Corporate governance
Personal Data Protection
FGV is committed to the importance of privacy and the protection of personal data, contributing to the public debate with a view to building a culture on the subject in Brazil
Fundação Getulio Vargas – FGV engages in contributing for the development of quality teaching and research in Brazil. It has innovative initiatives in various fields of social science acting as an important reference on this topic in this country. Since the Brazilian Law of Personal Data Protection – Law no. 13.709/2018 (acronym “LGPD”) was approved, FGV initiated a project which aims to establish the compliance with this particular law and other legislation regarding this theme. In this sense, FGV commits to spreading the importance of the rights of privacy and personal data protection, thus promoting the public debate for the development of a culture over this matter in Brazil. In this section you can find information about LGPD and the initiatives developed by FGV regarding personal data protection.
Your rights
LGPD brought important rights that you (data subject) can request to FGV or any other institution, whether it is public or private, that makes use of your personal data, such as name, registration data, among others.
How to make requests?
Aiming to give support regarding the rights guaranteed by LGPD, the FGV Personal Data Subjects Web Portal was developed to gather requests of those who are able to understand Portuguese language. In relation to data subjects who cannot understand Portuguese, it is possible to make a request concerning your rights as a personal data subject via e-mail dpo@fgv.br. Please, read the Portal’s Terms of Use and Privacy and Data Protection Policy for further details.
ATTENTION: these channels (Personal Data Subjects Web Portal and the e-mail dpo@fgv.br) do not replace other FGV’s web portals, applications, or services that you might already use. Their only function is to attend to personal data subjects, as stated by Brazilian Law of Personal Data Protection – Law no. 13.709/2018 (acronym “LGPD”).
Check out our Privacy Central
(available only in Portuguese). If your need to submit a request in English, please send a message to the e-mail dpo@fgv.br.
Information on the Data Protection Officer (DPO)
Jordan Vinícius de Oliveira – Internal Control Division (DCI). In case of doubts, complaints, or suggestions regarding the themes of privacy and personal data protection, contact us via e-mail dpo@fgv.br. In these cases, the deadline established for providing an answer, if necessary, shall be up to 30 (thirty) days after receiving the demand, observed the confidentiality that might be applicable. This e-mail address does not replace other FGV’s service channels and it shall be used for the exercise of data subjects only by those who cannot understand Portuguese language properly. For those who are capable of proposing demands in this language, the proper channel can be accessed at “Privacy Central”, available at this page under the title: “Seus Direitos”.
Available Documentation
FGV Portals – Privacy Notice
Establishes how FGV processes personal data collected via FGV Portal.
Term of Standard Educational Contracts of FGV Schools
Presents the Privacy and Data Protection Standards for Educational Contracts of FGV Schools.
Data Protection Policy
Includes technical and organizational measures adopted by FGV to guarantee the safeguard of personal data.
Data Protection Guide
Prepared by FGV to support the activities and understanding of the LGPD in the context of Higher Education Institutions. (Only in Portuguese.)
General Principles
The main national data protection laws in the world are guided by General Principles of Data Protection, the backbone of data protection regulation. It is based on these principles that FGV has structured its Compliance Program.
They are listed in the LGPD as follows:
PURPOSE
Processing done for legitimate, specified and explicit purposes for which the data subjects are informed, with no possibility of subsequent processing that is incompatible with these purposes.
ADEQUACY
Compatibility of the processing with the purposes informed to the data subject, according to the processing context.
PREVENTION
Measures to prevent the occurrence of damages due to processing of personal data.
SECURITY
Use of technical and administrative measures to protect personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination.
LIABILITY AND ACCOUNTABILITY
Processing agents should be able to demonstrate that they are adopting measures taken to comply with data protection legislation. They should also demonstrate the efficacy of these measures.
TRANSPARENCY
Data subjects are guaranteed clear, accurate and easily accessible information about the processing and its agents, subject to commercial and industrial secrets.
OPEN ACCESS
Data subjects are guaranteed facilitated and free of charge consultation about the form and duration of the processing, as well as about the integrity of their personal data.
NON-DISCRIMINATION
Impossibility of processing personal data for unlawful or abusive discriminatory purposes.
DATA MINIMIZATION
Limitation of processing to the minimum necessary to achieve its purposes. All personal data must be relevant, proportional and non-excessive in relation to the purposes of the data processing.
DATA QUALITY
Data subjects are guaranteed that their data is accurate, transparent, relevant and kept up to date, in accordance with the necessity for achieving the purpose of the processing.
Frequently asked questions
What is personal data?
Personal information that can identify or make identifiable a natural person, such as, for example, name, RG, Passport number, address, or any other information concerning a person, such as their location, consumption preferences, and interests. There are also special categories of personal data called sensitive data, defined by the Brazilian Law as those which refers to racial or ethnic origin, religious conviction, political opinion, membership of a labor union or organization of a religious, philosophical, or political nature, referring to health or sex life, genetic or biometric data. Such data, when linked to a natural person, must be processed even more carefully by organizations.
What is the GDPR and the LGPD?
LGPD is the acronym for General Personal Data Protection Law (Law No. 13.709/18). Inspired by GDPR (General Data Protection Regulation), the European Union's general regulation for protection of personal data, LGPD regulates this topic in Brazil, establishing how the processing (collection, storage, sharing, etc.) of personal data should be done, providing more protection to the rights of the data subjects.
To whom does LGPD apply?
LGPD applies to the natural or legal person, of public or private law, who carries out the processing of personal data in their activity. It also applies to the personal data subject (you), in order to protect the fundamental rights of freedom and privacy and the free development of the personality.
Does the FGV qualify as a data controller or data processor?
According to the definitions of LGPD, FGV can be classified as Controller or Processor of personal data, depending on the activity performed.
When Controller, FGV is responsible for decisions regarding the processing of personal data, such as, for example, the activity of collecting personal data of students for enrollment.
However, depending on the activity, FGV can be classified as a Processor. That is, it shall follow the guidelines and directives provided by one or more Third Party Controller(s). As an example, we can mention the performance of technical advisory projects for a Public Entity, in which the main processing decisions are made by this Entity.
Finally, there are also, according to the "Guia Orientativo para Definições dos Agentes de Tratamento de Dados Pessoais e do Encarregado" of the National Data Protection Authority (acronym “ANPD”), situations in which FGV may act as Joint Controller, where the role of Controller shall fall to both FGV and the Third-Party Institution. As an example, we can mention an academic exchange in which both partner institutions make decisions about the personal data of their respective students jointly.
What are cookies?
Cookies are small text files stored by a website server on your computer or other device (cell phones and tablets, for example). When visiting or accessing a certain page, in order to allow the provision of a website, it "memorizes" information related to that navigation, associating and distinguishing you from other users. In this sense, it is possible to say that cookies are electronic identifiers.
How has FGV been preparing to comply with data protection regulations?
FGV has adopted measures to achieve compliance with personal data protection laws. Currently, FGV is updating its Record of Processing Activities (RoPA) of its Units, Schools and Areas in order to make appropriate recommendations.