MZ Group - Terms and Conditions of Service - MZ Group

MZ Group - Empowering Investor Relations

  • We're here to help
  • IPO & Listed Companies
  • Assets & Fund
  • Board
  • Privacy Notice
  • Corporate Privacy Policy
  • GDPR Compliance
  • Terms and Conditions
Privacy Notice

You may visit this website and become familiarized with the services MZ offers, read reports, obtain information and news. Should you provide any information, this notice aims to clarify how MZ collects and handles your personal data through this website in accordance with MZ’s Corporate Privacy Policy. Since MZ’s Privacy Policy is subject to updating without prior notice, MZ recommends that you report to its most recent version regularly.

General privacy statements

1. Any information provided by users is collected and stored according to strict security and confidentiality standards.

2. Personal data is always collected from users through ethical and legal means for purposes which are informed to the users.

3. Personal data is not collected and processed through the website except when the user freely and actively consents with such collection, when data collection is mandatory due to contractual or legal concerns, or when such collection is justified by the legitimate interests of MZ as appropriately informed to the user;

4. Any data collection and their consequences will be informed to the users in advance, either through this notice or at the time of collection, so they may choose whether they wish to provide said data through their consent or, whenever consent is not necessary, by not using any particular function of the website.

5. Unless MZ receives a legal order from a competent court or authority, user data will never be disclosed to third parties or used for purposes other than those for which they were collected.

6. This website contains links or frames from other sites that may or may not be  in a certain manner associated to MZ. These links and frames are available to provide further benefits to the users of this website, but it does not mean that MZ has full knowledge and responsibility for such other sites’ privacy practices. Accordingly, MZ shall not be liable for any damages or losses caused by the use of said links or frames.

MZiQ Platform

1. Most of MZ’s services are available through MZiQ, a web-based platform accessed by password-protected login. MZ collects user data related to the set-up, maintenance and authentication of user accounts.

2. User’s client affiliation, name, e-mail address and password (or hash) are required for the functioning of the platform and processed in the legitimate interest to keep it running. Other data such as users’ physical address, contacts, title and aliases are optional, collected through active consent of the user and deleted as soon as the user sets it to blank.

3. User data such as data required for the user account set-up, user messages and inputs, and active bots are kept by MZ for as long as the client maintains the respective contract with MZ, provided no cancellation request is fulfilled by MZ whereas applicable.

4. When integration with third-party platforms (ZoomⓇ, Microsoft TeamsⓇ, or Google MeetⓇ) is required for the use of specific features, the user’s login in such a service will be used only for the purpose described on the screen. MZ does not permanently store login credentials in the third-party service nor does it access the service in the future to manage, insert, or delete data. The user is also subject to the terms and conditions of the third-party services, as described below:

4.1. Google – (App’s) use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Advertisement and mailing

1. MZ does use users’ personal data for targeted marketing and does not sell or disclose users’ personal data to third-party advertisers.

2. Users may receive MZ’s Market Update daily newsletter by opting in with their e-mail address in the appropriate field in MZ’s webpage. Data collected for this purpose will not be used for any other purpose and will be deleted as soon as the user opts out of receiving the newsletter through a link provided in each e-mail.

3. Users affiliated to a MZ client may receive communications and mailing from MZ via their registered e-mail based on MZ’s legitimate interest in establishing communications and offering advice and insight on existing and new products and services by MZ. Each user may limit the type and amount of e-mails received through their user preferences in MZiQ Platform.

Access data collection and storage

MZ is under Brazilian jurisdiction and is therefore subject to the mandatory collection of certain user access data, such as IP addresses, access date and time, and logon dates and times. Access data records may be maintained for this purpose for a period of six (6) months from collection to fulfill this mandatory collection obligation. Access data records related to MZiQ Platform user logins and other required services may also be maintained for a longer period, with the duration of the service contract with each respective customer and for a maximum period of 10 (ten) years. upon termination of the agreement, for the specific purpose of investigating and evidencing any improper access to such platform or other services until the limitation of their respective liability proceedings and based on the legitimate interests of MZ and its customers to disclose such improper access. for this purpose. In either case, the access data will not be used by MZ for any other purpose.


