10 PRINCIPLES OF
PERSONAL DATA ON LGPD
TRANSLATED INTO 3 SUSTAINABLE PILLARS
HOLDER HAS
TOTAL RIGHT ON
YOUR DATA
DATA USED
AS APPROVED
BY THE HOLDER
DICE
PROVEN
INSURANCE
BRAZILIAN GENERAL DATA PROTECTION LAW
WOLKEE SUPPORTS AND DIRECTS ITS CUSTOMERS TO THE CORRECT USE AND MAPPING OF CUSTOMER DATA COLLECTED IN THEIR BUSINESS FOLLOWING THE 10 PRINCIPLES OF LGPD.
Purpose: There must be a legitimate, specific and explicit purpose for using the data. Since the holder
must be informed about how the data will be used. As an operator, Wolkee will strictly follow the
directing the Client Company on the processing and use of data through contract
services and will only store personal information in accordance with the contracted services.
​
Data quality: The data subject has the right to review the data whose processing has been consented to to ensure accuracy, clarity and up-to-dateness. This responsibility remains with the Client Company, which, in turn, has to ensure that its direct clients can access and update their data. The Client Company's direct customers do not have access to data stored at Wolkee. After any update to the Customer Companies' databases, this data is automatically replicated to the Wolkee databases for reporting and other services.
​
Suitability: Data must be treated in a manner compatible with the purpose informed and approved by the owner. As operator, Wolkee will treat the data in accordance with the service contract signed with the Client Company which is responsible for ensuring the adequacy and purpose.
​
Free Access: The holder has the guaranteed right at any time to consult how their data is being used by the Company. This responsibility remains with the Client Company, which, in turn, has to ensure that its direct clients can access and verify how their data is used. The Client Company's direct customers do not have access to data stored at Wolkee.
Necessity: Data should only be processed when necessary, not exceeding the use communicated and authorized by the owner. As an operator, Wolkee will strictly follow the Client Company's guidelines on the treatment and use of data from its direct customers through the service contract signed.
Prevention: The company must adopt general security measures and internal training of its employees to avoid the occurrence of damages due to the processing of personal data. Customer Companies' direct customer data is stored in the Microsoft Azure cloud and follows the strictest information security concepts, using the most modern encryption methods from our partner Microsoft.
Transparency: Clear information about the processing of personal data, avoiding doubts for the holder. This responsibility remains with the Client Company, which, in turn, has to guarantee clarity to its direct clients about the type of data processing. Wolkee will strictly follow the Client Company's guidance on the treatment and use of data through the service contract
​
Safety: Connected to the principle of Prevention, technical and administrative measures are necessary to protect personal data against incidents.
-
Techniques: Client Companies' direct customer data is stored in the Microsoft Azure cloud and follows the strictest Information security concepts that are approved by other programs such as GDPR.
-
Administrative: All Wolkee employees, third parties and partners annually sign the Wolkee Code of Ethics and Conduct, where this documentation clearly expresses the data protection responsibility of its Client Companies and its direct customers, as well as the Wolkee principles and values. Our contracts with partners and customers contain an NDA session without exception.
-
Access: Access to data stored in Wolkee is authorized by the Client Company, preventing any type of unauthorized access. Accesses are monitored and recorded for further evaluation. Wolkee on its own initiative performs a semi-annual review of access of all its customers, partners and employees, ensuring that only authorized people see the data .
​
Non-Discrimination: No data will be used for discriminatory or abusive purposes, whether of racial or ethnic origin, political opinion, religion or beliefs, geolocation, union membership, genetic or health status or sexual orientation.
Wolkee will strictly follow the rules written and signed in the service contract and will not allow any type of discrimination, which guides one of its main values: Respect.
Accountability and Accountability: The company is required to demonstrate the adoption of measures capable of
comply with personal data protection regulations. Wolkee goes through a Due Diligence process for
each Client Company before signing a service contract, in order to ensure capacity
to protect the data of direct customers of the Client Companies, even if you have a company
integrator, contractually interacting with the Client Company.
ENVIRONMENT AND DATA TRANSMISSION
Environment: WReports service is based on Azure, which is Microsoft's cloud computing platform and infrastructure. The WReports service architecture is based on two clusters – the Front-End Web Cluster (WFE) and the Back-End Cluster. The WFE cluster manages the initial connection and authentication of the WReports service, once authenticated, the Back-End handles all subsequent user interactions. WReports uses Azure Active Directory (AAD) to store and manage user identities and manages data storage and metadata by using Azure BLOB and Azure SQL Database respectively.
​
Connection and Data Transmission: The active transmission of information occurs through an On-Premisses Data Gateway hosted on a windows server that communicates with the azure servers through a tunnel, with the security of two-factor authentication, in addition to the unique password for each client. 32 characters (alphanumeric, upper and lower case letters and numbers), a second validation by token, with a 256-character key, following the AES (Advanced Encryption Standard) encryption standard.
SAFETY
As highly explained on this page, Wolkee relies on Microsoft Azure to maintain 100% of its Client Companies' data, which is highly regarded for its security against unauthorized access and adheres to strict protocols.
Despite this, Wolkee has developed more security triggers in its gateway and data transfer systems. All our customers have access to security manuals.
All Wolkee employees, third parties and partners annually sign the Wolkee Code of Ethics and Conduct, which clearly expresses the data protection responsibility of its Client Companies and their direct customers.
Semi-annual review of access to Wolkee databases and systems. Customers and partners are required to inform Wolkee within 5 working days of the termination of people related to their companies with access to data stored in the Wolkee databases. However, with corrective measure to this process, every six months, our operations team sends to all customers and partners the list of users with access for review and approval in order to protect the stored data from users who have lost access.