página inicial > Transparency > Operational Policies and Contracts > Privacy Policy

[English] [Português do Brasil]

Privacy Policy

The Brazilian Foundation for Sustainable Development (FBDS) prioritizes the privacy and security of information from its clients, suppliers, employees, consultants, and partners (hereinafter referred to as USER) with whom it interacts throughout its work. This Privacy Policy establishes the systematic collection, use, and transfer of data under the General Data Protection Law, hereinafter LGPD (Federal Law 13.709/2018), the consumer provisions of Federal Law 8078/1990, and other applicable norms of the Brazilian legal system.

  1. Data Collected and Purpose
    1. Data Provided by the USER
      • Full Name / Business Name
      • CPF / CNPJ
      • ID / Business state and/or Municipal Registration number
      • Full Address
      • Other similar information
    2. Automatically Collected Data
      In the case of individuals and representatives of legal entities, we do not obtain in any way data considered personal and/or sensitive, such as:
      • Ethnic origin
      • Political or social opinions
      • Religious beliefs
      • Health-related data
      • Sexual life
      • Other intimate data of the USER

      This fulfills the provisions of Article 17 of Law 13.709/2018 - LGPD, which states: Every natural person is guaranteed ownership of their personal data and assured fundamental rights of freedom, privacy, and intimacy, under this Law.

    3. Consent
      Before establishing any professional and/or commercial relationship with FBDS, the USER must express their agreement with this Privacy and Information Security Policy.
  2. USER Rights
    1. Confirm the existence of data processing, as per this Policy.
    2. Access their data, requesting it in a printed copy or electronically.
    3. Correct their data by requesting editing, correction, or updating.
    4. Limit their data when unnecessary, excessive, or processed in non-compliance with the law.
    5. Request the portability of their data.
    6. Revoke their consent, disallowing the processing of their data.
  3. Data Retention Period
    The collected data will be used and stored for the time necessary to provide the service or fulfill the established contractual purposes. Such data will be maintained as long as the relationship between the USER and FBDS lasts. Once the storage period has ended, these data will be deleted from our databases, except for the legally provided cases in Article 16 of the LGPD..
  4. Data Security
    Data security is maintained through the following measures:
    1. Only authorized persons have access to the FBDS database.
    2. Data access is granted only after a confidentiality commitment.
    3. All data are stored in physical and/or digital files in a secure environment.

    FBDS commits to adopting the best practices to prevent security incidents. However, it is important to highlight that no virtual environment is entirely secure and risk-free. Despite all our security protocols, issues exclusively caused by third parties may occur, such as hacker cyberattacks, or due to the USER’s negligence or imprudence.
    In case of security incidents that may pose a significant risk or harm to our USER, we will inform the affected individuals and the National Data Protection Authority about the occurrence, in accordance with the provisions of the LGPD.

  5. Data Sharing
    Any collected data will not be shared with unauthorized third parties by the USER, except in the cases listed in item 1.
  6. Changes to this Privacy Policy
    FBDS reserves the right to modify this POLICY at any time, mainly due to compliance with any legal changes or modifications in the Foundation’s operations and procedures.
  7. Responsibility
    As mentioned in item 4, although we adopt high security standards to avoid incidents, no virtual environment is entirely risk-free.
    In this regard, FBDS is not responsible for:
    • Any consequences resulting from the USER’s negligence, imprudence, or incompetence regarding their individual data.
    • Malicious actions by third parties, such as hacker attacks.
    • Inaccuracy of information entered by the USER, as well as any consequences resulting from false information.