FGV AND PERSONAL DATA PROTECTION
Fundação Getulio Vargas – FGV engages in contributing for the development of quality teaching and research in Brazil. It has innovative initiatives in various fields of social science acting as an important reference on this topic in this country. Since the Brazilian Law of Personal Data Protection – Law no. 13.709/2018 (acronym “LGPD”) was approved, FGV initiated a project which aims to establish the compliance with this particular law and other legislation regarding this theme. In this sense, FGV commits to spreading the importance of the rights of privacy and personal data protection, thus promoting the public debate for the development of a culture over this matter in Brazil. In this section you can find information about LGPD and the initiatives developed by FGV regarding personal data protection.
Information on the Data Protection Officer (DPO): Jordan Vinícius de Oliveira – Internal Control Division (DCI). In case of doubts, complaints, or suggestions regarding the themes of privacy and personal data protection, contact us via e-mail email@example.com. In these cases, the deadline established for providing an answer, if necessary, shall be up to 30 (thirty) days after receiving the demand, observed the confidentiality that might be applicable. This e-mail address does not replace other FGV’s service channels and it shall be used for the exercise of data subjects only by those who cannot understand Portuguese language properly. For those who are capable of proposing demands in this language, the proper channel can be accessed at “Privacy Central”, available at this page under the title: “Seus Direitos”.
LGPD brought important rights that you (data subject) can request to FGV or any other institution, whether it is public or private, that makes use of your personal data, such as name, registration data, among others.
How to make requests?
ATTENTION: these channels (Personal Data Subjects Web Portal and the e-mail firstname.lastname@example.org) do not replace other FGV’s web portals, applications, or services that you might already use. Their only function is to attend to personal data subjects, as stated by Brazilian Law of Personal Data Protection – Law no. 13.709/2018 (acronym “LGPD”).
Check out our Privacy Central (available only in Portuguese). If your need to submit a request in English, please send a message to the e-mail email@example.com.
Processing done for legitimate, specified and explicit purposes for which the data subjects are informed, with no possibility of subsequent processing that is incompatible with these purposes.
Compatibility of the processing with the purposes informed to the data subject, according to the processing context.
- DATA MINIMIZATION
Limitation of processing to the minimum necessary to achieve its purposes. All personal data must be relevant, proportional and non-excessive in relation to the purposes of the data processing.
- OPEN ACCESS
Data subjects are guaranteed facilitated and free of charge consultation about the form and duration of the processing, as well as about the integrity of their personal data.
- DATA QUALITY
Data subjects are guaranteed that their data is accurate, transparent, relevant and kept up to date, in accordance with the necessity for achieving the purpose of the processing.
Data subjects are guaranteed clear, accurate and easily accessible information about the processing and its agents, subject to commercial and industrial secrets.
Use of technical and administrative measures to protect personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination.
Measures to prevent the occurrence of damages due to processing of personal data.
- LIABILITY AND ACCOUNTABILITY
Processing agents should be able to demonstrate that they are adopting measures taken to comply with data protection legislation. They should also demonstrate the efficacy of these measures.
Impossibility of processing personal data for unlawful or abusive discriminatory purposes.
FREQUENTLY ASKED QUESTIONS
Personal information that can identify or make identifiable a natural person, such as, for example, name, RG, Passport number, address, or any other information concerning a person, such as their location, consumption preferences, and interests. There are also special categories of personal data called sensitive data, defined by the Brazilian Law as those which refers to racial or ethnic origin, religious conviction, political opinion, membership of a labor union or organization of a religious, philosophical, or political nature, referring to health or sex life, genetic or biometric data. Such data, when linked to a natural person, must be processed even more carefully by organizations.
LGPD is the acronym for General Personal Data Protection Law (Law No. 13.709/18). Inspired by GDPR (General Data Protection Regulation), the European Union's general regulation for protection of personal data, LGPD regulates this topic in Brazil, establishing how the processing (collection, storage, sharing, etc.) of personal data should be done, providing more protection to the rights of the data subjects.
LGPD applies to the natural or legal person, of public or private law, who carries out the processing of personal data in their activity. It also applies to the personal data subject (you), in order to protect the fundamental rights of freedom and privacy and the free development of the personality.
According to the definitions of LGPD, FGV can be classified as Controller or Processor of personal data, depending on the activity performed.
When Controller, FGV is responsible for decisions regarding the processing of personal data, such as, for example, the activity of collecting personal data of students for enrollment.
However, depending on the activity, FGV can be classified as a Processor. That is, it shall follow the guidelines and directives provided by one or more Third Party Controller(s). As an example, we can mention the performance of technical advisory projects for a Public Entity, in which the main processing decisions are made by this Entity.
Finally, there are also, according to the "Guia Orientativo para Definições dos Agentes de Tratamento de Dados Pessoais e do Encarregado" of the National Data Protection Authority (acronym “ANPD”), situations in which FGV may act as Joint Controller, where the role of Controller shall fall to both FGV and the Third-Party Institution. As an example, we can mention an academic exchange in which both partner institutions make decisions about the personal data of their respective students jointly.
Cookies are small text files stored by a website server on your computer or other device (cell phones and tablets, for example). When visiting or accessing a certain page, in order to allow the provision of a website, it "memorizes" information related to that navigation, associating and distinguishing you from other users. In this sense, it is possible to say that cookies are electronic identifiers.
FGV has adopted measures to achieve compliance with personal data protection laws. Currently, FGV is updating its Record of Processing Activities (RoPA) of its Units, Schools and Areas in order to make appropriate recommendations.