GENERAL DATA PROTECTION LAW AND PRIVACY NOTICE

Terms of use

Published on Jan 29, 2025 2:42 PM - Modified 2 months ago

1. What information does this document contain?

In this Terms of Use, users of the service will find information regarding:

The operation of the service and its applicable rules;
The set of rules related to the provision of the service;
User responsibilities when using the service;
Public administration responsibilities when providing the service;
Contact information, for updates or clarification of questions;
The authority responsible for possible complaints, should elements of this Terms of Use be violated.

Additionally, in the Privacy Notice, users of the service will find information regarding:

The processing of personal data and its purpose;
Users’ personal data required for the provision of this service;
Information about cookies;
How data is processed;
Security measures used to protect personal data;
Information about data sharing with third parties.

2. Agreement with the Terms

By using the BRICS website services, the user understands that their personal data will be processed and shared as described in the Privacy Notice and agrees to its terms.

The following laws and regulations apply to this service:

Law No. 12,965, of April 23, 2014 - Brazilian Civil Rights Framework for the Internet - Establishes principles, guarantees, rights, and duties for the use of the Internet in Brasil.
Law No. 13,460, of June 26, 2017 - Provides about participation, protection, and defense of the rights of users of public services of the public administration.
Law No. 13,709, of August 14, 2018 - General Data Protection Law (LGPD) - Introduces data processing procedures in order to protect the fundamental rights of freedom and privacy.
Decree No. 8,936, of December 19, 2016 - Institutes the Digital Citizenship Platform and proposes the provision of digital public services within the scope of the bodies and entities of the direct federal public administration, autarchic, and foundational.
Decree No. 9,637, of December 26, 2018 - Institutes the National Information Security Policy, proposes on information security governance, and amends Decree No. 2,295, of August 4, 1997, which regulates the provisions of Article 24, paragraph, item IX, of Law No. 8,666, of June 21, 1993, and proposes on the waiver of bidding in cases that may compromise national security.

3. Service Description

The BRICS website consolidates information regarding the Brazilian Presidency of the forum composed by Brasil, Russia, India, South Africa, Egypt, Ethiopia, Indonesia, Iran, Saudi Arabia, and the United Arab Emirates. The BRICS is a political and diplomatic coordination and cooperation group of countries from the Global South acting in various areas.

4. What are the obligations of the users of this service?

Users are responsible for the accuracy of the information provided and acknowledge that inaccuracies may prevent the use of the BRICS website.

During the use of this service, to preserve and protect the rights of others, users must provide only their own personal data, not those of third parties.

Users are responsible for updating their personal information, and any negligence or errors in the registered personal information are their own responsibility.

Users are liable for any damages, direct or indirect (including those derived from the disrespect of the rights of other users, third parties, including intellectual property rights, secrecy, and personality rights), caused to the Public Administration, any other users or any third parties, including the violation of these Terms of Use or any act deriving from their access to this service.

The public administration is not responsible for the following events, whenever they are unrelated to the use of the BRICS website service.:

a) Equipment infected or invaded by attackers;
b) Equipment damaged at the time of service consumption;
c) Computer protection;
d) Protection of information stored on users' computers;
e) Abuse of users' computer use;

f) Illegal monitoring of users' computers;
g) Existing vulnerabilities or instabilities in users' systems;
h) Insecure perimeter.

Under no circumstances will the Federal Public Administration be responsible for the installation of malicious codes (viruses, trojans, malware, worms, bots, backdoors, spyware, rootkits, or any others that may be created) on the user's equipment or that of third parties, resulting from the user's internet browsing.

5. What are the responsibilities of the public administration regarding personal data?

The Public Administration is committed to complying with all laws governing the proper use of citizens' personal data, ensuring users' legal rights and guarantees. It also undertakes to proactively disclose, in an easily accessible location and within its competencies, information of collective or general interest that it produces or safeguards. Additionally, it is responsible for implementing security controls to protect users' personal data.

