Fundação Renova

Privacy Policy

Updated August 26, 2024

1. Introduction

This Privacy and Data Processing Policy (“Policy”) aims to demonstrate the commitment of the RENOVA FOUNDATION, a civil entity, with legal personality under private law, non-profit, headquartered at Avenida Getúlio Vargas, 671, Room 400, 4th Floor, Savassi, Belo Horizonte/MG, ZIP: 30112-021, registered with the CNPJ/ME under no. 25,135,507/0001-83 (“We” or “Renova Foundation”), created from the TTAC – Conduct Adjustment Agreement, of which companies, institutions and public bodies are signatories, with the privacy and protection of their personal data, especially if you are one of those affected by our socio-environmental and socio-economic programs (“Programs”), clearly and in accordance with the laws in force.

This Policy describes the main rules regarding the Processing of your Personal Data, when:

  1. You interact with us in physical environments; or when
  2. You make use of our website, including but not limited to that available at the link www.fundacaorenova.org and its subdomains (“Website“) being, for all purposes of this Policy, our physical and digital environments collectively referred to as “Our Environments”.

2. Who is this policy for?

2.1. This policy is intended for all visitors to Our Environments, whether affected, members of the governance system or any individual from civil society.

Special note for elderly people

If you are over 60 years old, please be aware that we are aware of the risk of processing your Personal Data and we are committed to taking all appropriate measures to protect it. Furthermore, we commit to treating them in a manner that is

  • Clear;
  • Simple;
  • Accessible; and
  • Suitable for your understanding.

3. About the data we collect

3.1. Data, including Personal Data, may be processed when You submit it or interact in Our Environments and/or have access to our Programs, which includes:

What do we process?What do we process it for?
What do we process?What do we process it for?

Registration data

  • Full name
  • CPF
  • Date of birth
  • Mother’s name
  • Email
  • Address
  • Contact telephone number
  • Data available in the curriculum
  1. Identify and authenticate You.
  2. Fulfill the obligations arising from the execution of our Programs and analyze your eligibility for our Programs, including to comply with legal and regulatory provisions.
  3. Recruit employees, if you wish to work with us.
  4. Promote your contact with us and manage your queries, complaints, compliments, suggestions and requests.
  5. Expand our relationship, informing you about news, features, content, and other information that we consider relevant to you.

Digital Identification Data

  • Source IP Address and Logical Port
  • Device (OS version)
  • Geolocation
  • Records of the date and time of every action you perform
  • Which screens you accessed
  • Session ID
  • Cookies
  • Images in videos captured on CCTV
  1. Identify and authenticate You.
  2. Security monitoring of our physical environments for your and our security.
  3. Comply with legal registration-keeping obligations established by the Internet Civil Rights Framework – Law 12,965/2014.

3.2. The execution of many of our Programs directly depends on some Data provided in the table above, mainly registration Data. If You choose not to provide some of this Data, we may be unable to provide service in some of our Programs.

3.3. You are solely responsible for the accuracy, veracity or lack thereof of the Data You provide, or for its out-of-dateness. Please be aware that it is your responsibility to ensure accuracy or keep them updated with the Renova Foundation.

3.3.1. Likewise, We are not obliged to process any of your Data if there are reasons to believe that such Processing may impute to us any violation of any applicable law, or if You are using Our Environments for any illegal, illicit or immoral purposes.

3.4. The database formed through the collection of Personal Data is our property and is under our responsibility, and its use, access and sharing, when necessary, will be done within the limits and purposes of the activities described in this Policy.

3.5. We use the following technology(ies):

  1. Cookies, used to improve the functionality of the Website. At any time, you can block the use of Cookies through your Internet browser settings, in which case some features of the Website may be limited. Find out more about the cookies we use and how to manage them in our Cookies Policy, available at https://www.fundacaorenova.org/politica-de-cookies/.
  2. Google Analytics, used to record non-identifiable browsing data in order to measure and monitor the performance of the Website.

3.6. We do not use any type of solely automated decision that impacts you, everything is always subject to human review in respect of the contrary. If you have any questions about the automated decision-making process, please contact us through our Service Channels, in accordance with item 8.3 of this Policy.

