PRIVACY AND COOKIES POLICY

This privacy and data protection policy is intended to help you understand how data is collected, processed, and stored to meet the legal requirements and data protection standards of the Comuá Network.

1. WHO WE ARE

Comuá Network is a national, private law civil association that operates on a non-profit basis, dedicated to promoting the public interest indefinitely. One of its activities includes managing event registrations and audience mapping for partner entities and associates.

The Comuá Network's policy is to collect your personal data fairly, legally, and transparently, using it solely for legitimate purposes, retaining it only for as long as necessary, and fully supporting the exercise of data subjects' rights.

For this reason, you explicitly agree to this privacy and data protection policy by providing personal data when filling out any form on the Comuá Network's website or as indicated.

2. PERSONAL INFORMATIONS COLLECTED, METHOD OF ACQUISITION, AND PURPOSE OF COLLECTION

All personal data referred to in this privacy policy is provided voluntarily by the user when they complete any of our forms that are of interest to them.

In the following list, you can find: (a) the personal data collected; (b) the methods of data acquisition; and (c) the intended purposes for data usage.

Personal data: full name, organization, area of activity, email, telephone, age group.

Methods of acquisition: Registration forms via email with the domain @redefilantropia.org.br.

Intended purposes: Conducting advocacy activities, conducting studies, generating knowledge, organizing workshops, events, and public notices, as well as audience profiling for aggregated reporting to funding sources.

Personal data: IP address, website interaction logs, screens accessed, device used, session ID, cookies.

Method of acquisition: Data collection occurs automatically upon accessing the website.

Intended purposes: Fulfillment of the obligations established by the Civil Rights Framework for the Internet – Law 12.965/2014, statistical and information security purposes, and compliance with legal and regulatory obligations.

Users may provide their personal data to Comuá Network when completing a form on our website.

It is important to note that we do not install or activate any type of program, virus, script, trojans, or similar elements that could compromise security in any manner. Some data is automatically collected when the website is accessed through cookies, which are small files that automatically gather information from your access. The generated statistics are aimed at enhancing the user experience on our website.

If you prefer not to provide this information, you can disable the use of cookies in your web browser. Instructions for doing so are provided below for various web browsers; simply click on the name of the browser you are using: Google Chrome, Internet Explorer, Firefox, and Safari.

All other personal data mentioned in this privacy policy are provided voluntarily by the user when they complete any forms aligned with their interests. If you choose not to provide us with any personal data, we may be unable to offer our services to your satisfaction, which could potentially hinder your participation in desired events or activities.

Personal data is processed and managed by REDE COMUÁ employees, who are specially trained and aware of the confidentiality of certain data.

3. USE OF PERSONAL DATA BY COMUÁ NETWORK

Comuá collects personal data to provide the best possible service and may use it for the following purposes:

1. Process inquiries, comments, and requests received through the website or email;

2. Share information about our events and activities via email marketing;

3. Manage records of participation in Comuá Network events and activities;

4. Distribute and process application receipts and certificates.

5. Handle complaints, grievances, and requests per this Privacy Policy;

6. Generate aggregated and anonymized statistics on participation in COMUÁ Network events and activities with funders;

7. Comply with national and international regulatory standards and respond to judicial or administrative requests from relevant authorities, including the National Data Protection Authority (ANPD).

3.1. SENSITIVE DATA

Comuá Network processes sensitive data electronically. The individual or their legal guardian voluntarily provides this data.

The list of sensitive data and their specific purposes are as follows:

Sensitive data: gender, sexuality, race/color, health data.

Specific Purpose: Mapping the public for research, knowledge production, and advocacy actions; Inclusion and accessibility efforts in virtual or in-person activities.

Sensitive data may be used by Comuá Network when essential for:

Compliance with legal or regulatory obligations;

Exercising the rights of Comuá Network, including contracts and legal, administrative, and arbitration proceedings;

Ensuring fraud prevention and the holder's security during registration and authentication in our electronic systems while safeguarding the holder's rights. Exception is made only in cases where the fundamental rights and freedoms of the holder require personal data protection.

