close ×

content filtering:

area

research areas

categories (subjects)

advanced search

Institute for Technology and Society Privacy Policy

published in

5 de August de 2019

categories

    {{ its_tabs[single_menu_active] }}

    theme

    Last updated: 11/16/2021

    Welcome to the Institute for Technology and Society!

    1. INTRODUCTION

    The Institute for Technology and Society of Rio de Janeiro (hereinafter referred to as “ITS Rio,” “ITS,” or “we”) is a non-profit research organization dedicated to studying the impact and future of technology in Brazil and globally. Our mission is to promote the creative and responsible use of technology in the digital age.

     

    To achieve this, ITS carries out various initiatives and projects that may involve processing personal data, including research activities, course offerings, study programs, and developing educational materials, among others.

     

    This Privacy Policy (hereinafter referred to as “Privacy Policy,” “Policy”) outlines how ITS – Instituto de Tecnologia e Sociedade, a non-profit civil association headquartered at Rua da Assembleia, 10, sala 4011, Rio de Janeiro, RJ, registered under CNPJ number 18.242.632/0001-27, handles personal data concerning the services, initiatives, projects, courses, events, partnerships, publications, announcements, interviews, selection processes, and other activities we provide (collectively referred to as “Services”).

     

    From time to time, ITS may introduce new Services or additional features. Should these changes affect how we handle your personal data, we will provide you with updated information. Unless stated otherwise, any new Services or features introduced will be governed by this Policy. This Policy applies to all ITS brands, products, projects, and services unless they are covered by separate privacy policies.

     

    ITS values your privacy and understands the importance of ensuring that you feel confident in how your personal data is used. For this reason, this Privacy Policy is designed to ensure transparency in the data processing operations conducted by ITS Rio, publicly affirming our commitment to safeguarding your privacy and personal information.

     

    We encourage you to read this document carefully. If you have any questions, requests, concerns, or suggestions regarding this Policy, the handling of your personal data, or your rights as a data subject,

     

    please contact our manager, Celina Bottino, at privacidade@itsrio.org. You may also send correspondence to the following address: Rua da Assembleia 10, Centro, CEP: 20011-901, Rio de Janeiro, RJ, Brasil.

    We will respond to your inquiries as promptly as possible. 

    2. DEFINITIONS

    The terms outlined in this Policy are defined as follows: 

    • Services”: Refers to all services, initiatives, projects, courses, events, partnerships, publications, announcements, interviews, and selection processes carried out by ITS.

     

    • Student”: Refers to individuals participating in courses and other educational activities organized by ITS.

     

    • Personal data”: Refers to any information that identifies or enables the identification of an individual. Data that has been anonymized is not considered personal data.

     

    • Anonymized data”: Refers to data that, using reasonable technical means available at the time of processing, cannot be linked to an identifiable individual.

     

    • Sensitive personal data”: Refers to personal data related to racial or ethnic origin, religious beliefs, political opinions, trade union membership, or affiliation with religious, philosophical, or political organizations, as well as health, sexual orientation, genetic, or biometric data when linked to a natural person.

     

    • Processing”: Refers to any action involving personal data, including but not limited to collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation, modification, communication, transfer, dissemination, or extraction.

     

    • Data subject”: Refers to the individual to whom the personal data being processed pertains.

     

    • Data Protection Officer”: Refers to the individual appointed by the controller and operator to serve as the communication liaison between the controller, data subjects, and the National Data Protection Authority (ANPD). 

    3. PERSONAL DATA

    • ITS collects the personal data mentioned below so that it can perform its functions and better offer its Services. All personal data collected is related to the purposes described in Section 4.

     

    • Personal data of students enrolled in courses and projects organized or offered by ITS: name, e-mail, education and occupation. Depending on the course, we may also collect gender and age data for statistical purposes, as well as date of birth, candidate’s CV, previous relationship with ITS, social network profile, CPF and educational institution, as required by the nature of the course and/or ITS partners with whom the courses are held.

     

    • Personal data of guests invited to participate in ITS initiatives, such as “Varanda talks” and other public events, such as name, ID, CPF number and image.

     

    • Personal data of subscribers to ITS Services, including newsletters and commercial communications: name, e-mail address and professional/educational institution of the holder. 

     

    • ITS website visitor data: information about your connection, such as IP address and data about the device used to access the ITS website. In the case of holders who have previously subscribed to ITS Services, ITS stores their browsing history, together with information about their interest in the Services.

     

    • Data on candidates for jobs or internships at ITS: name, age, e-mail address, telephone number, social media platforms (Facebook and LinkedIn), responses to the selection process and other personal data contained in the candidate’s CV.