4. How do we share data and information

4.1. The Data collected and the activities recorded may be shared, always respecting the sending of the minimum information necessary to achieve the purposes:

  1. With competent judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or court order;
  2. With members of the governance system and with the sponsors of the Renova Foundation, as necessary to fulfill their functions and responsibilities. All recipients are subject to compliance with the legislation and regulations applicable to the protection of Personal Data; and
  3. With partners and service providers necessary for the execution of our Programs, always requiring such organizations to comply with security and data protection guidelines, as per item 5.6. of this Policy.

5. How we protect your data and how you can protect it too

5.1. Although no method of transmission over the Internet or electronic storage is absolutely secure, we make every effort to maintain the privacy and security of your information by taking reasonable technical, physical, and administrative measures to prevent unauthorized access to and improper use of your Data:

  1. Technical measures, such as, for example, transmission of Personal Data through a secure website, storage of Data in electronic media that maintain high security standards, use of a system whose access is controlled;
  2. Physical measures, such as restricted access to authorized persons maintained in facilities, use of market security tools; and
  3. Administrative measures, including the adoption of security policies and standards, training and awareness-raising work for employees, signing of confidentiality agreements.

5.2. We emphasize that, in restricted access environments, such as the User Portal, the Attorney’s Portal and the Supplier Portal, the user account password is confidential, of responsibility of the user and must not be shared with third parties.

5.3. It is very important that You protect Your Data against unauthorized access to your computer, account or password, and that You always click “log out” when ending Your browsing session on a shared computer. It is also very important that You know that We will never send electronic messages by email with attachments that can be executed (extensions: .exe, .com, among others) or links to possible downloads.

5.4. Internally, the Personal Data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance for the objectives of the Renova Foundation, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Policy.

5.5. When You enter our digital environments, you may be directed, via link, to other third-party portals or platforms. These third parties may collect your information and may use their own cookies to identify some of your preferences or to recognize you if you have already had contact with them. The Renova Foundation does not control the use of such technology by third parties or the information they collect, or the way they use such information.

5.5.1. It is your responsibility to read the Privacy and Data Processing Policies of such third-party portals or platforms outside of our digital environments, and it is your responsibility to accept or reject them. We are not responsible for the Privacy and Data Processing Policies of third parties nor for the content of any websites or services linked to environments other than ours.

5.6. We seek to carefully evaluate our partners and service providers and enter into contractual obligations with them regarding confidentiality, information security and data protection, with the aim of protecting You.

5.7. To optimize and improve our communication, when we send an email to You we may receive a notification when they are opened, provided that this possibility is available. It is important that you pay attention, as emails are only sent from the domain: @fundacaorenova.org.

6. How we store your personal data and activity record

6.1. The Personal Data collected and activity records are stored in a secure and controlled environment for a minimum period to fulfill the purposes of executing the Programs made available by Us.

6.2. For auditing, security, fraud control and rights preservation purposes, we may keep your Data registration history for a longer period in cases where the law or regulatory standard so establishes or to preserve rights.

6.3. We may also retain records of CCTV recordings for short periods in accordance with our security and monitoring policies for physical environments to protect You, our employees and Our Environments.

6.4. The Data collected may be stored on our servers located in Brazil, as well as in an environment using resources or servers in the cloud (cloud computing), which may require a transfer and/or processing of this Data outside of Brazil.

7. What are your rightsa and how to exercise them

7.1. The Data is yours and the applicable Legislation provides a series of rights related to it, which may be exercised by You by means of a request to our Officer through the Service Channel made available at the end of this Policy.

