Este site usa cookies para garantir que você obtenha a melhor experiência em nosso site.
Korn Traduções (“Korn” or “we”) cares about respecting and protecting your privacy.
“Personal Data” means information about an identified or identifiable individual. Examples of Personal Data include full name, occupation, identification document, address, email, telephone number, education degree, IP, geolocation, vehicle information, among others.
“Processing” means every operation performed with Personal Data, such as collection, production, reception, classification, utilization, access, reproduction, transmission, distribution, processing, filing, storage, elimination, assessment or control of information, modification, communication, transfer, diffusion, or extraction;
“Subject” is a natural person related to the Personal Data subject to Processing.
Depending on the type of Subject (employees, service providers, partners, or clients) and the manner said Subject interacts with Korn, several categories of information are collected, such as:
2.1. Purpose of the Personal Data Processing
The Processing of your Personal Data may be performed by Korn in several means upon your consent, where applicable, by legal, regulatory, or contractual obligation, or otherwise. Korn may request that you provide your consent in writing, or through any means that confirms it, whenever necessary.
Your Personal Data is collected for feasibility and/or improvement of the translation services for which Korn was engaged to provide, as well as for:
Korn collects Personal Data through online forms or physical means when you, for instance, enroll in an event, sends information to apply for a position or fills out a contact form on the website.
When you register or send information to Korn, we generally request data such as your name, email, telephone number, position and company. In addition, other personal information may be received through resumés sent by you when applying for a position, through third parties, such as the company you work for, or even from public sources.
When you access our website, we collect internet standard registration data and behavior standard. Korn executes this action to gather information such as the number of visitors to different parts of Korn’s website.
We use analytics tools that help us analyze the access and use of our website. The tool uses “cookies”, which are text files located in your computer, to collect information on standard internet registration and visitor’s behavior anonymously, always with the purpose of assessing the use of the website by visitors and compile statistical reports on the activity on Korn’s website. In case of interest in knowing more about cookies, including how to control them, see the website https://www.allaboutcookies.org/
Korn’s pages or services may also use other tracking technologies, including IP addresses, registration files, and web beacons, which also help us adapt Korn’s website to your personal needs.
Korn may store your Personal Data for the time needed to meet the purposes mentioned in this policy and applicable laws and regulations, as the case may be. For determination of the method and duration of the Processing of your Personal Data by Korn, the nature of your Personal Data provided to Korn and the purpose of the Processing will be considered. Once this purpose is met, your Personal Data will be deleted.
Certified translations, also known as sworn translations, are public documents and cannot be discarded. Certified translators must keep a copy of each translation made and record it in the Registry of Commerce of the state in which they are enrolled (Decree no. 13.609/43 and Resolution of the Registry of Commerce of each State).
The elimination of data and information, when necessary, will be made through established physical or electronic elimination procedures, subject to the existing legislation and in such manner as to eliminate all evidence and copies in possession of Korn.
Korn will not sell your Personal Data, but may share or transfer them to third parties, in Brazil or abroad, for meeting the purposes set out in this policy and any court orders or decisions by any other competent authority, according to the applicable legislation. Therefore, Korn may share with or transfer your Personal Data to third parties, within or outside Brazil, in the following events:
For cases not provided for above that call for Personal Data sharing, the express authorization (consent) will be requested from the Personal Data Subject through a notice with information on the sharing.
In all events, Korn undertakes to share only the Personal Data needed for the performance of the respective purpose or meeting the respective specific order, as the case may be.
By virtue of the Covid-19 contagion prevention and control measures, Korn and/or the building where it is located may also collect personal information from its employees, service providers, and visitors, such as health history in relation to Covid-19, information on the workplace and body temperature, among others.
The services provided by Korn require the support of a technological infrastructure that may be established outside Brazil, such as cloud servers and services, which may be owned or provided by third parties. In addition, for the performance of its activities, Korn may have to share your Personal Data with third parties outside Brazil.
In such events, Korn ensures that will only engage third parties that meet the highest security standards and apply at least the same level of Personal Data Protection provided for in the Brazilian Legislation.
Korn and the third parties with which your Personal Data may be shared follow the security standards required for prevention and remediation of unauthorized access to Personal Data, employing the applicable means and recommended security standards to protect it, to the extent technically and operationally feasible.
Korn recommends that you check the privacy policies of such persons and/or third parties’ websites prior to providing your Personal Data.
Korn respects your privacy and cares about providing the necessary channels to enable you to exercise your rights and receive proper, clear, and transparent information on the use and processing of your Personal Data. Therefore, any request to change incomplete, inaccurate, or outdated data and/or for exclusion of data provided to Korn, including Personal Data, should be done by email to [email protected]
The request will be analyzed, and, in case it does not entail interruption of the service provision by Korn or fits within one of the events of preservation of data, performed. Should it entail interruption of the service provision, your relationship with Korn will be terminated, but the obligations resulting from the provision will remain valid and, in such event, your information and Personal Data will remain being used and processed by Korn and/or authorized third parties until the need or purposes set out in this Policy are met.
Further to the change and exclusion of Personal Data, you may also exercise the following rights upon request to Korn by email to [email protected]:
For security purposes, Korn may request additional data or information to confirm the Subject’s identity and authenticity in case of requested exercise of such rights.
The Subject may contact the company through an email to [email protected]ções.com.br.
If you wish to access, change, or delete your Personal Data provided to Korn or exercise any of your rights as Data Subject, contact us through email to [email protected] We will take the required measures and/or reply to the email within a reasonable period, according to Korn’s technical and operational feasibility. Korn may also request you to update your Personal Data periodically.
Lastly, if you received communication from Korn and did not intend to receive it, notify us through the link “Unsubscribe” or send an email to [email protected]
Korn’s purpose is to answer all requests above as soon as possible.
Korn is headquartered in São Paulo – Brazil. The contact information for Korn’s Data Protection Officer is:
Av. São Gabriel, 201, conj. 1403
São Paulo – São Paulo, 04532-080
This Policy may be revised every two years or at any time, as needed or desired by Korn, according to the approval cycle of the involved areas and authorities. An updated version of this Policy will be made duly available on this page as soon as it is completed.
Korn Traduções, seeking to establish a long-lasting and trusting relationship with its clients, employees, and service providers, and aiming at meeting the needs of its clients with excellence, confidentiality, integrity, and availability, is committed to the protection of information owned by it used in the provision of its services.
The setting up of an Information Security and Privacy Management System is a commitment by the senior management of Korn Traduções, focused on:
This Policy applies to all employees and third parties who are users of the resources and information of Korn Traduções.
The Information Security policy, guidelines, and standards are correlated with, but not limited to, the following laws:
It is the responsibility of Korn’s senior Management, together with the internal departments involved to review and update records on the legislation applicable and take the appropriate actions, when applicable.
Other stakeholders in Korn’s chain of operations (clients, service providers, legal third parties, subcontractors, among others), according to the scope and applicability, must comply with the legislation applicable to them
For the purposes of this Policy, the following terms and definitions shall apply:
The documents that compose the normative framework are divided into five categories:
All processes and templates are available in the Process Portal, and the records are in the documents repository of Korn Traduções. Every documented information that evidences the execution of a process must have its storage under control, aiming at its prompt recovery.
Area managers must submit new documents or revisions for approval by the senior management before they are made available, according to the Documented Information process, which is part of Quality.
Printed copies of the contents of Korn Traduções‘ Process Portal are not deemed valid and are prohibited.
The documents that are part of the structure must be disclosed to all employees, interns, apprentices, and service providers of Korn Traduções upon hiring through the company’s official internal disclosure means in accordance with the Korn Traduções Communication Plan, and can be made available through the HR management software in effect, through the Process Portal and through the repository of shared documents, so that their contents may be surveyed at any time.
The classification of every information owned by Korn Traduções or under its custody is deemed necessary, proportionally to its value to the company.
Information composing the ISMS is to be classified as:
Information related to Korn Traduções’ employees, financial area, and client information (registration data and documents) is always considered restricted, with access granted only to persons who have a need to know in order to perform their activities and provide the contracted service. To enable adequate control of information, the access levels described in the General Infrastructure and IT Procedures must be used.
INFORMATION SECURITY GUIDELINES
Protection of information owned by Korn Traduções or under its custody is deemed necessary, being an underlying factor in the professional activities of each employee, intern, apprentice, or service provider of the company:
It should be stressed that the situations provided for in this Policy are not exhaustive, and other situations related to the use of equipment at the workplace or doubts regarding information security may happen.
As to these situations not expressly provided for in this Policy and/or in the other Policies and in our Code of Ethics and Conduct, Korn Traduções relies on the common sense of its employees and, should any doubts remain, the IT and HR/People Management departments can always be contacted to answer any questions through the emails [email protected] and [email protected].
Information Security Risk Assessment
The ISMS management of Korn Traduções shall conduct actions to identify and classify Information Security risks of the company by mapping vulnerabilities, threats, impacts, and the likelihood of occurrence, as well as adopt controls that mitigate these risks with those in charge of the assets to which the risks are associated.
Required Competencies for Information Security
Those directly in charge of the ISMS management must have the required competencies to perform their duties at Korn Traduções appropriately, thus ensuring the success of the ISMS. The required competency must:
Access to the physical environment of Korn Traduções is controlled and monitored. Visitors and service providers must stay at the reception room and meeting room, where necessary, and access to all other environments is restricted.
The entry of employees and service providers off working hours is not allowed, except where strictly necessary and upon prior authorization from the senior management, and third parties must always be escorted by an employee of Korn Traduções.
Every detail regarding control of access to Korn Traduções facilities, protection against external threats, alarms, utilities (electricity, water, air conditioning, etc.) is described in General Infrastructure and IT Procedures.
Contracts entered into with service providers that may have access to confidential information and personal data must contain information security and confidentiality clauses. Service providers who are more important and critical with regards information security, working directly with Korn Traduções, receive training on the guidelines set out in this policy.
CLEAN DESK AND CLEAN SCREEN POLICY
All employees, interns, and apprentices acting on behalf of Korn Traduções must be aware of and follow the advice and guidelines included in this policy, which must be complied with both when performing activities at Korn Traduções‘ office and at home, where related to this regime.
The purpose of this Clean Desk and Clean Screen Policy is to ensure that data and information, both in digital and physical format, and assets, whether tangible or not, are not left unprotected at the workplace when they are being used or when someone leaves the workplace for a short period or during break times (lunch, meetings, etc.), or at the end of working hours.
The employees, interns, and apprentices must:
Cases not provided for or omitted in this policy shall be forwarded to the IT department.
INFORMATION TRANSFER POLICY
MOBILE DEVICE USE POLICY
The purpose of this policy is to set up rules on the use of mobile devices to ensure Information Security and compliance with the legislation.
Mobile device means any electronic equipment with mobility features, such as notebooks, tablets, and mobile phones owned by Korn Traduções or third parties, in case of mobile phones used in the performance of professional activities related to the company with the approval by the senior management.
Only computers provided by Korn Traduções may be used by employees, interns, and apprentices, and no employee of the company is allowed access to data through personal computers. All data must be stored in proper folders in the network drive. The IT department must make periodic checks of all existing sharing and ensure that data deemed confidential or restricted have adequate access control. When a virtual device needs to be used, for continuity, it can be accessed by a personal computer when authorized by Korn Traduções senior management and in compliance with IT department guidelines.
Everyone at Korn Traduções must regard information as an asset of the company, one of the critical resources for the performance of the business.
Protection is deemed necessary with respect to the privacy of information in Korn Traduções‘ custody, that is, information owned by its clients and handled or stored in media to which Korn Traduções holds full administrative, physical, logical, and legal control.
