Last updated: June 23, 2022
BY ACCESSING, USING, OR REGISTERING ON THE SEMEIA.ORG.BR WEBSITE AND/OR ON THE RESPECTIVE PLATFORMS AND SOLUTIONS (“Platform”), TAKE PART IN ANY WAY, DIRECTLY AND/OR INDIRECTLY, IN THE ACTIVITIES (Activities) OF INSTITUTO SEMEIA, HEADQUARTERED AT RUA AMAURI 255, 9º ANDAR, JARDIM EUROPA, SÃO PAULO/SP, CEP 01448-000, REGISTERED UNDER TAX ID “CNPJ/MF” #10.621.023/0001-77 (“Institute”), YOU DECLARE TO ACKNOWLEDGE AND FULLY UNDERSTAND THE TERMS OF THIS PRIVACY NOTICE (“Privacy Notice”).
For this Privacy Notice, “Data Data Subject” is any natural person who accesses the Platform and/or is directly or indirectly involved with the Institute. The Institute, depending on the services, is the “Controller” and is responsible for decisions regarding its processing of personal data carried out directly and/or indirectly.
Among other individuals who may be involved with the Institute, the following are considered Data Data Subjects: project beneficiaries, legal representatives of governments, interested third parties, and partners.
If you are using the Platform and/or involved with the Institute on behalf of an entity and/or legal entity, you warrant that you are authorized and have all necessary powers to acknowledge and accept this Privacy Notice on behalf of the respective entity and/or legal entity, as well as that the entity and/or legal entity you represent agrees to indemnify the Institute for any violation of this Privacy Notice caused by you.
If the Platform and/or the Institute’s Activities are in any way used by minors under the age of 18, the processing of the personal data of these minors must be authorized by their legal guardians, who must be aware of it under the terms of this Privacy Notice.
1. PLATFORM AND ACTIVITIES
The Institute’s mission is to transform protected areas into a source of pride for Brazilians. To this end, it supports governments in designing and implementing partnership projects for parks to contribute to these spaces offering of more and better services to society. The Institute also acts as a think-tank in collecting, systematizing, and disseminating relevant and specialized knowledge and coordinating between governments, private partners, and entities of the third sector to promote dialogue, the feasibility of partnerships, and the valorization of Brazilian parks.
The Platform is the Institute’s website, where all information on projects, publications, and myriad contents are disseminated to promote the agenda of conservation units, partnerships, and nature tourism.
2. PERSON IN CHARGE
The Institute indicates the individual below as a “Person in Charge,” who will be responsible for assisting and guiding Data Data Subjects in all matters relating to this Privacy Notice or the processing of personal data carried out by the Institute and who will act as a communication channel between the Data Data Subjects, the Institute, and the National Data Protection Authority.
Person in charge:
Name: Joice Tolentino
Email: [email protected]
3. DATA PROCESSING
To access and use the Platform and/or relate to the Institute, the Data Data Subject will need to provide certain information to the Institute which is essential for the operation of the Platform and/or for the Activities of the Institute. Thus, the following personal data of the Data Subjects will necessarily be collected and processed:
If the Data Subject is one of the interested parties, participants, and/or partners of the Institute in the projects it develops:
- Registration data;
If the Data Subject is a job candidate for vacancies at the Institute:
- Registration data;
- Professional information;
By accessing or using the Platform and/or the Activities, you are aware—as an individual and, whenever applicable, also as a representative of a minor, legal entity, or entity—of the processing of the data listed above and state that, when providing data of third parties, personal or not, on the Platform (directly or by inserting documents containing such data) and/or to the Institute, such availability is in accordance with the terms of current legislation and does not violate the rights of third parties, which means you are responsible for any and all claims or losses arising from the processing of personal data inserted by you in the Platform (directly or by inserting documents containing such data) and/or provided, in any way, to the Institute.
The Institute may also obtain your data when you participate in other Activities of the Institute and/or its affiliates (e.g., events, alumni activities, etc.).
The Institute may also collect the Data Subject’s personal data from a third-party database, which may be public or not. The Institute may combine this data with the current information it holds about the Data Subject or use it independently.
4. PURPOSES AND USE OF DATA
This Privacy Notice lists below the main situations in which—and the purposes for which—the data of the Data Subjects, as well as the data of third parties in any way collected by the Institute, are used:
Activities: The Institute will request personal data for (a) sending information about the Institute and its projects; (b) clarification of questions; (c) registration, and; (d) participation in events.
Use of the Platform: The Institute will use personal data to (a) facilitate the identification of the Data Subject on the Platform; (b) provide the necessary interactivity on the Platform, and; (c) operate and improve the Platform.
Communication: The Institute will use the Data Subjects’ personal data to contact the Data Subject and send notices, text messages, and/or notifications. The Institute may send the Data Subjects communications about the availability of the Platform, solutions made available by the Institute, the security of the Platform, or other issues in any way related to the Platform, the Activities, and/or the company, such as messages about how to use such activities and solutions or information about updates that may be available.
Advertising: The Institute may use personal data to (a) send marketing emails, including newsletters, related to the Platform, the Activities, or the company and/or organizations of the same economic group as the Institute; (b) display and/or send ads that are compatible with the Data Subject’s profile, and such ads may refer to the Platform, the company, and/or third parties. If the Data Subject is no longer interested in receiving ads and/or emails, the Data Subject must contact the Person in Charge, informing that they no longer wish to receive communications of an advertising nature.
Activities of the Data Subjects on the Platform: The Institute records the access and uses data of the Platform when the Data Subjects in any way access or use the Platform. The Platform uses access information, cookies, device information, and Internet Protocol (IP) addresses to identify Data Subject or record their use of, or activity on, the Platform.
Storage and Backup: The Institute makes backup copies of information relating to the Platform, Activities, and the Institute, which may include personal data.
5. COOKIES AND SIMILAR TECHNOLOGIES
The Platform may use cookies or other technologies to help customize the Data Subjects’ experience. Cookies are small text files stored in your computer’s memory. A cookie contains information that can later be read by a server located in the domain that issued it. The information that cookies collect includes, for example, the date and time of the Data Subject’s visit, the Data Subject’s browsing history, etc.
Cookies bring several benefits, as they allow the identification of Data Subjects when they return to the Platform, allowing them to be directed to personalized content and/or similar activities. Cookies also save time by making it unnecessary to enter the same information repeatedly.
6. DURATION OF DATA PROCESSING
The Institute will process personal data for as long as the purposes indicated in this Privacy Notice last and/or there is a need to keep them, such as concerning the legal terms of custody, including those described in Law 12965/14 (Brazilian Internet Act) and Decree 8771/16, or to comply with applicable legal or regulatory obligations.
Once the purpose or legal necessity is exhausted, the data will be deleted through secure disposal methods or anonymized for purely statistical purposes.
7. RESPONSIBILITIES AND STATEMENTS OF THE Data Subject
The Data Subject states and acknowledges that, by making data, including personal data of third parties, available on the Platform and/or to the Institute (directly or through the insertion or availability of documents containing such data), they:
- previously informed the respective third parties and took all necessary measures so that the third parties were aware of the processing of their personal data by the Institute;
- in the case of the insertion of personal data of minors, previously informed and obtained the consent of legal guardians concerning the processing of such data by the Institute;
- in the case of entering sensitive personal data (racial or ethnic origin, religious belief, political opinion, union membership, or organization of a religious, philosophical, or political nature, data referring to health or sex life, genetic or biometric data, when linked to a natural person, etc.), previously informed and obtained the consent of the Data Subject of such data regarding the processing of said data by the Institute;
- the information made available to the Platform, including any personal data, is complete, true, and up-to-date and does not violate third-party rights or applicable legal regulations.
If the above statements are not entirely correct and/or the obligations assumed herein are not adequately complied with, the Data Subject is exclusively and fully responsible for any losses caused to the Institute or any third parties.
The Data Subject is responsible for the activities they perform on the Platform or for the information, including personal data, that they insert on the Platform (directly or through the insertion of documents containing such data) and/or make available to the Institute.
If the Institute is sued, at any time, due to facts or acts whose responsibility is attributed to the Data Subject under the terms of this Privacy Notice, the Data Subject, as well as the minor, the entity or company that they represent, will be jointly and severally liable and must: (a) voluntarily intervene in the lawsuit, claiming the immediate exclusion of the Institute from the dispute, (b) assume the full and exclusive responsibility for the payment and/or for the measures requested, and (c) fully reimburse the Institute for the costs and expenses incurred as a result of the claim. If such exclusion does not occur, the Data Subject, the minor, and/or the entity or company that the Data Subject represents will be responsible for the payment and full compliance with the decision or, if applicable, must immediately reimburse the Institute.
8. DATA SHARING
This Privacy Notice indicates below the situations in which the personal data of the Data Subjects, as well as the personal data of third parties in any way entered on the Platform by the Data Subjects, will be shared by the Institute:
Group Organizations: The Institute may share information, including personal data of Data Subjects and third parties, with affiliates and organizations of the same group whenever such sharing is important for the operation of the Platform, the provision of the Activities, the fulfillment of legal or regulatory obligations and/or is in the interest of the Data Subject.
Corporate operations: As a result of any corporate restructuring operations, mergers, acquisitions, incorporations, and the like, the Institute may share or even transfer information, including personal data of Data Subjects and third parties, individuals, or legal entities in any way involved in the operation.
Third parties: The Institute may share third-party information, including the personal data of the Data Subjects, with public agencies to exercise its functions and Activities, such as courts of law, the internal revenue service, etc.
Partners and service providers: The Institute may share information, including personal data of Data Subjects and third parties, with companies, organizations, or individuals that provide services on behalf of the Institute to, for example, implement security measures, make software and/or repositories available that are necessary for the Activities of the Institute, etc. These companies will be allowed to obtain only the information necessary to provide the service properly and will be required to maintain the confidentiality of the information.
Fraud prevention and security: The Institute may disclose or share information, including personal data of the Data Subjects and third parties, if it believes, in good faith, that access, use, conservation, or disclosure of the information is reasonably necessary to (a) detect or prevent fraud, as well as solve technical or security issues, and; (b) ensure the security of the Platform, the Institute, the Data Subjects, and third parties. In this case, the data and information may be shared with third parties responsible for the investigation, including judicial bodies, authorities, and technology or information security companies.
Judicial claims and investigations: The Institute may disclose or share information, including personal data of Data Subjects and third parties, with public authorities and/or agencies, regulatory agencies, legal authorities (e.g., regional police stations), municipalities, consumer protection agencies, government and judicial agencies, and/or lawyers in the following cases: (a) to comply with a court decision or government request; (b) to safeguard rights and prevent liabilities against the Institute; (c) to investigate, prevent or take action related to illegal, suspected or actual activities, or to cooperate with public agencies, and; (d) to investigate possible violations of the rights of the Institute and/or third parties.
Compliance with legal or regulatory obligations: The Institute may disclose or share information, including personal data of Data Subjects and third parties, to comply with legal, regulatory, or any other determination before government and judicial bodies, including, but not limited to, government ministries and/or departments, federal agencies, regulatory agencies, and/or legal authorities (e.g., the internal revenue service), consumer protection agencies, judicial bodies, and others.
9. PROCESSING AGENTS
Any company, public or private entity, authority, body, agency, and/or person that has access to the personal data of the Data Subjects and/or third parties, according to the situations provided for in the “Data Sharing” chapter, will assume the position of processing agent and will be obliged, under the terms of the applicable legislation and/or the contracts signed with the Institute, to adopt the best security and governance practices concerning the protection and processing of personal data that they have access to.
10. INFORMATION SECURITY
Information security is very important to the Institute. The Institute follows industry security standards to help protect information entered into the Platform or otherwise obtained by the Institute. However, there is no electronic storage method that is completely secure. THEREFORE, ALTHOUGH WE STRIVE TO PROTECT THE INFORMATION PROCESSED BY THE INSTITUTE, WHICH INCLUDES PERSONAL DATA, WE CANNOT GUARANTEE ABSOLUTE SECURITY.
The Institute will store the Data Subjects and third parties personal data in a secure environment, committing to adopt reasonable administrative and technical preventive measures to avoid losses, abuses, alterations, or unauthorized data access.
11. LINKS
The Data Subject agrees not to hold the Institute liable for losses, damages, or other problems of any kind that may arise from the use of websites that contain links to the Platform or whose links are available on the Platform, as well as is aware that such websites may not adopt appropriate practices regarding the processing of personal data and privacy of the Data Subjects.
12. CONTROL OF YOUR DATA
The Institute will provide means for Data Subjects to access, correct, delete or modify the data they have entered on the Platform and/or made available to the Institute to request the correction, deletion, or modification of their personal data. The options for the Data Data Subjects are listed below:
Confirmation of the existence of processing: Data Data Subjects may request confirmation regarding the existence of processing of their personal data.
Right to access your data: Data Data Subjects may request a copy of the data processed, which will be made available in a readable and electronic format.
Alteration or correction of data: Data Subjects may request updates, alterations, or corrections of their data in some instances, especially if the data is incorrect or outdated.
