INESC P&D Brazil is an NGO Scientific and Technological Institution (STI), constituted on June 18, 2012, enrolled with the National Directory of Legal Entities (CNPJ) under number 16.507.211/0001-55, as a non-profit private association, which has as purpose to, working together with public Brazilian universities and INESC TEC in Portugal, to coordinate a cooperation network in research, development, and technology transfer in Brazil.
INESC P&D BRASIL possesses a science-based innovative model, covering different conceptual levels, since the generation up to the valuation of knowledge, providing for the integration of Brazilian universities in multidisciplinary projects.
Therefore, that is why the way how we deal with your personal data is so important.
We want to keep our transparency and trust-based relationship with you in the digital media as well.
We only deal with the personal data while it is necessary and adequate for the purposes in which the collection is based, always complying with the legal bases of said dealing.
When using our site, you understand that we shall collect and use your personal information as described herein, pursuant to the Data Protection norms (DP norms) (in Brazil: LGPD, Federal Law no. 13.709/2018), of the consumerists’ provisions of Federal Law no. 8078/1990, as well as the other norms of the applicable Brazilian legal system.
Thus, we are able to maintain the data for complying with a legal or regulatory obligation, regular exercise of Law, legitimate interest or with your consent.
Personal data: Information related to the natural identified or identifiable person.
Sensitive personal data: Personal data related to: racial or ethnical origin, religious conviction, political opinion, filiation to a Labor Union or religious, philosophic or political organization, data referring to your health or your sexual life, genetic or biometrical data, when linked to a natural person.
Purpose: what we want to achieve with the dealing of personal data.
Need: the treatment of personal data must be limited to the minimum necessary for the aimed purpose. That is, it must be pertinent, proportionate and not excessive.
Database: Structured set of data, established in one or several locations, whether in electronic form or hard copy.
Holder: Natural person to whom the personal data is the object of treatment.
Treatment: The entire operation conducted with personal data, such as those that refer to the collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, assessment or control of the information, modification, communication, transfer, diffusion, or extraction.
Controller: natural person or legal entity, whether public or private, who have the authority to make decisions referring to the personal data treatment.
Operator: natural person or legal entity, whether private or of public law that conducts the personal data treatment on behalf of the controller.
Person in charge of the data (DPO): person indicated by the controller and operator in order to function as the communication channel (liaison) amongst the controller, the holders of the data and the Data Protection National Authority (DPNA).
Consent: Free expression, informed and unequivocal through which the holder agrees with the dealing of their data for a determined purpose.
Elimination: Exclusion of any data or set of pieces of data stored in a database, regardless of the procedure employed.
Data International Transfer: Exclusion of data or set of pieces of data stored in a database, regardless of the procedure employed.
Data Shared Use: Communication, diffusion, international transfer, interconnection of personal data or treatment shared of personal databases of personal data by public agencies or bodies in the fulfillment of their legal competences, or amongst these and private entities, on a reciprocal fashion, with a specific authorization for one or more modes of treatment, as allowed by these public entities or amongst private ones.
We are located at Rua José Cabalero nª 15, Gonzaga, Santos/SP, CEP.: 11055-300.
You can contact us by using one or more of the following channels: e-mail firstname.lastname@example.org, telephone number +55 13 3208-0090, telephone extension no. 21, our website www.inescbrasil.org.br, as well as social media (Facebook, Instagram e LinkedIn).
1. Which pieces of data we collect about you, and what is its purpose?
- Those directly provided by you:
Name, e-mail, telephone number, which us directly provides with via contact form;
Name, e-mail and résumé, which us directly provides with via application;
We make use of said data in order to reply to messages or to analyze your application to the sponsorship programs.
If you do not want to receive our communications any longer, you just need to inform us about that in an e-mail: email@example.com (responsible for the personal data treatment)
- Those pieces of data provided indirectly:
Through cookies and plug-ins of third-parties sent to your browser, by WordPress, for our content managing system.
Some [pieces of data] are strictly necessary for the website operation; other pieces of data, we use them in order to obtain analyses of the browsing with the purpose of continuously improving its contents.
It is not possible for us to identify the user/holder of the personal data from the cookies.
In order to be in compliance with the legal obligation of the Civil Mark of the Internet (art. 15), we collect date, time and the IP of those who access the website.
- Data of children and adolescents:
Our content is not aimed at children and adolescents; therefore, we do not conduct an intentional assessment or collection of their personal data.
It is from your consent that we deal with your personal data. The consent is the free expression, informed and unequivocal through which you authorize INESC P&D Brazil to deal with your data.
Therefore, in compliance with the Data Protection General Law, your data shall only be collected, dealt with and store upon your previous and express consent.
Said consent from you shall be obtained in a specific fashion for of the abovementioned purposes, thus evidencing the commitment of transparency and good faith with our users, complying with the pertinent legislative regulations.
When using, when filling the forms in this website, and you provide us with your personal data, you are aware and consenting with the provisions contained herein, in addition to knowing your rights and how to exercise them.
At any time and at no cost at all, you might revoke your consent.
It is important to point out that said revocation of the consent for the treatment of data might imply the impossibility of the proper performance of any functionality of the website, which depended on said operation. These consequences shall be previously informed.
3. With whom might your pieces of data be shared?
We do not trade your data to third parties.
We only share your data with third parties with the purpose of meeting the purposes already abovementioned expressed, such as response from third parties, or submissions of applications, which is conducted via an outsourced platform of the ODDO software by the TRUSTCODE company, as well as the hosting of our website and server at the PTIsp company.
As data operator, these companies might only treat the pieces of data in accordance with the purposes set forth herein.
- Due to a legal obligation:
When and if we are obligated to comply with some legislation, regulation, judicial or administrative order or applicable governmental request, we might share your personal data [with them].
If there is any violation of copyrights, fundamental rights, rights to honor and image, we might share your personal data so as to contribute with the investigative process.
Furthermore, we can share your personal data in case of fraud, security failures or technical problems.
At last, with the higher purpose of protecting the interests of our users, we can share your data, when and if by law requested.
3.1. International transfer of data
Some of the third parties with whom/which we share your data might be located or possess facilities abroad. Under these conditions, anyway, your personal data are subject to the Data Protection General Law and the other Brazilian data protect legislation.
In this sense, INESC P&D Brazil undertakes to always adopt efficient cybernetic safety standards and data protection, making its best efforts so as to guarantee and comply with the legislative demands.
4. Rights of the holders
You, as the bearer of your personal data (whether they are your name, e-mail, IP, geolocation, amongst others). The Civil Mark of the Internet also assures that you shall have clear information regarding the collection, use, storage and personal data protection on the internet (art. 7, VIII). The Data Protection Generation Law (DPGL) extends said rights (article 18).
The DPGL ensures that the holder of the personal data has, at any time, and upon request:
- Obtention of confirmation that we deal with your personal data;
- Accessing your personal data;
- Correcting possible incomplete data, which might not be updated or that might be inexact;
- Requesting the elimination of all of the unnecessary or excessive pieces of data, or that you understand that they are being the object of illegal treatment;
- Obtaining information on third parties with whom we share your data, data portability, consent revocation.
If you wish to exercise any of the abovementioned rights, please contact us via: firstname.lastname@example.org, and we shall be ready to meet your request, within a maximum term of 15 days.
We do not perform the automated treatment of personal data.
For this, we may request some additional pieces of information, which shall be exclusively used for the purposes of verifying your ID, and which shall be stored for up to 03 years, for the case of us having to evidence that said rights have been really exercised by you.
5. How and for how long shall your data be stored?
Your personal data collected by INESC P&D Brazil shall be used and stored during the period of time necessary for rendering the service or until the purposes listed herein are met, considering the rights of the holders of the data and their controllers.
In general, your pieces of data shall be maintained while the contractual relationship between you and INESC P&D Brazil lasts. After the end of the storage period of the personal data, they shall be excluded from our databases, or rendered anonymous, except for the hypotheses legally set forth in article 16 of the Data Protection Law, to wit:
I – compliance with any legal or regulatory obligation by the controller:
II – study conducted by a research agency, ensuring, whenever possible, the anonymization of the personal data;
III – transfer to third parties, provided that in respect with the data treatment requirements as set forth in this Law; or
IV – exclusive user of the controller, being prohibited its use by a third party, with the data rendered anonymous.
That is, personal about you that are indispensable for the compliance with legal, judicial or administrative determinations, and/or for the exercise of the right of defense in legal and administrative procedures shall be maintained, despite the exclusion of the other pieces of data.
The storage of data collected by INESC P&D Brazil reflects our commitment with both the safety and the privacy of your data. We employ protection measures and technical solutions capable of ensuring the confidentiality, integrity, and inviolability of your data. Besides, we also rely upon proper safety measures to the risks and with access control to the stored information.
6. What do we do to render your data safe?
So as to keep your personal information safe, we make use of physical electronic and managerial-oriented tools in order to protect your privacy.
We apply these tools by taking into account the nature of the personal data collected, the context and purpose of the treatment of said data, as well as the risks that possible violation would generate for the rights and liberties of the holder of the collected and treated data.
Amongst the measures that we adopt, we point out the following:
- Only authorized peoples have access to your personal data;
- The access to your personal data is only made after the confidentiality commitment.
- Your personal data is stored in a safe and idoneous environment.
INESC P&D Brazil undertakes to adopt the best postures in order to avoid safety incidents. However, it is necessary to point out that no virtual page is entirely safe and risk-free. It is possible that, despite all of our safety protocols, problems that guilty of which is exclusively of third parties, such as cyber-attacks from hackers, or also due to the negligence or imprudence of the users themselves.
In case of safety incidents that might generate risk or damage that is relevant to your or any of our users, we shall inform those affected by it, as well as the National Authority of Data Protection on what had happened, consonant with the provisions contained in the Data Protection General Law.
INESC P&D Brazil foresees the responsibility of the agents that act on the process of data treatment, in conformity with articles 42 through 45 of the Data Protection General Law.
In addition to this, we also undertake the commitment of looking for technical and organizational conditions safely adapted for the protection of the entire process of data treatment.
In case the National Authority of Data Protection demands the adoption of remedial measures in relation to the data treatment conducted by INESC P&D Brazil, we undertake to be compliant with them.
As mentioned in Topic 6, although we do employ high safety standards with the purpose of avoiding accidents, there is no virtual page entirely risk-free. In this sense, INESC P&D Brazil is not responsible for:
I – Any consequences arising out of negligence, imprudence, or lack of skills on the part of the users regarding their individual pieces of data. We ensure, as well we take responsibility only for the safety of the safety of the data treatment processes, as well as the compliance with the purposes described herein.
We point out that the user is responsible for the access data confidentiality.
II – Malicious actions by third parties, such as the attacks of hackers, except if proved to be guilty or deliberated on the part of INESC P&D Brazil.
In cases of safety incidents that might generate relevant risks or damages, whether to you or any one of our users, we shall provide communications on that who have been affected by it, as well as the National Authority for Data Protection on what occurred, and we shall conduct the necessary remedial measures.
III – Lack of veracity of the information entered by the users in the registrations necessary for the use of the services rendered available by both the portal and the website of INESC P&D Brazil; the user shall be entirely responsible for any consequences arising out of false information or information entered in bad-faith.
9. Person in Charge of Data Protection (Data Protection Officer – DPO)