MZ may use cookies (small file placed in your computer to track movements on websites) for purposes of gaining intelligence on the actual usage of the website and its functions to manage system capacities. Users shall be prompted to accept or decline the use of cookies whenever accessing the website. In addition, users may at any time activate mechanisms in their browser to inform them when cookies are being activated or to prevent them from being activated.

User rights granted by MZ

Users may request the following to MZ regarding their own personal data under applicable privacy laws through e-mail: confirmation and access processed data, correction of incomplete, inaccurate or out-of-date data, blocking or deletion of unnecessary or excessive data, information on sharing of data, information on consent and the consequences of its denial, as well as withdrawal of consent and deletion of data processed with user’s consent.

MZ’s Corporate Privacy Policy

Please refer to MZ’s Corporate Privacy Policy for a more complete and accurate overview of the company’s practices concerning privacy and data protection.

Other important information on the terms and conditions of use of this site is available in Terms and Conditions of Use.

Corporate Privacy Policy

MZ Group’s Corporate Privacy Policy was created to demonstrate its commitment to the security and privacy of information. This policy rules how MZ collects and handles personal data processed in the rendering of services and other activities by MZ.

Scope and applicability

1. All employees, agents, suppliers and contractors of all companies of MZ Group are expected to withhold this policy and assure compliance with its terms, as well as with all applicable privacy and data protection laws.

2. This policy applies to all personal data processed by MZ, including their employees, clients and third parties’ information, whether or not the respective data subject is reached by any of the privacy laws and standards applicable.

3. In addition to MZ’s Corporate Privacy Policy, each company of MZ Group may adopt additional policies for handling of personal data and upholding privacy laws locally, which in any case may not provide less protection than this Policy.

General guidelines

1. MZ collects and stores personal data according to strict security and confidentiality standards.

2. All personal data processed by MZ is obtained through ethical and legal means for specific and clearly stated purposes and is always grounded in a legal basis provided in the applicable law. As a standard, MZ shall only process data in one of the hypotheses set forth by Brazilian General Data Protection Law – BR-GDPL (Federal Law no. 13.709/2018, in force as of August 2020). We also undertake to comply with the European Union’s General Data Protection Regulation – GDPR (Regulation (EU) 2016/679), as well as other foreign laws and regulations, as long as they are not incompatible with other applicable legislation.

3. MZ shall be transparent with data subjects about the collection and processing of their personal data, as well as foreseeable consequences thereof, in a reasonable and timely manner as applicable, so that subjects may choose whether they wish to give or withhold consent, opt-out, exercise their cancellation rights or any other rights provided by applicable law.

4. MZ shall only disclose personal data to third parties for reaching stated purposes as provided by law or in response to a legal order from a competent court or authority with jurisdiction over the respective data controller in MZ Group.

5.. MZ shall maintain the integrity and confidentiality of personal data it handles.

6. MZ shall minimize the collection, storage and use of data as strictly needed to reach the stated purposes of processing.

7. MZ shall not handle any personal data for longer than needed for the purpose of its processing. Any personal data which purpose has been exhausted shall be readily deleted or, if deemed needed, kept safely and segregated for the strict purpose of complying to any applicable legal obligation or for the longest applicable statute of limitations in the legitimate interest of MZ, for securing against undue claims and suits, without any other further processing.

Service policies

1. MZ collects data such as name, email address, IP address, company you work for, and password (or hash) for the legitimate purpose of setting up, maintaining, and authenticating user accounts on the MZiQ Platform and MZ websites, with the IP address collected solely for participant registration and Q&A sessions in the MZ webcast platform. MZ may collect additional data that may be provided actively by each data subject if the respective data subject gives consent to their collection and processing for purpose of customization and further identification in MZiQ Platform and MZ’s websites.

2. MZ’s services include the processing of personal data of third parties such as names, share participation in corporations, and other information related to business and corporate activities in a dashboard intended for officers and personnel of the respective corporation to keep track and obtain insight on matters such as share ownership and control. This is the core of MZ’s business, and the collection and processing of such data is done in our legitimate interest of maintaining such business activity that is of vital interest of the involved stakeholders. MZ does not share such information with other companies or entities except as provided for in this policy.    

3. Third-party personal data processed by MZ in relation with MZ’s services is either provided by the client in accordance to their respective privacy practices or are publicly available and obtained legally from stock markets through specialized market information services which access and compile such data in accordance to applicable laws and their respective privacy practices.

Advertisement policies

1. MZ does use user’s personal data for targeted marketing and do not sell or discloses user personal data to third-party advertisers.

2. MZ may engage in direct marketing practices and send mailing to individuals that are already in a commercial relationship with MZ, based on MZ’s legitimate interest in offering advice and insight on existing and new products and services by MZ.

3. Personal data related to marketing and mailing will not be used for any other purpose by MZ without an appropriate legal basis for such further processing.

4. MZ shall always provide easy and readily accessible ways of opting-out of direct marketing and mailing, and keep in place appropriate safeguards to the privacy of data subjects.

Employee policies

1. Access to personal data controlled by MZ is restricted to authorized employees who strictly need such access to develop their jobs. Undue use of personal data in breach of this Policy shall be subject to disciplinary and legal penalties by MZ.

2. Employee personal data shall be handled in accordance with this Policy. Information on the scope, purposes, legal bases, additional safeguards and specific rights on the handling of said data shall be provided to the employees by Human Resources of the respective company of MZ Group according to their specific policies and practices.

Supplier and contractor policies

1. Whenever third parties are hired to provide services to MZ which require access to personal data, they shall be required to execute appropriate confidentiality and/or data processing agreements, as well as to adhere to MZ‘s privacy standards.

2. MZ currently uses the services of the following contractors and shares personal data with them to the minimum extent necessary for the purposes of said services:




Shared data, Inc.


Cloud computing (AWS)

Any personal data stored in our cloud-based servers

Automattic, Inc


Web hosting (WordPress)

Personal data related to the log-in in the web hosting platform

Google, Inc.


E-mail hosting (Gmail)

Any personal data sent via e-mail to MZ shall go through the contractor’s servers

Google, Inc.


Text recognition (Dialogflow)

Information related to requests input in “bots” set by our clients in MZiQ Platform

SendGrid, Inc.



Contact information related to mass-communications with clients and people who opt-in to our mailing

Slack Technologies Limited


Internal communications

Any personal data sent via our internal communications channel

Totvs S.A



Client and employee information needed for our activities, as well as third-party information
involved in the functioning of our service

3. Please refer to each contractor’s privacy policies in order to obtain additional information on their practices on handling third-party data.

Data subject rights

1. MZ shall uphold the following rights concerning the privacy of data subjects:

  • confirmation of the existence of the processing of subject’s data by MZ;
  • access to subject’s data processed by MZ;
  • correction of incomplete, inaccurate or out-of-date data;
  • anonymization, blocking or deletion of unnecessary or excessive data or data processed in noncompliance with the applicable privacy laws;
  • whereas applicable, portability of client’s personal data to another service or product provider, pursuant to applicable privacy laws;
  • deletion of personal data processed with the consent of the data subject to the extent provided in applicable privacy laws;
  • information about public and private entities with which the controller has shared data;
  • information about the possibility of denying consent and the consequences of such denial;
  • withdrawal of consent as provided by applicable privacy laws.

2. Data subjects may exercise said rights through our Data Protection Officer (

3. MZ shall contact data subjects without undue delay to confirm the identity of the person making each request related to privacy rights and process such request accordingly.

Cross-border transference of data

1. MZ may share and transfer personal data among companies in MZ Group located in Brasil and the USA for corporate and business purposes as specified in MZ’s policies and agreements. MZ may also transfer data to data processors as per the respective data processing and/or service agreements.

2. Whenever private data is transferred across borders, MZ will ensure that the country of destination offers adequate privacy rights and protection to the data subjects and/or that there are appropriate safeguards in place in order to maintain compliance to the applicable privacy laws and standards, as well as this Policy.

3. Whenever receiving personal data from Europe or another jurisdiction that requires mandatory measures and/or safeguards, MZ shall execute the appropriate data transference agreement in order to ensure compliance to the applicable privacy laws and standards.

Applicable privacy laws

1. MZ Group has its main corporate headquarters in São Paulo (BR) and maintains affiliate companies in New York (NY-US), San Diego (CA-US) and Taipei (TW).

2. Brazilian privacy laws are fully applicable to MZ and its activities.

3. MZ is not a business subject to CCPA under its Section 1798.140(6)(1)(A-C), however, MZ undertakes to reasonably receive and respond to privacy requests coming from Californian data subjects as per this Policy.

4.  MZ is not a data controller nor processor subject to EU-GDPR under its Article 3(1-3), however, MZ undertakes to reasonably receive and respond to privacy requests coming from European data subjects as per this Policy.

Data Protection Officer

MZ keeps an appointed Data Protection Officer as per BR-GDPL. Any and all requests, doubts and complaints may be addressed to MZ’s Data Protection Officer through the following contacts:

MZ Consult Serviços e Negócios Ltda.

(att. DPO)


phone: 55 11 4780-3692

address: Avenida das Nações Unidas, 14261, 27th floor, 04794-000

São Paulo/SP, Brazil

Policy Reviews

1. This Policy shall be reviewed and updated at least yearly or as frequently as needed considering the passing in force of new applicable laws or the adoption of new practices by MZ.

2. MZ shall provide appropriate training regarding each version of Policy to all employees, agents, suppliers and contractors of all companies of MZ Group.

3. Each new version of this Policy will be readily made public in MZ’s website and internal and external communication channels.

What is GDPR?

The General Data Protection Regulation (GDPR), which was implemented by the European Union, establishing rules for the processing and free movement of personal data, came into effect in May 2018.

To access the complete law, go to:

What does GDPR consider personal data?

The definition of personal data brought by GDPR is in the sense that personal data is information related to a natural person, and can be understood as an individual, identified or identifiable, being considered as identifiable the person that can be distinguished, directly or indirectly, by reference to a identifying element such as a name, identification number, location data or one or more specific elements of physical, physiological, genetic, mental, economic, cultural or social identity.

Which companies should suit GDPR?

General Data Protection Regulation applies to any company that stores or processes personal data about citizens of the European Union, even if the company has no commercial presence in the European Union.

GDPR Key Terms

Data Subject– GDPR defines data subjects as identified or identifiable natural person[s]. In other words, data subjects are just people from whom or about whom you collect information in connection with your business and its operations.

Data Controller– The GDPR definition of a controller is the natural or legal person, public authority, agency or another body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor– Those entities that process personal data on behalf of data controllers, and as directed by data controllers, are considered data processors.

Consent– The GDPR steps up the standard for disclosures when obtaining consent, as it needs to be freely given, specific, informed and unambiguous, with controllers using clear and plain legal language that is clearly distinguishable from other matters.

How does MZ treat your personal data?

MZ is committed to protecting the privacy and security of information received by its customers.
MZ performs the processing of personal data to provide the services contracted by its clients, however, we only collect data that is necessary to perform the services.
We are continually improving our internal treatment and safety procedures. As detailed in our Corporate Privacy Policy.

What are the impacts caused by LGPD [General Law of Data Protection] in the relationship routine with investors?

MZ has mapped all the source of data capturing in its technology platforms, that include: investors-relationship website, webcast platform, mailing system, and CRM tool with shareholder base management.

In this sense, five sources of data capturing were identified:

  1. Registration Form of the RI Website: Talk to RI

Except for the data contained in the shareholder base file, made available by the Company’s Custodian Bank and protected for being a piece of information of regulatory law, since the user is a shareholder of the company, further data are collected with the user’s consent, as he/she is responsible for providing their own information under their own free will and volition.

We highlight that any sort of captured information is not shared with MZ or other companies. The information is kept in safe databases with exclusive access to the MZ’s Customer. Furthermore, it is under the customer’s own criteria the delimitation of people of their own team who shall have access to the information through the registration of users at the platform.

The data collected are under low criticality, once they are limited to:

o   User’s Name

o   E-mail

o   Telephone

o   Company’s name

o   Preferred language

The user also has the right to omit data, being able to, for instance, in case of the field “User’s name”, fulfill only his/her first name or even type a false name.

LGPD reinforces the release standards related to consent, considering it has to be given in a free, specific, informed, and unambiguous form, upon the usage of a simple legal jargon on the part of controllers, being clearly distinguishable from other affairs.