  1. Confirmation and access: You may request confirmation of the existence of Processing and access to your Data, including by requesting copies of records we have about You.
  2. Correction: You may request the correction of your Data that is incomplete, inaccurate or out of date.
  3. Anonymization, blocking or deletion: You may request the anonymization of your Data, so that it can no longer be related to You, the blocking of your Data, temporarily suspending the possibility of Processing for certain purposes, or the deletion of your Data.
  4. Portability: You may request that we provide your Data in a structured and interoperable format for transfer to a third party, respecting our intellectual property or trade secrets.
  5. Information about sharing: You may request information about third parties with whom we share your Data, limiting such disclosure to information that does not violate our intellectual property or trade secrets.
  6. Withdrawal of consent: You may choose to withdraw consent for any purpose to which You have consented. This revocation will not affect the lawfulness of any Processing carried out previously. If you withdraw your consent for purposes essential to the regular functioning of our environments and services, they may become unavailable to you.
  7. Objection: You may object to the Processing of your Data if you do not agree with some of the purposes.
  8. Review: in the case of decisions based exclusively on automated processing, you may request a review of the decision, indicating your interests that may have been affected.

7.2. For your security, whenever you submit a request to exercise your rights, we may request additional information to prove your identity, seeking to prevent fraud.

7.3. We may fail to comply with a request to exercise rights if the service violates our intellectual property or trade secrets, as well as when there is a legal or regulatory obligation to retain Data. Additionally, we may fail to comply with your request if we need to retain the Data to enable us to defend ourselves or third parties in disputes of any nature.

7.4. We undertake to respond to all requests within a reasonable timeframe and always in compliance with applicable legislation.

7.5. Once the maintenance period and legal need have expired, Personal Data will be deleted using secure disposal methods, or used in an anonymous form for statistical purposes.

8. Information about this policy

8.1. You are aware that We may change the content of this Policy at any time, in case of updating the purposes or needs of the Processing, in particular to adapt and comply with the provisions of law or regulation that has equivalent legal force. The updated version will always be available on our Website, where you can consult it.

8.2. If any point of this Policy is considered unenforceable by a competent authority, the remaining conditions will remain in full force and effect.

8.3. If you have any questions regarding the provisions contained in this Privacy and Data Processing Policy, you may contact our Data Protection Officer responsible for the Processing of Personal Data directly – Peck Advogados through the e-mail <protecaodadospessoais@fundacaorenova.org> and address: Avenida Getúlio Vargas, 671, Room 400, 4th Floor, Savassi, Belo Horizonte/MG, ZIP code: 30112-021.

  • Head Officer: Cecilia Helena de Castro
  • Substitute Officer: Henry Rocha

8.4. This Policy will be interpreted according to Brazilian law, in the Portuguese language, and the legal jurisdiction of the city of Belo Horizonte, State of Minas Gerais, will be elected to resolve any dispute involving this document, unless there is a specific caveat of personal, territorial or functional jurisdiction by applicable law.

9. Glossary

9.1. For the purposes of this Policy, the following definitions and descriptions should be considered for better understanding:

  1. Anonymization: Use of reasonable technical means available at the time of Processing, through which data loses the possibility of association, directly or indirectly, with an individual.
  2. CCTV: “Closed Circuit Television”. Camera monitoring and surveillance system that sends images in real time to a video recorder and/or monitoring center via a wired system or IP.
  3. Cloud Computing: is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the aim of reducing costs and increasing the availability of supported services.
  4. Cookies: Small files sent by the Website, saved on your devices, which store preferences and a little other information about how and when Our Environments are visited, as well as the number of people who access them.
  5. Data: Any information entered, processed or transmitted through Our Environments.
  6. Personal Data: Data related to an identified or identifiable natural person.
  7. Solely automated decisions: These are decisions affecting a user that have been programmed to work automatically, without the need for human operation, based on automated processing of personal data.
  8. Data Protection Officer or DPO: Individual or legal entity appointed by Us to act as a communication channel between the controller, data holders and the National Data Protection Authority (ANPD).
  9. IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies users’ devices on the Internet.
  10. Processing: Any operation carried out with Personal Data, such as those related to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
  11. Our Environments: designates the electronic address <www.fundacaorenova.org> and its subdomains, in addition to physical environments.
  12. Holder of Personal Data: you, the natural person to whom the Personal Data refers, whether as affected parties, members of the governance system of the Renova Foundation and any natural person from civil society.
  13. Applicable legislation: all legislation that deals with privacy and protection of Personal Data, especially Law No. 13,709/2018 (“General Personal Data Protection Law” or “LGPD”).