The guidelines below reflect the institutional values of Korn Traduções and reassert its commitment to the continual improvement of this process:
Creation of Access and e-mail Account for Non-Employees
The creation of an access and email account for persons who are not employees of Korn Traduções is not allowed, except for interns and apprentices.
In the event that third parties need a logical access credential to systems or tools that depend on email for their proper operation, the employee’s manager must justify the need and request approval from the ISMC. In such cases, the third party’s access must be restricted to correspondence related to the performance of their duties at the company, during business hours, and according to Korn Traduções‘ policies.
Korn Traduções‘ service providers shall not be included in any of Korn Traduções‘ distribution lists and/or public folders that may contain information intended for employees.
All types of systems that need logical access must have formal control from the release of the access to the revocation thereof.
The IT department will perform periodical reviews of the access, which may be made jointly with the users. Employees, interns, and apprentices must always inform any identified abnormality or access unnecessary to their work.
Access revocation may occur in cases of dismissal of an employee according to the dismissal flow, change of duties, expiry of a contract with service providers, or request.
Applications, servers, physical access, and resources must have their clock synchronized to enable a careful review of incidents or operations by users.
The Internet is considered essential means for information survey and work productivity; therefore, its use in workstations is released under monitoring. Such monitoring must be capable of:
The rules on Internet use determined in the Code of Ethics and Conduct of Korn Traduções must be followed.
Access to the Internet on servers must be blocked.
As most of our employees are working from home, the information and applications used by Korn Traduções are in cloud servers, with firewall protection implemented in software to cover all equipment used both internally at the office and externally.
Visitors are no permitted to access the main wireless network. If they need to connect to the internet, they may be provided with access to the network set up for visitors.
The description of the network is detailed in the General Infrastructure and IT Procedures.
The use of removable media (such as USB, external HD storage devices, etc.) is forbidden. In case of strict need for a certain activity, the employee must justify it to the manager in charge, who will assess the possibility of release jointly with the IT department, according to the assumptions and needs provided for in this Policy.
The exchange of information with clients or service providers must be made through secure channels.
POLICY ON USE OF CRYPTOGRAPHIC CONTROLS
Procedures to ensure confidentiality, integrity, and availability of information through activation of the information security resources and configuration of a secure communication channel must be implemented and maintained by the IT department. These procedures must contain rules on the effective and appropriate use of encryption controls to protect information.
Aiming at ensuring information integrity and recovery, the implementation of encryption control not approved by the IT department is forbidden.
To ensure the integrity of the systems and data, the IT department is responsible for making backup copies, which are defined in this Policy and in the General Infrastructure and IT Procedures, which ensure that:
All projects, creations, products and innovations that appear and are developed internally, or procedures developed by any employee during the course of the employment relationship are the property of Korn Traduções.
Use of Email
The email provided by Korn Traduções is a tool for internal and external communication of professional content regarding the activities performed by the employees. The messages shall not compromise the reputation of Korn Traduções, must not be in opposition to the legislation in effect nor to ethical principles.
The use of email is personal, and the user is responsible for every message sent from their address.
The employees are informed that all emails exchanged in Korn’s computers they use can be tracked and checked.
It is expressly forbidden to send messages that:
The rules contained in the Code of Ethics and Conduct of Korn Traduções must be followed as well.
Emails received with information security (such as notices on phishing, access to email in another device, suspected virus in a file, among others) must be forwarded to the IT department.
If an email is mistakenly sent to the wrong recipient, compromising information security of Korn Traduções and/or its stakeholders, this must eb reported immediately to [email protected] so that the necessary action can be taken.
Access to personal emails through Korn Traduções‘ computers is not allowed.
The email service must observe that:
The use of Google Chat is allowed only through the login provided by Korn Traduções;
Skype is allowed solely for organizational use;
Communication with clients and service providers via WhatsApp must preferably be made through application installed in the computer. Using the web version or app is monitored by the IT department to monitor incoming and outgoing files and may be blocked in accordance with the security guidelines in effect at Korn Traduções.