The Public Administration may share necessary information in response to judicial orders for investigations or actions related to illegal activities, suspected fraud, or potential threats to individuals, property, or systems that support the Service. It may also do so for other necessary reasons to fulfill its legal obligations. In such cases, the Public Administration will notify users, except when the procedure is under judicial secrecy.

PRIVACY NOTICE

Privacy and security are priorities for the BRICS website, which is committed to transparently processing users' personal data (data owners). This Privacy Notice thus explains how user data is processed when accessing the Portal.

When using the BRICS portal services, users understand that their personal data will be processed and shared as described in this Privacy Notice and agree to its terms. The following laws and regulations apply to this service:

Law No. 12,965, of April 23, 2014 - Brazilian Civil Rights Framework for the Internet - Establishes principles, guarantees, rights, and duties for the use of the Internet in Brasil.
Law No. 13,460, of June 26, 2017 - Provides about participation, protection, and defense of the rights of users of public services of the public administration.
Law No. 13,709, of August 14, 2018 - General Data Protection Law (LGPD) - Introduces data processing procedures in order to protect the fundamental rights of freedom and privacy.
Decree No. 8,936, of December 19, 2016 - Institutes the Digital Citizenship Platform and proposes the provision of digital public services within the scope of the bodies and entities of the direct federal public administration, autarchic, and foundational.
Decree No. 9,637, of December 26, 2018 - Institutes the National Information Security Policy, proposes on information security governance, and amends Decree No. 2,295, of August 4, 1997, which regulates the provisions of Article 24, paragraph, item IX, of Law No. 8,666, of June 21, 1993, and proposes on the waiver of bidding in cases that may compromise national security.
Decree No. 10,332, dated April 28, 2020 - Establishes the Digital Government Strategy for the period from 2020 to 2022, within the scope of the bodies and entities of the direct federal public administration, autarchic and foundational, and provides for other measures.

In accordance with Article 5, item VI, of Law No. 13,709, of 2018, the controller is defined as "a natural or legal person, of public or private law, to whom the decisions regarding the processing of personal data belong."

Regarding the BRICS website service, the Brazilian Ministry of Foreign Affairs (MRE) and the Secretariat of Social Communications of the Presidency of the Republic (SECOM/PR) are responsible for providing it. They also act as the controller on behalf of the Union in decisions related to the processing of personal data addressed in this Privacy Notice.

1. Use of data:

The BRICS website collects and stores personal data through the Internet browser in the form of cookies. Data will be collected for the following purposes:

Simplifying access to information about Brasil’s BRICS Presidency;
Recording statistical data; and
Facilitating user access by retrieving selected preferences.

2. Processing Scenario

In accordance with the General Data Protection Law (Lei Geral de Proteção de Dados Pessoais/LGPD), personal data will be processed based on the following legal grounds:

"Art. 7 - Processing of personal data shall only be carried out under the following circumstances:

I - with the consent of the data subject;

(...)

III - by the public administration, for the processing and shared use of data necessary for the execution of public policies provided in laws or regulations, or based on contracts, agreements or similar instruments, subject to the provisions of Chapter IV of this Law; (emphasis added)

(...)

IX - when necessary to fulfill the legitimate interests of the controller or a third party, except when the data subject’s fundamental rights and liberties which require personal data protection prevail;

2.1. Which personal data will be processed

For the purposes mentioned above, the BRICS website processes the following personal data:

Internet page virtual address (search records, including on other visited sites);
Country, state, and city (general location);
Age group;
Biological gender;

Device data (hardware model, operating system).

2.2. Cookies Declaration

The BRICS website uses its own (primary) cookies, i.e., from the domain on the BRICS website, to record user configurations and preferences and generate statistical reports through Google Analytics, and also third-party cookies to complement these statistics.

2.2.1 Essential cookies

__ac, auth_token, I18N_LANGUAGE, lgpd-cookie-v2, tree-s.
Acesso gov: INGRESSCOOKIE, Session_Gov_Br_Prod.

2.2.2 Analytic cookies

Google analytics: _ga, _ga_CBX8TDSVBM.