Within such a scenario, it is recommended the implementation of:

  1. Acceptance Instrument via checkbox in all points of data capturing:
  • Registration Form in the Mailing List
  • Talk to RI Form
  • Access Form to the Quarterly Webcast or Company Day

  1. Warning of the use of cookies in the first access of each IP at the website

Inclusion of a message over the use of cookies, that only appears in the first IP access to the website, of the relationships with the Company’s investors, e.g.:

  1. Inclusion of information over the data usage and confidentiality at the website

Add information over the data usage, safety, and confidentiality in the document of Terms of Usage Conditions of the website of relationships with investors, including information regarding collected data and collection method; specific purposes of data usage; method and duration of data usage; identification of data controllers and their contact information; details of the shared usage of data; responsibilities of the data controllers and operators; and users rights regarding the treatment of their personal data pursuant to the LGPD, in addition to, in case of consent, explanations regarding risks and the possibility of denying and withdrawing consent at any time, as well as potential usage impossibility of one or more services if consent is denied.

  1. Access restriction and storage safety

Implementation of policies and processes in the routine of relationships with investors, in such a way that all reports that have personal information, e.g. shareholder base and mailing list file, are saved in a secure environment with access control and audit of the access via user’s log, so that it is possible to identify any data leakage.

We highlight that MZ platform relies on a high-security level, where all data are stored with encryption in such a way that only the company has access to your information. We also grant permission for the company to delete a contact and, therefore, any and all trace of the user’s data history.

What has MZ done as part of its compliance with the LGPD?

After the release of the GDPR in 2018, MZ hired consulting firms to assist in the conduction of a process audit and to define which areas needed to be approached.

Since there, here is what we have conquered:

  • Data mapping exercises: interviews have conducted with each department and personnel involved to map all areas of the organization to understand the personal data flow in processes and systems, in order to allow the production of record documentation of data treatment operations and the establishment of effective privacy governance program and personal data protection.
  • Responsibility for personal data treatment: we have designated a person responsible for personal data treatment, whose identity and contact data shall be made available to the public through the website, and who shall be responsible for working as a communication channel with the owners of personal data and the national authority. Furthermore, such person shall be responsible for receiving complaints and announcements from the personal data owners, provide clarifications and adopt measures regarding the usage of their data, receive notices of the national authority and adopt measures regarding it, and guide employees and agents regarding personal data protection.
  • LGPD Core Team: we have defined a core team, which goal was to monthly gather with the person responsible for the personal data treatment to review the requirements and the improvement, and to assure that the necessary changes were prioritized and completed pursuant to legal time periods.
  • Training and Awareness-raising: we have made internal pieces of training with all the collaborators, establishing a program to help our employees and new staff understanding what is the LGPD and which are their functions to help in the compliance assurance.
  • Agreements with Third Parties: we have reviewed all the suppliers to whom we work with, and present reviewed agreements that define the specific obligations of both parties according to the LGPD.
  • Documentation: we have updated our Privacy Policy, and we have made it available at our website, through the following link: We have also added details about the Warning of Privacy, and Terms and Conditions.
  • Technology adjustments and changes in the process: we have established processes of data breach, the treatment of access requests and we have set up procedures to assure compliance on a continuous basis.
  • Establishment of technical and administrative measures for data safety and privacy: we have established corporate policies and standards in order to assure confidentiality, integrity, availability, and controlled usage of personal data. We have also reviewed our technical controls to assure their fulfillment.
  • Assessment of impact and risk: we have established processes of impact assessment of our data usage practices to the privacy of users, as well as risks related to the usage of such data in such a way that we can mitigate potential exposure that we might identify.
  • Establishment of a governing privacy program: we have established governing rules in order to ensure the effectiveness of data protection and to keep updated the operating regulations, the procedures, the safety rules, the technical standards, the specific obligations to the several personnel involved with the treatment, the educational measures, the internal supervision mechanisms, the risk mitigation mechanisms, as well as other particulars related to the usage of personal data.
Is MZ ready to meet the requirements of the new law of data protection?

Yes. MZ has been diligently working together with specialized law firms and consulting offices to assure that our procedures and systems take into account the requirements of the new regulation. Our relationships are based on trustworthiness and, for such purpose, any personal data that we exchange are kept under complete safety and pursuant to the applicable laws. We believe that complying with LGPD must not be treated as an initiative or a single project. Moreover, our Privacy Program will continue adapting to ensure that such trustworthiness is always respectfully treated.

How does MZ handle the requests of data access?