The use of these applications in Korn Traduções’ computers must be exclusively for internal contacts of Korn Traduções or with external contacts (clients and service providers) for matters related to the company.
Other applications are forbidden, and, in case of need, the ISMC must be contacted.
Illegal Software and copyright
Korn Traduções respects software copyrights, and the use of non-licensed software is not allowed. The use of illegal software (non-licensed) is expressly forbidden, and users do not have permission to install them, and the IT department must be contacted for any type of installation (even in case of software that only needs to be copied and executed).
The IT department will perform a periodic inspection on data in servers and/or users’ computers, seeking to ensure the proper application of this policy. In the event that non-authorized software are found, they shall be removed from the computers. Those who install such unauthorized software in their computers are held liable to Korn Traduções for any problems or losses caused as a result of such act.
The IT department hold evidence of possession of software use licenses and records on appropriate use of the number of licenses, guaranteeing intellectual property rights. This item is applied in accordance with the Asset Inventory item of this Information Security Operational Policy and respective procedures.
Korn Traduções also refrains from copying books, articles, reports or other documents, in whole or in part, beyond what is permitted under copyright law, or without due citation of references.
Failure to comply with this item may lead to disciplinary actions applied by the ISMC, in accordance with the Sanctions item of this Information Security Operational Policy.
Resources must be monitored as to their capacity and meet the growth of the company or information. The critical points to be monitored, e.g., storage space, database growth space, quantity of computers, and software licenses.
Disposal, Destruction and Reuse of Equipment and Media
All media used to operate the ISMS processes must be kept, reused, and destroyed in a secured and protected manner, such as incineration, shredding or removal of data for use in another application. The media disposal must be done through a specialized company.
It should be ensured that all sensitive data and licensed software have been removed or recorded in a secure manner:
It is the duty of all – employees, interns, apprentices, and service providers of Korn Traduções – to comply with the following obligations:
The classification of every information that is owned by Korn Traduções or that is under its custody is deemed necessary, proportionally to its value to the company, to enable its proper control:
The Information Security Management Committee (ISMC) is a multidisciplinary group composed of representatives from several areas of Korn Traduções appointed by the Senior Management for purposes of defining and supporting the strategies needed to implement and maintain the ISMS. ISMC meetings are held quarterly for planning and reviewing actions and special meetings may be held when there is a need for urgent resolution.
It is incumbent upon the ISMC:
It is incumbent upon each manager and officer to master all business rules needed for the creation, maintenance, and update of security measures related to the information asset under their responsibility (team or business unit), whether owned by Korn Traduções or a client.
Managers and officers may delegate their authority on the information asset; however, they remain ultimately responsible for their protection.
It is incumbent upon this role:
To report immediately to the ISMC any cases of violation of the policy, the information security and privacy rules or procedures, and any possible remediation actions that require the involvement of the ISMC.
Korn Traduções‘ Senior Management is committed to the information security and privacy management system and shall:
The analysis must be made soon after the respective audits are carried out, and proper records of the analysis, as well as of the remediation actions and improvements defined in the analyses, must be made.
It is incumbent upon the Quality Area to:
Every information asset under the responsibility of Korn Traduções is subject to audit on a date and at times determined by the ISMC. However, upon identification of practices that do not follow the guidelines of this Policy, records of identified problems may be made, and remediation actions will be required.
An audit must be approved by the Senior Management and, during its performance, the rights regarding the privacy of personal information must be protected, provided that such personal information is not stored in a physical or logical environment of Korn Traduções or its clients in a manner that gets mixed with, or prevents access to, information owned by Korn Traduções or that is under its responsibility.
For purposes of detecting abnormal activities in information processing and violations of the information security policy, rules, or procedures, the IT department may perform proactive monitoring and control, keeping the confidentiality of the process and information obtained.
In both cases, the information obtained may serve as circumstantial evidence or evidence in an administrative or judicial proceeding.
Internal audits are planned with a focus on the analysis of compliance with all processes related to the ISMS and results of previous audits.
