Use of customer and employee images: understand how to do it correctly
Posted: Thu Jan 30, 2025 8:45 am
The General Data Protection Law (LGPD), by establishing guidelines on the collection, storage, processing and sharing of information from individuals, thus regulates the treatment of the image of the holders, as personal data.
As is the case with many companies, it is inherent to their operations that images are collected for the execution of services, for internal purposes – such as in internal marketing and campaigns, as well as for advertising and external marketing purposes.
When it comes to using images of internal company members, the legislation establishes that explicit consent must be obtained from employees before capturing and using their personal images, unless there is a specific legal basis for such collection, such as compliance with a legal obligation or the execution of a contract. In addition, employees must be informed about how their images will be used, who will have access to them and for how long they will be stored. Furthermore, documents such as Employment Contracts and Internal Privacy Policies must also include information about the use of this data and its respective purposes.
It is important to emphasize that failure to provide consent by twitter data the employee will not give rise to any type of labor charge, and any type of obligation or sanction is prohibited for those who choose not to grant authorization for the use of their image. This information must be explicit at the time of collecting consent.
In addition to collection, the company must ensure the security of employee image data, protecting it from unauthorized access, misuse or unauthorized disclosure. It should also be noted that the rights of employees as data subjects include the right to access their own images and the right to request the deletion of images or the right to transfer them to another data controller, as applicable.
With regard to external parties, such as customers, suppliers and business partners, the company may also collect their image, but consent must be granted, they must be fully informed about the purposes of use and all other requirements must be met. Since these are external parties, the purposes must be described in the External Privacy Policy, published on the institutional website.
It is important to ensure that the collection and use of images are in accordance with the specific purpose for which they were obtained. The company must be transparent about these purposes and ensure that there is no misuse of the images collected without prior authorization and communication from the data subject. As in the case of internal members of the company, the rights of external individuals as data subjects must also be ensured and follow the same precepts.
In short, it is essential that companies are aware of their responsibilities when collecting and processing personal images, that they adopt practices that comply with the legislation, and that they evaluate all scenarios (internal and external) in which the images are used, aiming to ensure the correct collection of the holder's consent whenever necessary, since failure to comply with these obligations, in addition to harming the rights of the holders, may result in administrative and legal sanctions, also generating reputational damage to the company.
As is the case with many companies, it is inherent to their operations that images are collected for the execution of services, for internal purposes – such as in internal marketing and campaigns, as well as for advertising and external marketing purposes.
When it comes to using images of internal company members, the legislation establishes that explicit consent must be obtained from employees before capturing and using their personal images, unless there is a specific legal basis for such collection, such as compliance with a legal obligation or the execution of a contract. In addition, employees must be informed about how their images will be used, who will have access to them and for how long they will be stored. Furthermore, documents such as Employment Contracts and Internal Privacy Policies must also include information about the use of this data and its respective purposes.
It is important to emphasize that failure to provide consent by twitter data the employee will not give rise to any type of labor charge, and any type of obligation or sanction is prohibited for those who choose not to grant authorization for the use of their image. This information must be explicit at the time of collecting consent.
In addition to collection, the company must ensure the security of employee image data, protecting it from unauthorized access, misuse or unauthorized disclosure. It should also be noted that the rights of employees as data subjects include the right to access their own images and the right to request the deletion of images or the right to transfer them to another data controller, as applicable.
With regard to external parties, such as customers, suppliers and business partners, the company may also collect their image, but consent must be granted, they must be fully informed about the purposes of use and all other requirements must be met. Since these are external parties, the purposes must be described in the External Privacy Policy, published on the institutional website.
It is important to ensure that the collection and use of images are in accordance with the specific purpose for which they were obtained. The company must be transparent about these purposes and ensure that there is no misuse of the images collected without prior authorization and communication from the data subject. As in the case of internal members of the company, the rights of external individuals as data subjects must also be ensured and follow the same precepts.
In short, it is essential that companies are aware of their responsibilities when collecting and processing personal images, that they adopt practices that comply with the legislation, and that they evaluate all scenarios (internal and external) in which the images are used, aiming to ensure the correct collection of the holder's consent whenever necessary, since failure to comply with these obligations, in addition to harming the rights of the holders, may result in administrative and legal sanctions, also generating reputational damage to the company.