According to the laws of data protection, our customers would be considered data controllers (or those who determine which and how data should be processed). On the other hand, MZ provides tools to obtain personal data and it would be the Processor itself (in other words, we process data on behalf of our customers).

In case MZ receive a Request for Data Access (or a request related to the exercise of any other right envisaged by the personal data protection legislation) directly from an Owner of Data or from an individual whose personal data are processed, it shall be requested to the data owner that he/she makes contact with the organization to which their data was provided.

In turn, when our customers (the controllers) ask us to help to provide the requested information by a data owner, or to delete, block, anonymize, or restrain the usage of personal data, MZ shall work directly with our customers as part of our obligation with LGPD.

It is important to notice that it is the Controller’s responsibility for the assurance of the data owner’s identity. LGPD expects that controllers use the proper means in this sense and that we encourage our customers to work with their legal teams in order to determine the best way of doing so.

Does MZ store any data from Google Analytics?

No user traffic or web analytics data is stored by MZ. All data are sent to Google and they are accessed through CMS by Google Analytics API.

For Google Analytics profiles managed by customers and used in our products, the fourth quarter recommends the following actions:

Review your controls of data retention. Additional information may be found here:

Notice that these are only MZ recommendations and we encourage our customers to work with their legal teams and their TI to determine the scope of LGPD applicability in their organizations.

Which third parties are potentially involved with the treatment of private data for MZ services and products?

A list of the current subprocessors and their functions might be found at our website in the section of Privacy Policy through the link:

How should I handle the registration at the mailing list?

As part of the adjustments to comply with LGPD, our customers must understand the specific actions necessary to ensure compliance.

Find below the recommendations for customers (referred to as Data Controllers throughout the regulation) regarding enrollment forms via email, according to the new requirements.

In cases in which MZ hosts or provides enrollment forms via email, MZ is considered the data processor. As a Data Processor, MZ shall make all the requested amendments on behalf of their customers, the Data Controllers, provided that such amendments are documented, as well as compliant with the regulation.

Recommended Measures:

  • Be clear about the sort of information that users shall receive and when it shall happen.
  • Be transparent about to whom data is going to be shared.
  • Use clear and straightforward about how to obtain consent.
  • The option checkboxes of the specific email list, if used, must be unmarked (unmarked) by pattern to assure that the consent is explicit.

Text suggestion for inclusion at the website:

When providing your email address, you authorize <Company’s Name> to send relevant updates through the email of Investors Relationships.

At <Company’s Name>, we undertake to respectfully treat your data. Moreover, we will not share your information with third parties. You may request that your information is removed at any time by making contact with our team of customer service: or by clicking at the button “unsubscribe” that appears in every email sent.

In order to obtain more information about how we protect your information, please check our Privacy Policy [Link for the company’s privacy policy].

When did LGPD enter into force? And what is data?

In practice, the General Law of Data Protection – LGPD entered into force on September 18, 2020, in order to protect natural people regarding the treatment dedicated to their personal data, their sensitive data, and the data of children and teenagers.

But what is data? Personal data is information that allows the identification of a person, such as their RG [Identification Card], their CPF [Individual Taxpayer Registration Card], and so forth. Sensitive data is related to ethnic origin, religious belief, political opinion, affiliation to trade unions, and so forth. Anonymous data does not individualize a person, and, for this reason, it is not treated as personal data.

LGPD directly impacts all businesses that access, collect, or treat data of individual persons, both digitally and physically, regardless of the industry to which they belong.

LGPD is a law that aims at protecting information privacy regarding companies. It offers to the user more clarity and control over the personal data retained and treated at the organizations’ databases.

For the companies mentioned in the stock exchange or undergoing a process of opening and capital, our position is that investors shall attribute a premium value to the companies that show a strong adhesion to the new regulation, similar to the way in which investors see companies with strong corporate governing rules and the ESG programs. Companies that have not already started planning need to get organized, start understanding, and implementing their answers. Thus, they shall mitigate risk factors.

This “wave of transformation” has built the companies’ need to constantly create innovation and to use technology in favor of the business development, whether it is to know better their customer, to enhance the relationship with their stakeholders, or to improve their customer service.

What is to be done in case of data leakage?

In case of data leakage, it is important to be transparent. Every company must have a Crisis Committee that is ready to provide a real quick answer and have a previous crisis plan, constantly monitoring the communication channels.