     

    • Personal data of applicants and students (and financial guardians) of the UERJ-ITS Graduate and Extension Courses in Digital Law: Data such as civil registration name, social name, e-mail address, date of birth, ID, CPF, or OAB registration numbers, graduation diploma, graduation transcript, address, proof of residence, nationality, marital status, profession and passport are collected, as well as the holder’s image (in photographs and by means of video capture), their history of participation in the course, communications sent by the student, public information on their social network profile and previous courses, organized by ITS, that they have participated in. If the student’s financial guardian is a third party, their civil registration name, social name, address, ID and CPF numbers, e-mail address, telephone number and cell phone number are also collected.

     

    • Personal data of students and applicants to the UERJ-ITS Digital Law Graduate and Extension Courses who apply for places reserved for social, ethnic-racial and other quotas: in the context of the student’s participation in the selection process to fill places reserved for quotas (social, ethnic-racial and other), the following data may be processed: information on the ownership of the applicant’s home and income, as well as information on the income of their family members, as well as the name, age, education, relationship to the applicant, type of tax return (if exempt or taxpayer), occupation and financial statements of their family members. Sensitive data relating to (a) race, color or ethnicity of the holder and (b) disabilities declared by the holder may also be processed. According to Article 2 of Law No. 13.146/15, which establishes the Brazilian Law for the Inclusion of People with Disabilities, a person with a disability is one who has a long-term physical, mental, intellectual or sensory impairment, which, in interaction with one or more barriers, may obstruct their full and effective participation in society on equal terms with other people.

     

    Personal data of users of applications, programs, tools or digital services made available and/or developed by ITS: depending on the service, data such as name, e-mail, connection data, and data from the device used to access the service may be collected.

     

    • ITS may also collect other personal data that is specific to the provision of a specific or occasional Service that may be offered to the extent necessary for the Service and in accordance with applicable legislation. 

    4. METHODS OF PERSONAL DATA COLLECTION

    ITS collects your personal data in the following ways:

    • When you visit the ITS website: personal data may be collected by our systems and/or using cookies. If you have had past interactions with ITS, such as signing up for a project, your browsing information on the ITS website may be combined with other personal data held by ITS about you. 

     

    • When using applications, programs, tools or digital services provided or operated by ITS: data subjects may provide personal data during the regular use of applications, programs, tools or digital services offered or operated by ITS, or when contacting ITS through its pages on social media platforms.

     

    • When information is collected for the provision of the Services: data subjects may provide personal data when signing service contracts with ITS (for example, in the case of courses offered and/or organized by ITS) or by registering for events, fellowships, workshops, applications, tools and other projects, or by filling in forms to access research reports or other materials made available by ITS.

     

    • When students register and enroll in the UERJ-ITS Digital Law Graduate and Extension Courses under the quota program: data is provided by filling in the registration form, the Educational Services Contract, the Socioeconomic Information Form (in the case of those enrolled in the quota program), as well as sending copies of the necessary documents.

     

    • When courses, classes and events are taught by the ITS: the image captured on video can be collected if the holder participates in distance education classes, as well as communications sent by the student within the virtual learning environment.

     

    • When you apply for job vacancies at ITS: candidates participating in the selection processes for job vacancies, including internships at ITS, provide us with information by filling in application forms and sending in their CVs. 

     

    • Data provided by third parties: ITS may receive data from partner institutions (e.g., companies, public bodies, third sector entities, among others) with which it organizes courses, events or other projects to check attendance, issue certificates of participation and other activities necessary for the execution of such projects.

    5. PURPOSES OF PROCESSING PERSONAL DATA

    The personal data collected by ITS may be used for the following purposes:

    Offering ITS Services 

    • Enabling and providing courses, training sessions, workshops, in-company courses, and other educational activities organized by ITS, including (a) enrolling new students, (b) registering students on third-party platforms (e.g., digital educational platforms) used for these courses, ensuring these platforms comply with this Policy and applicable laws, (c) compiling participant lists, (d) distributing educational materials, and (e) issuing certificates of completion, among other necessary activities.

     

    • Carrying out activities to engage with the public, such as “Varanda talks,” interviews, web series, and other events or projects developed independently or with external partners. Depending on the Service, this may include making video recordings available.

     

    • Supporting the operation and implementation of applications, tools, and related initiatives provided or developed by ITS.

     

    • Generating reports with aggregated and anonymized data on how the Services are used and interacted with to improve the quality of ITS Services.

     

    Development of Studies, Books, Reports, and Academic Research

    • Conducting and publishing academic research that may involve processing personal data.

     

    • Providing information to funders and project partners regarding research and, if necessary, interactions with data subjects that supported the research.

     

    Selection of Candidates and Hiring New Employees

    • Facilitating recruitment processes to fill ITS vacancies, including evaluating candidate qualifications and managing the selection process.

     

    • Maintaining internal records related to the recruitment process.

     

    • Enabling the hiring of new employees and trainees at ITS.

     

    Communication and Contact

    • Contacting you, with your consent, to fulfill contractual obligations or to notify you about matters that may interest you, such as essential deadlines for courses or projects you are involved in. We may reach out to inform you about key dates and deadlines for the courses or projects you are participating in, as well as any other relevant updates.

     

    • Inviting you to participate in lectures, courses, and other ITS Services, within the bounds of applicable legislation.

     

    • Allowing third parties to contact you, if necessary, for the execution of specific activities or with your consent. For example, ITS partners may contact you regarding relevant information for projects in which you are participating.

     

    • Sending you notifications about ITS activities and policy updates to keep you informed of ITS news.

     

    Offering Graduate and Extension Courses in Digital Law in Partnership with UERJ

    • Facilitating the delivery of educational services related to the Postgraduate and Extension Courses, as required under the Educational Services Agreement, including selection processes.

     

    • Conducting selection processes for filling quota-based vacancies.

     

    • Managing student enrollment and related processes, such as cancellations or deferrals.

     

    • Verifying student identity, for example, for issuing certificates or other security procedures.

     

    • Registering students on third-party platforms (e.g., digital educational platforms) used in the context of these courses, provided that these platforms comply with this Policy and applicable laws.

     

    Improving Services and Developing Studies, Statistics, and Solutions

    • Enhancing ITS’s promotional activities and personalizing your experience by sending information about new services, advertising, promotions, or e-mail marketing campaigns, as well as analyzing cross-referenced data for marketing purposes.

     

    • Systematizing information about your interactions with the activities and Services offered by ITS, correlating and cross-referencing data on your engagement and interests in each service or related activity, with the goal of enhancing the Services provided.

     

    • Conducting studies and analyses on ITS activities, using aggregated, statistical, or anonymized data whenever possible, to better understand your interests and improve our Services.

     

    Other Purposes

    • Carrying out financial activities related to ITS, including tracking payments, processing collections, identifying and validating amounts, financial reporting, tax calculations, external audits, and other administrative functions.

     

    • Offering discounts to former ITS students for enrollment in partner courses.

     

    • Sharing information with third parties, as necessary for service provision, in accordance with applicable laws.

     

    • Sharing data across platforms, products, and services within ITS to ensure coordinated activities, in line with applicable legislation. 

     

    • Complying with legal and regulatory obligations, including accounting, financial, and tax requirements, as well as sector-specific regulations related to ITS Services. 

     

    • Defending or responding to legal requests (e.g., court orders or subpoenas) when ITS, in good faith, believes it is necessary to do so or when required by law.

     

    • Once personal data processing has been concluded, the data will be deleted within the scope and technical limits of ITS activities, with retention authorized for the following purposes:
    1. Compliance with a legal or regulatory obligation;
    2. Research purposes, provided the data is anonymized whenever possible;
    3. Transfer to a third party, provided all legal requirements are met; and
    4. Anonymization of the data for the exclusive use of ITS, with third-party access prohibited.

    6. SHARING OF COLLECTED PERSONAL DATA

    The personal data collected by ITS for the purposes described in Section 4 may be shared with the following third parties within the limits of applicable legislation:

    • Suppliers, service providers, or partners: This includes entities that assist in delivering or supporting ITS activities (e.g., event production companies, software and system providers, cloud storage services, document management companies, legal or tax consultancies, external auditors, and insurance brokers), always within the strict bounds of applicable laws.

     

    • ITS partners: These include funders, supporters, or co-organizers of specific projects or initiatives (e.g., events, workshops, courses, fellowships) to the extent necessary for the execution of the project.

     

    • Companies assisting with communications and marketing: Organizations that may facilitate communications with you or marketing activities based on similar interests or activities in compliance with applicable legislation and, when required, your prior and specific consent. These activities must adhere to the principle of non-discrimination.

     

    • Administrative, judicial, or arbitral authorities, or any other related authority, may access personal data to the extent necessary to respond to specific requests or requirements. ITS may share such data if it believes, in good faith, that it is necessary to do so or if required by applicable law or a judicial, administrative, or arbitral decision. This may also be done to ensure compliance with legal and regulatory obligations through the strictly necessary sharing of personal data with competent authorities.

     

    • ITS is committed to sharing personal data only with service providers and partners who ensure an adequate level of data protection in accordance with current legislation and this Policy. This includes establishing written agreements that require third parties to adopt appropriate measures to maintain the integrity, confidentiality, and security of the shared data.

