Information Security Policy of GoLedger Tecnologia e Participações LTDA
1. Purpose
This policy aims to establish guidelines and controls to ensure the security of the information handled by GoLedger Tecnologia e Participações LTDA (“GoLedger”), ensuring the confidentiality, integrity, and availability of data, especially personal and sensitive data, in accordance with the General Data Protection Law (Law No. 13.709/2018 – LGPD).
2. Scope
This policy applies to all employees, partners, service providers, interns, and any person who, directly or indirectly, has access to information under GoLedger’s responsibility.
3. General Principles
GoLedger observes the following principles in handling information:
- Confidentiality: Ensure that information is accessed only by authorized persons.
- Integrity: Guarantee the accuracy and completeness of information and processing methods.
- Availability: Ensure that authorized users have access to information whenever necessary.
- Accountability: Ensure that all involved in data handling act responsibly and in compliance with this policy.
4. Information Classification
The information under GoLedger’s responsibility is classified into three levels:
- Public: May be disclosed without restrictions.
- Internal: For exclusive use by the GoLedger team, not for external disclosure.
- Confidential: Includes sensitive, strategic, personal, or customer data. Access is restricted and controlled.
5. Protection of Personal Data
GoLedger commits to:
- Process personal data in accordance with the agreed purpose and always based on a legal basis under LGPD.
- Implement appropriate technical and administrative controls to protect data against unauthorized access, loss, alteration, and improper disclosure.
- Ensure the rights of data subjects, such as access, correction, deletion, and portability, in accordance with the law.
- Enter into contracts with specific data protection clauses with suppliers, clients, and partners.
6. Responsibilities
- Board of Directors: Approve this policy and provide the necessary resources for its implementation.
- Information Security Department (or responsible IT): Implement controls, monitor compliance, and respond to incidents.
- DPO/Data Protection Officer: Act as a communication channel with data subjects and the ANPD, and ensure compliance with the LGPD.
- As DPO, GoLedger has appointed: ○ Name: Marcos Sarres
○ Email: marcos.sarres@goledger.com.br
○ Phone: +55 61 981167866
- Employees and Third Parties: Protect the information to which they have access and follow the guidelines of this policy.
7. Access Control
- Access to information will be granted based on the principle of least privilege.
- The use of strong passwords and multi-factor authentication will be mandatory in critical systems.
- Access is monitored and periodically reviewed.
8. Security Incident Management
- All information security incidents must be immediately reported to the IT manager and the DPO.
- GoLedger will maintain an incident response plan that includes identification, containment, eradication, recovery, and lessons learned.
9. Training and Awareness
All GoLedger employees will receive periodic training on information security, data privacy, and digital best practices.
10. Auditing and Monitoring
GoLedger may carry out internal and external audits to verify compliance with this policy and identify risks, in accordance with contractual and regulatory obligations.
11. Sanctions and Penalties
Failure to comply with this policy may result in disciplinary actions, according to internal regulations, and in more serious cases, civil, criminal, or administrative liability.
12. Revisions and Updates
This policy will be reviewed annually or whenever there are relevant legislative, technological, or organizational changes.