Deletion, blocking, and/or anonymization of data: Data Subjects may request the deletion of their data from the Platform and the Institute’s repositories without the need to present any justification and may request the deletion, blocking, and/or anonymization of said personal data.
Portability: Data Subjects may request the portability of their data to another service or product provider.
Information on data sharing: Data Subjects may request information about the public and/or private entities with which the Institute has shared their personal data.
Information about consent: Data Subjects may request information about the possibility of not providing consent in specific situations and about the consequences of not providing consent.
Revocation of consent: For cases where the Data Subjects have granted consent to the company for the processing of their personal data, Data Subjects may, at any time, revoke said consent.
Channels to exercise their rights: To exercise the rights listed above, Data Subjects must address their request to the Person in Charge. Said request shall include: (a) the qualification of the Data Subject (full name and email); (b) specification of the measure that the Data Subject intends to have taken concerning their personal data, and (c) if applicable, the specification of the data that is the subject of the request. Within 15 days, if the law does not establish a different period, the Person in Charge will respond to the request of the Data Subject: (a) communicating the fulfillment of the request; (b) providing justification if it is not possible to comply with the request, or (c) estimating a new deadline for complying with the request and the justification for the extension of the deadline.
There are situations in which the Institute will need to keep or will not be able to change personal data and, for this reason, will not be able to fully comply with the requests made, even if observing the rules above (for example, when keeping personal data is necessary to comply with legal obligations or to comply with a court order).
Data Subjects must immediately inform the Institute, through the Person in Charge, when the Institute’s cooperation is necessary to change, update, complement, correct, or delete personal data made available on the Platform and/or to the Institute. Data Subjects must provide all relevant information so the Institute can take the necessary measures within a reasonable time.
13. CLAIM OF RIGHTS
If a Data Subject believes that the Platform and/or the Institute violates their rights and/or privacy, including concerning the processing of personal data, they may communicate with the Institute through the Person in Charge.
Nothing in this Privacy Notice is intended to exclude or limit any condition, warranty, right, or liability that cannot be legally excluded or limited. Some jurisdictions do not allow the exclusion of certain warranties or conditions or the limitation or exclusion of civil liability. Accordingly, only those limitations permitted by law in your jurisdiction will apply to you.
14. CROSS-BORDER DATA TRANSFER
THE INSTITUTE PROCESSES DATA, INCLUDING PERSONAL DATA, WITHIN BRAZIL AND OTHER COUNTRIES. IT IS POSSIBLE THAT SOME OF THE COUNTRIES IN QUESTION HAVE LESS PROTECTIVE LAWS REGARDING PRIVACY AND/OR PERSONAL DATA OR EVEN HAVE SPECIFIC REGULATIONS ON THE SUBJECT.
YOU ACKNOWLEDGE AND AGREE THAT YOUR PERSONAL DATA AND THE PERSONAL DATA OF THIRD PARTIES ENTERED BY YOU ON THE PLATFORM OR MADE AVAILABLE TO THE COMPANY MAY TRANSIT THROUGH OR BE PROCESSED IN OTHER COUNTRIES.
15. AMENDMENTS, TERM, AND VALIDITY OF CLAUSES
Any waiver or amendment of the provisions of this Privacy Notice will only take effect if submitted in writing and signed by the Institute’s legal representatives. If any provision of the Privacy Notice is annulled or deemed unenforceable, the remaining provisions, whenever possible, will remain valid and in force.
The Institute reserves the right to change the Privacy Notice and any policy or document at any time and at its sole discretion.
The changes will come into force at the time of their publication on the Platform. Using the Platform, Services, or maintaining a relationship with the Institute after publication will constitute awareness of any changes to the Privacy Notice. Accordingly, we advise Data Subjects to re-read the Privacy Notice frequently.
If there is a divergence between the content of this Privacy Notice and that contained in another document signed between the Data Subject and the Institute, the content of the other document(s) signed by the Data Subject shall always prevail.
16. LEGISLATION, DISPUTES, AND CONTROVERSIES
Any dispute related to this Privacy Notice must be submitted to the District Court of São Paulo, State of São Paulo, Brazil, which will prevail over any other, however privileged it may be or may become, and will be judged exclusively under the laws of the Federative Republic of Brazil.
17. QUESTIONS AND EXPLANATIONS
Questions, requests, complaints, and comments about the Platform or the Privacy Notice may be addressed to the Person in Charge.