The internal audits must be performed each year by internal or external qualified and trained auditors, with knowledge of the ISO 27001 standard and LGPD. There must be independence to ensure that auditors do not audit processes in which they are involved.
External audits must be performed to keep the validity of the defined certifications.
Upon identification of nonconformities in the performance of processes or during internal or external audits, they must be recorded for analysis and treatment.
Every recorded nonconformity must have its cause identified. Actions to eliminate these causes must be taken, and the effectiveness of the actions must be verified, in accordance with Quality Nonconformity processes .
The contacts with authorities are consolidated in the Communication Plan of Korn Traduções.
The contact with authorities management is under the responsibility of the People Management area, which must consolidate, inform, and disclose in a known and accessible repository of Korn Traduções the list of contacts, updated periodically;
Korn Traduções must perform an ISMS critical analysis at least once a year. Such analysis must have direct participation of the Senior Management and must take into consideration:
1) nonconformities and remediation actions;
2) results of monitoring and measurement;
3) results of the internal or external ISMS audits; and
4) compliance with information security objectives;
The outputs of the critical analyses must include decisions related to continual improvement opportunities and any needed change in the information security management system.
Korn Traduções shall maintain documented information evidencing the results of the critical analysis by the Senior Management.
Technical Conformity Critical Analysis
Korn Traduções performs the verification and critical analysis of the technical conformity considering:
Any violation of this Policy, or further, suspicions or evidence, must be reported to Korn Traduções through email [email protected] or by mail to:
Address: Avenida São Gabriel nº 201, conjunto 1403. São Paulo – SP.
The following situations, which are not exhaustive, are considered violations of the information security policy, rules, or procedures:
The violation of the Information Security policy, rules, or procedures, or the failure to adhere to the Information Security Policy of Korn Traduções are deemed serious faults, and the sanctions provided for in the Code of Ethics and Conduct of Korn Traduções may be applied: formal warning, suspension, termination of the employment contract, other disciplinary action and/or civil or criminal proceeding. Sanctions defined by the ISMC may also be applied, always in compliance with the legislation in effect.
The penalties under the Brazilian Consolidation of Labor Laws (CLT) will also be complied with and applied.
The main purpose of this document is to set forth the practices and commitments of all service providers with regards Korn Traduções’ information assets, as well as to raise awareness among service providers about correct use of the resources provided.
This document also includes a definition of liability regarding the actions of service providers and related disciplinary actions.
The Korn Traduções Service Provider Information Security Policy, as well as any reviews and updates, is the responsibility of the Information Security Management Committee (ISMC).
Any questions regarding the application of this policy, or suggestions for improvements and amendments can be sent to members of the Information Security Management Committee (ISMC) at: [email protected]
1.2 Disclosure and Distribution
This information security policy for service providers must be an integral part of the service provision agreement for all Information Technology service providers to Korn Traduções.
By signing the service provision agreement, the service provider recognizes they are totally familiar with and agree to the guidelines set forth herein.
1.3 Version and Review
This Policy, as well as the Guidelines and General Responsibilities of Service Providers contained herein may be reviewed, and new version must be produced, ratified, disclosed and distributed in the following cases:
All service providers are aware of their responsibilities regarding information security in line with the GDPR and undertake to follow this Policy, as well as the documents below, thus signing the commitment regarding Korn Traduções information and guidelines:
The items below describe the security guidelines related to Korn Traduções service providers.
3.1 Intellectual Property
3.2 Internet access on Korn Traduções premises
3.3 Mobile Computing
3.5 Information Handling Logic
3.6 Information Storage Logic
3.7 Access to Korn systems or equipment (On site or remote)
3.8 Use of Passwords, applicable to IT service providers
3.9 Service Provider Staff
3.10 Physical Security
Any breach of the guidelines set forth in this policy is and information security incident and must be duly recorded and analyzed by the Korn Traduções Information Security Management Committee (ISMC).
Following analysis by the committee, disciplinary measures for the service provider will be decided on, pursuant to the legislation in effect, and which may include: