concluded all calls by the end of the year.

In 2019, we received a notice of infraction for phone harassment (people who asked for their exclusion in mailing). To fully remove the obligation to settle this administrative proceeding, since there was no disrespect on Even’s part, we have filed a lawsuit requesting the nullity and suspension of the fine, and we are awaiting the decision. In 2021, no legal claims were registered.

General Personal Data Protection Law (LGPD)

We have an LGPD Committee, including the Legal, Project Office, Compliance and IT departments, to discuss, align, and monitor the adjustments to be implemented in the Company's systems, activities, and operational routines. Even also has an independent legal office responsible for data protection and Even’s DPO (Data Protection Officer), responsible for communicating with data subjects and local authorities.

Based on the main risks mapped by the committee regarding the protection of the Company's and its customers' data, we list several measures to avoid and/or mitigate these risks, most already implemented and others in progress, as follows:

Main Risks Mapped

Treaties

  • Implementing the DPO role and definition of a partner office to support the adjustments;
  • Creating a specific service channel for LGPD - implementing a data and e-mail processing form;
  • Reviewing Privacy and Cookies Policies;
  • Preparing the acceptance term for customers and prospects;
  • Reviewing the drafts from suppliers, brokers and customer contracts;
  • Reviewing active offer processes in sales stands;
  • Eliminating generic users in internal systems and replacing them with specific users;
  • Implementing a tool for log traceability;
  • Implementing a tool to block the export of lists.

In Progress*

  • Conducting training and delivering guidance manual to brokers;
  • Restricting access to offline leads database;
  • Studying sharing a restrictive list with real estate;
  • Reviewing the registration form and creating an online form;
  • Analyzing data inventory tool;
  • Studying activity record system (DLP);
  • Implementing encryption on critical systems;
  • Defining data deletion or anonymization policy and processes.

*baseline: 12/31/2021

Copyright 2022 - Even - All rights reserved - Credits - About this Report - Privacy Policy
magnifiercrossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram