Privacy Policy

About your Privacy and Personal Data Protection

CMT (“we”) acts to protect the interests of its customers and would be no different with respect to the protection of all Personal Data it handles. We share your concerns about maintaining your privacy and are committed to ensuring that we handle your Personal Data in accordance with applicable data protection and privacy legislation.

In this way, we have developed this Privacy Portal to maintain transparency about how we treat personal data, informing users of our website and our customers about our policies and procedures regarding the treatment, collection, use, processing, deletion, storage, security and sharing of data and personal information that are subject to protection, especially in light of the General Data Protection Law.

In addition, it is through the contact provided here that you can contact us to clarify any doubts and make requests related to the processing of your personal data, in particular, related to your rights provided for by the General Data Protection Law. We are entirely at your disposal for any questions, suggestions, requirements and considerations.

What is the General Data Protection Law?
Law No. 13,709/18, General Data Protection Law, commonly known as LGPD, is a law that establishes specific conditions regarding the protection and privacy of personal data in Brazil. The purpose of the law is that, when processing personal data, certain parameters, principles and rules are observed. In addition, the law seeks to guarantee a series of rights to holders of personal data (any individuals).

What is personal data?
The term ‘personal data’ is defined in the LGPD, in its article 5, item I. Personal data can be understood as any information that allows the direct identification or that may allow the identification of an individual.

What is processing personal data?
Throughout our Privacy Policy, you will notice the use of the word “processing” in relation to what we do with your personal data. This term is used in a generic way, representing any and all actions we carry out with your personal data, even the mere storage. The LGPD, in article 5, item X, establishes a list of activities that can be considered as treatment, so that we act in strict compliance with what is allowed in the legislation.

Who are the parties involved in the LGPD?
In accordance with the provisions of the LGPD, the parties may be: (i) the processing agents, that is, the parties that carry out the data processing subject to the LGPD, which may be qualified as Controllers or Operators – the Controller being the party that makes the fundamental decisions about the treatment, while the Operator will be the party that carries out the treatments upon the determination of the Controller -; (ii) the data subjects are the individuals (individuals) to whom the processed personal data refer; (iii) the National Data Protection Authority is the authority responsible for the supervision, guidance and application of the LGPD; and (iv) any other authorities that may analyze issues involving the LGPD.

What are my rights under the LGPD?
Your rights, as the holder of personal data, are provided for in the LGPD, that is, the law establishes what your rights are regarding the protection and privacy of your personal data. For the most part, such rights will be set out in art. 18 of the LGPD, but there are other articles that stipulate your rights. To learn more about what your rights are, you can consult item 10 of our Privacy Policy.

How can I claim my rights?
CMT is constantly concerned with observing individual rights and freedoms, always valuing the protection and privacy of your personal data. However, if you wish to exercise any of your rights, feel free to contact CMT via the email, which is our official channel for data protection and privacy issues.

Welcome to Carvalho, Machado e Timm Advogados (“CMT”)!

We are a law firm that provides legal services to both local and international clients.

This Privacy Policy describes how CMT (“Office”, “CMT”, “we” or “our”) collects, uses, shares and processes Personal Data (defined below) of:

  1. Visitors to our website (“Site”);
  2. Contact people for our clients and/or potential clients;
  3. Contact people for our vendors;
  4. Any other person about whom we obtain Personal Data.

We recommend that you read the Privacy Policy carefully and, if you do not agree with any provision, please do not access or use our services.

It is important to clarify that this Privacy Policy does not apply to CMT’s professionals and other third party services present on our Site.

To facilitate your access, the main points covered in this Privacy Policy are listed below; the respective sections are indicated:


To get familiar with the terms used, regardless of whether they are defined throughout the Privacy Policy, refer to section 1.


Data Collection and Use

We may collect your personal information in the course of our business, including through your use of our Site, when you contact us or request information, when you hire our legal services or other services, or because of your relationship with one or more of our professionals or clients. For further information, refer to section 2.


Ethics Channel

Our Ethics Channel is located on a third party platform, accessible through a redirect link available on our site ( For further information, refer to section 3.



We use and engage certain vendors to use cookies and similar tracking technologies (collectively, “Cookies”) on our Sites. For further information, refer to section 4.


Sites of Third Parties

Our Site has links that can direct you to other sites and applications. For further information, refer to section 5.



We can subcontract people to process data, as needed, to provide our Services. For further information, refer to section 6.


Confidentiality and Security

We are committed to keeping the Data provided to us secure. For further information, refer to section 7.


Time of Storage

We will keep your Personal Data for as long as necessary to fulfill the purpose for which it was collected and for CMT’s need to safeguard your rights. For further information, refer to section 8.


Data Transfer

We may carry out international transfer of Personal Data, provided that the applicable data protection laws are complied with. For further information, refer to section 9.


Rights of Holders

Aiming at the transparency of your rights, CMT informs you what your rights are as provided for in the Brazilian General Data Protection Law (LGPD), particularly in article 18. For further information, refer to section 10.



You can contact us through the channels established in section 11.



The Privacy Policy may be updated at any time without notice. For further information, refer to section 12.


Legislation and Applicable Jurisdiction

To find out about applicable legislation and jurisdiction, refer to section 13.

CMT may act as both Controller and Processor of personal data, depending on the situation and the specific case. Thus, whenever CMT is responsible for making decisions regarding the processing of your Personal Data, we shall be the Controller, whereas, when we carry out processing on behalf of another person, we shall be the Processor.

We care about the protection and privacy of your Personal Data. Therefore, we are constantly seeking to improve our systems, processes and procedures so that they are always in compliance with applicable data protection laws, to the extent applicable to us.


 a) Legal Base(is): the Legal Basis, for the purposes of this Policy, shall be those provided for in the Data Protection Applicable Law.

 b) Data Sharing (or Sharing): any and all forms of transfer or mere granting of access, use or other form of contact with Personal Data, provided to third parties, through any means, physical or digital, in person or remotely.

 c) Data Controller: it is the person responsible for the data processing operation and the person who will determine how, when, by what means and why the processing should take place;

 d) Personal Data: it is information that (alone or in combination with other information held by CMT) allows you to be identified as an individual or to be directly or indirectly recognized;

 e) Data Protection Applicable Laws: the laws concerning the protection of personal data and privacy that apply to Data Processing operations in force at the time they are applied, according to the processing hypothesis, considering the provisions of Act 13.709 /2018 (Brazilian General Data Protection Act), in Act 12.965/2014 (Brazilian Civil Rights Framework for the Internet) and in the European General Data Protection Regulation (GDPR), without prejudice to other regulations that already exist or that may still be created and that apply to the processing operation.

 f) Personal Data Subjects (or Data Subjects): natural person to whom the Personal Data that is the object of processing refers.

 g) Data Processing (or Processing): any operation performed with Personal Data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer , diffusion or extraction;

 h) Terms in General: in this Privacy Policy the terms “Personal Data”, “Processing”, “Data Subject”, “Breach of Personal Data” and “National Authority” have their meaning as defined in the LGPD.



 We may collect your personal information in the course of our business, when you access our Site, when you contact us or request information, when you retain our services or as a result of your relationship with one or more of our professionals or clients.

Our primary purpose in collecting your information is to: (i) verify your identity; (ii) provide our services; (iii) improve, develop and offer our services; (iv) process requests made by you on the Site or in connection with our services; (v) investigate or resolve inquiries or disputes; (vi) comply with any applicable law, court order, other judicial process, or the requirements of a regulatory body; (vii) execute our agreements with you; (viii) protect our rights, our property or safety or that of third parties, including those of our other customers and users of the Site or our services; (ix) for recruitment purposes; and, (x) as required and/or permitted by law.

To this end, we may collect from visitors to our Site, clients, prospect clients, suppliers and other third parties, the following categories of “Personal Data” or “Data”:

a) Sensitive Data: in strictly limited circumstances, in which you have provided us with the information necessary for a specific service we are providing to you, which may include data on religious or other beliefs, racial or ethnic origin, sexual orientation, health data, and union membership details.

b) Basic Data: may be your name, gender, job title, organization, job responsibilities, telephone number, and demographic information such as your address, email address, contact details and family life information (excluding sensitive data).

c) Customer Service Data: personal data received from customers in relation to employees, customers or other people known to customers, billing details and payment history, and customer feedback.

d) Applicants’ Data / Data of People in Recruitment: is data provided by job seekers or others on our Sites or offline means in connection with job opportunities, which may also be subject to an additional relevant Local Recruitment Privacy Policy.

e) Compliance Data: may be data from government identifiers, passports or other identification documents, as well as date of birth, ownership data and due diligence data.

f) Marketing Data: details of your attendance at conferences and in-person seminars, credentials, memberships, interests and preferences for services.

g) Social Media Data: can be messages, likes, tweets and other interactions with our presence on social media;

h) Registration Data: is the newsletter subscription data, as well as information for the purposes of participating in meetings and events/seminars, food and dietary preferences (excluding sensitive data), subscriptions, downloads and username/passwords.

i) Device Data: includes your IP address, unique device identifier, cookies and other data linked to a device, and data about the use of our Sites (“Usage Data”).

j) Transaction Data: personal data contained in documents, correspondence or other materials provided by or relating to transactions carried out by our customers.

We process your Data to fulfill our obligations related to the contractual relationship that we may have with you, or because it is in our legitimate interest or that of a third party to use your Data in order to guarantee our provision of services in the best possible way, but also because we process your Data as a result of our legal obligation determined by law.

In some cases, you may provide us with Personal Data about other people (such as your clients, directors, officers, shareholders or beneficiaries). In said cases, you must ensure that you have given such people due notice that you will provide such information to us and, if applicable, that you have obtained their consent to such disclosure.

The above list is not exhaustive and may vary depending on the nature of the personal information handled by a law firm that provides legal services.



We have an Ethics Channel which is part of the compliance mechanisms used to strengthen ethical practices, our culture, our values and our mission. When accessing our Ethics Channel, you will be redirected to a third party platform, which has navigation separately from our Site, to ensure the possibility of anonymization, as well as the proper fulfillment of its purposes.

If you choose to identify yourself, we will collect your name, email and telephone number so that we can provide all the necessary support to your complaint or doubt.


We use, by ourselves or our suppliers, cookies and similar tracking technologies (collectively, “Cookies”) on our Sites.


What are Cookies?

A cookie is a small text file containing a unique identification tag, stored on your browser, device, or on the page you are visiting. Some cookies are deleted right when you end your browsing, while others are retained even after you log out so that you can be recognized when you return to a site.


How do we use Cookies?

We use Cookies and allow some third parties to place Cookies on our Sites in order to make our Site accessible and/or provide our services, gather information about your usage patterns when you browse the site to improve your experience and make it customized, as well as understanding usage patterns to improve our site, products and services.


What categories of cookies do we use?

 (i) Technical and Strictly Necessary Cookies

They are necessary for the functioning of our Site. They include, for example, cookies that allow you to enter secure areas. These cookies are session cookies that are cleared when you close your browser.

(ii) Analytical or Performance Cookies

These Cookies allow us to recognize and count the number of users of our Site and understand how those users navigate through it. This helps to improve the functioning of our Site, for example by ensuring that users can easily find what they are looking for. These are session cookies, which are cleared when you close your browser.

We use Google Analytics and, if you prefer, you can delete or disable it by accessing the link:

It is important to clarify that you can disable Google Analytics tracking of your browsing on our site through your browser settings. For more information, you can access the following link:

 (iii) Functional Cookies

They improve the functional performance of the Site and streamline its use. For example, they are used to remind you that you have already visited the Site and asked to stay connected to them. These Cookies qualify as persistent cookies as they remain on your device so that we can use them during your next visit to our Site. You can delete these cookies through your browser settings.


Our Site has links that can direct you to other sites and applications, such as LinkedIn. In these cases, our Policy will not be applied and, before browsing, it is advisable that you read the terms of use and privacy policies to know the processing of Personal Data carried out by them.

We have no control over the information that is submitted or collected by these third parties.


As mentioned above, we may subcontract Data processing as necessary for the provision of our services, such as, without limitation, document processing and translation services, IT (Information Technology) systems or software providers, IT service support providers, document and information storage providers. All such third parties will process the Data on our behalf and under our direction.

We conduct an appropriate level of due diligence and enforce contractual documentation with respect to any subcontractor to ensure that it handles Data in a manner that is appropriate and consistent with our legal and regulatory obligations.


We are committed to keeping the Data provided to us secure. To this end, we implement appropriate policies, rules and technical measures that we have under our control against unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss.

All our partners, employees, consultants, workers and third parties who process the Data, who have access to and are associated with its processing, are obliged to comply with the confidentiality of such Data.


CMT shall process and store your Data only for the time necessary to fulfill the purposes that motivated its collection. 

Your Data may be stored for various reasons, including, but not limited to, to comply with contractual, legal or regulatory obligations, as well as so that CMT can safeguard its rights.

If you want your Data to no longer be processed, you may, at any time, free of charge, exercise your rights pursuant to items 10 and 11 of this Policy.


CMT may carry out the international transfer of Personal Data, provided that the Data Protection Applicable Laws are complied with.

The international transfer of Data may occur, for example, to store information in a cloud located outside Brazil; to enable partners or collaborators who are located in other countries to perform work, depending on the need and expertise involving the specific case; to provide services to clients who have their headquarters or management power in other countries; etc.


Aiming at the transparency of your rights, CMT makes available your rights provided for in article 18 of the Brazilian General Data Protection Act (LGPD), without prejudice to any others:

  • confirmation of the existence of data processing;
  • access to data;
  • correction of incomplete, inaccurate or outdated data;
  • anonymization, blocking or deletion of unnecessary, excessive or data processed in violation of the LGPD;
  • data portability to another service or product provider, upon express request;
  • deletion of data processed with your consent;
  • revocation of consent previously provided; and
  • information on public and private entities with which the controller shared data.

You may exercise your rights at any time and free of charge through the contact information provided in section 11.



CMT values your privacy and the protection of your Personal Data, as well as the faithful compliance with applicable data protection legislation. Therefore, if you believe that for any reason we are processing your Personal Data in a manner that is incompatible with this Privacy Policy and/or with the applicable data protection legislation, or if you wish to exercise your rights as a data subject, we request that you contact our Personal Data Officer via e-mail:



We are constantly updating and always analyzing the best practices in the market. Therefore, this Privacy Policy may be updated at any time without prior notice. In some cases, we may provide you with notice of any changes. However, we recommend that you revisit this Privacy Policy before browsing our site.


This Privacy Policy shall be interpreted by the legislation of the Federative Republic of Brazil, regardless of conflicts with state, municipal or other country legislation or regulations.

To resolve any doubt or divergence of interests in this Privacy Policy, the Jurisdiction of São Paulo city, state of SP is elected, waiving any other.



+55 (11) 4007-1479


(11) 2872-4760

CMT Lawyers occupies a prominent and leading position in the area of ​​business law, with a growing presence and distinction in the main business centers of the country, recognized by the main national and international publications of law firm rankings, such as Chambers & Partners, Legal 500 and Análise Advocacia and Chambers & Partners as one of the best law firms in the south of the country in business law.


Design sem nome (18)