    7. THIRD-PARTY SERVICES

    • ITS Services may be linked to products from partners or third parties that have their own terms and policies (e.g., Facebook, YouTube, WhatsApp, Typeform, PagSeguro). However, this Policy only covers the Services provided directly by ITS.

     

    • While ITS strives to partner with reliable entities, it is not responsible for the data processing practices carried out solely by third parties. ITS strongly recommends that you review the external terms and policies of these services before providing any personal data to them.

    8. PERSONAL DATA STORAGE AND SECURITY

    • In processing your personal data, ITS will make every effort to store and protect it in secure and controlled environments in compliance with current legislation. Your personal data will be safeguarded using advanced security measures, including access control protocols.

     

    • In delivering our Services, we partner with companies that maintain high-security standards for information storage, establishing contracts that align with this Privacy Policy.

     

    • ITS restricts access to your data to our employees and authorized third parties only as needed to perform their roles. This helps protect your personal data from unauthorized access, accidental or unlawful destruction, loss, alteration, disclosure, or any form of improper or illegal processing.

     

    • ITS is committed to continuously implementing physical, technical, and administrative security measures in the processing of your personal data, in line with the industry’s best practices.

     

    • ITS will retain your personal data for as long as necessary to fulfill the purposes outlined in this Policy unless a more extended retention period is required or permitted by applicable law, as specified in Section 4.

     

    9. INTERNATIONAL DATA TRANSFER

    • As a forward-thinking organization utilizing the latest technologies, ITS may store your personal data on servers located outside Brazil, including cloud computing servers that adhere to internationally recognized standards for data security. By agreeing to this Policy, you authorize your personal data to be stored abroad in accordance with its terms.

     

    • ITS will conduct international data transfers only through mechanisms permitted by applicable laws. We commit to protecting your personal data by implementing appropriate contractual agreements to ensure that our partners meet data protection and information security standards equivalent to those outlined in this Policy.

    10. YOUR RIGHTS

    • TS takes appropriate measures to uphold its obligations concerning your rights as a personal data subject. Your rights as a data subject include:

     

    • Confirmation: The right to be informed about the processing of your personal data.

     

    • Access: The right to request access to the personal data processed by ITS.

     

    • Correction: The right to request that your personal data be amended or updated if it is incomplete, inaccurate, or outdated.

     

    • Restriction: The right to object to or request anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in violation of data protection laws.

     

    • Portability: The right to request the transfer of your data from ITS to another service provider.

     

    • Deletion: The right to request the deletion of personal data processed with your consent.

     

    • Information: The right to be informed about the public and private entities with which ITS has shared your data, the option to refuse consent, and the consequences of doing so.

     

    • Withdrawal of consent: If the processing is based on your consent, you may withdraw it at any time via a free and straightforward process. The withdrawal will not affect the lawfulness of the processing carried out prior to the revocation.

     

    • Review of automated decisions: The right to request a review of decisions made solely on the basis of automated processing that affects your interests.

     

    • If you wish to exercise any of the rights mentioned above, please contact ITS using the details provided in the “General Provisions” section below.

     

    • Additionally, if you prefer to stop receiving marketing communications, you can opt out at any time by contacting ITS directly or by using the “Unsubscribe” link included in the marketing e-mail or message.

    11. GENERAL PROVISIONS

    • This Privacy Policy is the valid and current version governing the processing of your personal data by ITS. It applies to all interactions between you and ITS unless a specific service has its own privacy policy, subject to acquired rights, legal acts, and final judgments.

     

    • The most up-to-date version of the Privacy Policy will always be available on our website.

     

    • ITS reserves the right to periodically update and modify its legal documents, including this Privacy Policy.

     

    • Any changes to this Policy that affect previously provided consent (where applicable) will be communicated in advance. However, modifications made for legal reasons, new Service functionalities, or operational changes in ITS projects will take effect immediately.

     

    • ITS continually strives to provide the best possible experience when using our Services. However, the Services are offered as-is, and ITS reserves the right to make changes, additions, deletions, or other modifications to the Services.

     

    • If you do not agree with any changes to this Policy, you must stop using our Services. Continued use of the Services will imply your acceptance of the revised Policy.

     

    • The provisions of this Privacy Policy will remain in effect even after the termination of your relationship with ITS for as long as there are subsequent legal obligations between the parties.

     

    • If you wish to exercise any of the rights described in this Privacy Policy or have questions about this document or ITS practices, contact ITS Rio using the information provided at the beginning of this Policy.

     

    • BY CAREFULLY READING THIS POLICY, YOU AGREE TO ALL OF ITS PROVISIONS.

    ***