We remind that data leakage and other safety incidents must not be hidden, for, in addition to being an inadvisable practice that presents risks to the data owners, LGPD requires that any likely adverse event that might show potential harm must be advised to the national authority and to the damaged people.

Data protection shall be an important asset. Thus, in case of leakage, it is necessary to clarify which is the level of technology protection and resources that the company has used, both to the legal protection and especially the impact on the image and future value of the company.

What are the obligations imposed by LGPD?

Every legislation has rights and duties. A number of topics are set in to bring safety to the users. In the search for data protection, several topics sprung into action to bring safety to the users. See some of them hereinafter:

Permission for data usage: during the handling of personal data of the citizens, the company must receive assertive permission of each individual or justify the collection and usage of data pursuant to any other LGPD authorization to use them;

  • Right to the exclusion of personal data and to the objection to its usage: if a piece of information is no longer relevant for the purposes that motivated its collection, or if it is being used without due authorization or justification, the companies must end its usage and/or delete it;
  • Protection for children and teenagers: in a special section of the law text there are rules to avoid overexposure of children and teenagers, requiring the parents’ consent for children under the age of 12;
  • Portability: the user has the right to transfer, without limitation, their personal data from one company to another, whenever they want to do so;
  • Cyberattack and leakage: the companies are compelled to notify the customers within 72 hours after becoming aware of an invasion or data theft;
  • Straightforward communication: the companies that process data must clearly and comprehensively explain the privacy policies, including information of all the companies that have access to the data and the respective responsibilities, in such a way that the users understand;
  • Data transfer: the citizens’ data that are protected under the LGPD may only be transferred to countries that have similar personal data protection laws;
  • Protection by the national authority: citizens have the right to petition to the National Authority of Data Protection for such Authority to demand the accomplishment of their rights in case they are unfulfilled by the companies;
  • Review of automated decisions: in case any decision that impairs an individual is made by a machine without the involvement of human beings, such individual might required the review of such decision. Furthermore, the individual may engage the national authority if necessary.
Terms and Conditions

Navigation and public searching of this website are subject to the Terms and Conditions below as well as the provisions of MZ’s Privacy Policy:

Representations, Liability and Damages

1. MZ does not guarantee that the content, instruments and material contained, used and offered on this website are accurately updated and/or complete, and is not liable for damages caused by any errors involving the content, software or if any equipment fails.

2. MZ is not expressly or tacitly liable for the improper use of the information, instruments or materials made available and/or of the equipment used for this website, for whatever purpose, by any user, who is fully liable for any infringement of their own rights or those of third parties, regardless of whether said damages were caused or not by said improper use.

3. Under no circumstances is MZ, its executives or employees liable for any direct or indirect, special, incidental or consequential losses or expenses arising from connecting to this website, for the use or the inability of use of any party, for any event related to faults, errors, omissions, interruptions, defects or delays in operation or transmission or for computer viruses or faults in the transmission lines or systems, even if MZ or its representatives were advised of the possibility of such damages, losses or expenses.

4. The adequate provision of all internet resources, without exception, is the full responsibility of the user of this website.

5. MZ is not liable for the content of other websites (a) whose address is available on the pages of this website or (b) which make available the address of this website, and MZ is not liable for any damages caused by the websites mentioned in this item.

7. The content of information dissemination tools, such as chats, blogs, forums, as well as the other tools available to the general public on this website, constitute the publication of the personal opinions of the content contributors. These opinions and statements do not necessarily reflect the opinions of the company, therefore MZ is not liable for such opinions or statements.


1. MZ reserves the right to improve the functionality of this website due to the analysis and consolidation of the information and suggestions compiled and the opportunities these present for all users of the website.

2. MZ is subject to Brazilian privacy laws as well as other national and international laws whereas applicable. MZ adhere to the most strict privacy standards among Brazilian and European laws in order to protect private information of users and other stakeholder alike.

3. For more information on the use of the information collected through this website, please consult the Privacy Notice for the website.

Copyrights and Intellectual Property

Notwithstanding any legal provisions to the contrary, all content of the pages of this website, such as information, materials, tools, organization of pages, charts and drawings, are the property of MZ or of the third parties that have legally assigned their usage rights.

Last update: September 21, 2023