Mais informações e configurações sobre o Consentimento do Google Analytics.

2.2.3 Third-party cookies

The BRICS website depends on services provided by third parties in order to:

Enhance government information campaigns;
Offer interactive content;
Improve usability, and facilitate content sharing on social networks;
Run videos and animated presentations directly from the BRICS website.

All third-party cookies in the BRICS website are Google publicity and multimedia cookies. These third parties collect and use browsing data also for their own purposes. Users can disable them directly on Google's website.

Official information on third-party cookies from Google Policy.
Google policy

Google Analytics on the BRICS website has advertising reporting features enabled, which collect additional information through cookies from DoubleClick.net (a company affiliated with Google), including web activity and device advertising IDs (app activity).

The BRICS website does not control which third-party cookies may be activated. When accessing the portal, users may encounter third-party cookies from domains such as YouTube, Instagram, and Twitter.

YouTube: VISITOR_INFO1_LIVE, YSC, wide, LOGIN_INFO, VISITOR_PRIVACY_METADATA, PREF, HSID, SIDCC, APISID, __Secure-3PSID, SAPISID, __Secure-1PSID, __Secure-1PAPISID, __Secure-3PAPISID, SID, __Secure-3PSIDTS, __Secure-1PSIDTS, __Secure-1PSIDCC, SSID, __Secure-3PSIDCC.

Twiter: guest_id_ads, guest_id, guest_id_marketing, personalization_id.

2.2.4 Information on Cookies used for social media

The BRICS website incorporates videos and other media files from Instagram, YouTube, and Google. Users can search for more information about the cookies used by these social networks and how personal data is processed by them. Below are links to access the Privacy Policies of each social network.

2.2.5 Cookies configuration on browser

To manage cookies, one alternative is to configure the browser. Tutorials on the topic can be found in the links below:

If using Internet Explorer
If using Firefox
If using Safari
If using Google Chrome
If using Microsoft Edge
If using Opera

The user can change permissions, block, or refuse cookies on their browser at any time, except for strictly necessary ones (essential cookies). However, revoking consent for certain cookies may affect the proper functioning of some features of the BRICS website.

3. How, and for how long, will data be stored

Personal data processed through the BRICS website will be used and stored in Brasil for the time required to provide the service or achieve the purposes listed in this Privacy Notice, considering the rights of users and those responsible for data processing (controllers and operators).

Data collected by Google Analytics cookies may be transferred outside Brasil; however, there is a clause in the Terms regarding data processing to ensure that all data is protected accordingly.

Data will be kept while relevant. After the required period during which personal data must be stored, they will be deleted from our database or anonymized, in accordance with the legal scenarios foreseen on LGPD Art. 16, i.e., personal information required for compliance with legal, judicial, and administrative determinations and/or for the exercise of the right to defense in judicial and administrative proceedings will be retained, despite the deletion of other data.

4. Personal data processing safety

The way data is handled by the BRICS website reflects its commitment to the security and protection of personal data to ensure privacy. Appropriate technical measures and solutions are used to guarantee the confidentiality, integrity, and inviolability of personal data. To keep personal data protected, physical, electronic, and managerial tools are employed, specifically aimed at protection and privacy.

The application of these tools takes into consideration the nature of the personal data processed, the context and purpose of the processing, and the risks that potential breaches would pose to the rights and freedoms of the data subject.

The BRICS website is committed to using best practices to prevent security incidents.

In the event of security incidents that may pose significant risk or harm to users, the Ministry of Foreign Affairs along with the Secretariat of Social Communications of the Presidency of the Republic will notify data subjects, especially those directly affected, as well as the National Data Protection Authority (ANPD), which will act in accordance with LGPD provisions.

5. Data sharing

In order to preserve privacy, the BRICS website will not share personal data with any unauthorized third party not listed below. The operators listed below carry out the processing of personal data on behalf of the data controller. They receive data only to the extent necessary to achieve the purpose of the processing. The contracts between these operators are guided by the provisions of the LGPD, and these partners have their own Notices or Privacy Policies:

SERPRO - Brasil’s Federal Data Processing Service, Brasilia - DF, CEP: 70836-900

There are other scenarios in which personal data may be shared:

I – Legal determination, request, requisition, or judicial order, with competent judicial, administrative, or governmental authorities.
II – Protection of the rights of the BRICS website in any type of conflict, including those of a judicial nature.

6. Users’ rights (data subject)

ensures its users their rights as data subjects as provided in Article 18 of the LGPD. Therefore, it is possible, free of charge and at any time:

To object to the processing of personal data at any time. However, it is important to understand that exercising this right will result in disagreement in the relationship between the citizen and the State, and consequently, in less effective treatment by the BRICS website in delivering available services;

To confirm the existence of personal data processing, in a simplified or clear and complete format;
To access your personal data, with the possibility of requesting them in a legible copy in printed form or electronically, in a secure and reliable manner;
To correct your personal data by requesting their editing, correction, or updating;
To limit your personal data when unnecessary, excessive, or processed in non-compliance with the legislation through anonymization, blocking, or elimination;
To revoke your consent, disallowing the processing of your data.

7. Personal Data Processing Officer

The Personal Data Processing Officer serves as a communication channel between the controller, data subjects, and the National Data Protection Authority (pursuant to Law No. 13,709/2018, Article 5, VIII).

According to Article 41, §2 of the LGPD, the responsibilities of the Personal Data Processing Officer include:

I - receiving complaints and communications from data subjects, providing clarifications, and taking appropriate measures;

II - receiving communications from the national authority and taking necessary actions;

III - advising the entity’s employees and contractors on best practices for personal data protection; and

IV - carrying out additional duties assigned by the controller or established in complementary regulations.

In compliance with Article 41 of the LGPD, the Ministry of Foreign Affairs has appointed its Personal Data Processing Officer through Ordinance MRE No. 372 of January 12, 2022:

Officer: Inspectorate-General of the Foreign Service (ISEX)

Address: Ministry of Foreign Affairs, Esplanada dos Ministérios, Bloco H, Anexo Maria José de Castro Rebello Mendes, 7º andar, sala 741. CEP 70.170-090. Brasília/DF.

Contact: Fala.BR Plataforma

8. Modification of this Privacy Notice

The present version of this Privacy Notice was last updated on November 1st, 2023.

The editor reserves the right to modify these rules at any time, especially to adapt them to improvements in the BRICS website service, whether by providing new features or by removing or modifying existing ones.

Any changes or updates to the Terms of Use or Privacy Notice will take effect on the date of their publication on the service's website and must be fully observed by users.

In cases where changes or updates to the Privacy Notice relate to the purpose, form, and duration of data processing, change of controller(s), or data sharing, the data subject will be informed and allowed to revoke their consent if they disagree with the changes.

9. Responsibilities

The BRICS website foresees the responsibility of the agents involved in data processing processes, in accordance with articles 42 to 45 of the LGPD.

It also commits to keeping this Privacy Notice updated, observing its determinations, and ensuring compliance. Additionally, it undertakes the commitment to seek technical and organizational conditions capable of protecting the entire data processing process.

10. Disclaimer

As mentioned in Topic 4, while high security standards are implemented to prevent incidents, no website is entirely free of risks. In this regard, the BRICS website is not responsible for:

I –Any consequences resulting from user negligence or carelessness regarding their personal data. The BRICS website is solely responsible for the security of data processing and the fulfillment of the purposes outlined in this Privacy Notice. Please note that the responsibility for maintaining the confidentiality of access credentials rests with the user.

II – Malicious actions by third parties, such as cyberattacks, unless it is proven that such actions were caused by the BRICS portal’s intentional or negligent conduct.

III – The accuracy of information entered by the user in the records required to use the BRICS website services. The user assumes full responsibility for any consequences arising from false or maliciously provided information.