DATA ARCHIVING

The Comuá Network retains all provided data, including personal data, for as long as the user's account remains active and as necessary to accomplish its operations.

The Comuá Network will keep your personal data stored until a deletion request is made since this information is required for reporting, accountability, and aggregating data for funders' purposes.

You may request the removal of your data from our systems at any time by this email: [email protected].

The Comuá Network may maintain your data as required by Article 16 of Law 13.709/2018:

I – Compliance with legal or regulatory obligations by the data controller;

II – Research by a recognized research organization, ensuring, whenever possible, personal data anonymization;

III – Data transfer to third parties, provided the data processing requirements under this Law are met;

IV – Sole use by the data controller, prohibiting access by third parties and requiring data anonymization.

5. DATA TRANSFER AND COMMUNICATIONs

The Comuá Network may share the personal data of participants in the events it organizes with third parties.

In this way, some of your information or personal data may be shared with:

Possible third-party event producer responsible for data collection;

Partners and funders, with data sharing in an aggregated form for audience mapping;

Registration management platforms to facilitate registration tickets for events;

Companies and individuals hired on behalf of Comuá Network to execute specific event-related activities and services;

Automation platforms for communication with users and customers via email;

Comuá Network employees and collaborators who are required to comply with Law No. 13,709/2018 to ensure the execution and quality of services and products offered, guaranteeing commercial and technical operationality;

Marketing communication automation platforms;

When necessary due to legal obligations, orders from competent authorities, or judicial decisions.

The platforms mentioned above may have their databases hosted on servers in countries such as the United States and European Union member states. In either case, Comuá Network carefully selects platforms that offer secure services in compliance with international data protection laws.

In cases of personal data sharing with third parties, all the mentioned entities above must use the transferred personal data consistently and under the purposes for which they were collected (or for which the User has previously consented) and in compliance with this Privacy Policy, other website privacy statements, country-specific regulations, and all applicable privacy and data protection laws.

6. SECURITY PROTOCOLS

Comuá Network is committed to adopting the appropriate and feasible technical, physical, organizational, and legal measures, following national data protection legislation, to protect your data.

Among the technical measures adopted are the use of end-to-end encrypted instant messaging applications, cloud data storage with end-to-end encryption systems, the application of security certificates on our websites, the use of end-to-end encrypted forms for activity registrations, a preference for systems, programs, and applications with end-to-end encryption, a preference for open-source systems, programs, and applications, monthly backup of cloud-stored data, annual physical backup of data with cloud data deletion, two-factor authentication for all managed accounts, use of secure passwords with biannual changes, offline password storage, access control to passwords by the team, regular software updates as provided by the manufacturer, weekly antivirus updates and scanning, active firewall usage, and ongoing training and updates for the team regarding new digital security measures.

Despite all our efforts, we cannot guarantee the security of our databases or those of third parties with whom we share this information. We also cannot guarantee that the information you provide will not be intercepted while being transmitted over the internet, as no security system is completely impenetrable.

7. YOUR RIGHTS REGARDING PERSONAL DATA

The user has their rights protected by Brazilian law and respected by us, especially the rights provided for in Law No. 13.709/2018 - General Data Protection Law. These rights encompass the following:

Confirmation: You have the right to confirm whether your personal data is being processed;

Access: You can access the personal data that we process or store;

Rectification: You are entitled to have incomplete, inaccurate, or outdated data corrected;

Anonymization, Blocking, or Deletion: Personal data considered unnecessary or excessive can be anonymized, blocked, or deleted in accordance with applicable legislation;

Data Elimination: You may request the elimination of personal data processed with your consent, with exceptions based on permissive conditions for data retention as outlined in Article 16 of Law No. 13.709/2018;

Information Sharing: You have the right to be informed about the public and private institutions with which we share your personal data for the purpose of delivering our services within the legal framework and guidelines established by the National Data Protection Authority;

Consent Revocation: You can revoke your consent, as provided by Law No. 13.709/2018;

Please note that refusal to provide specific personal data may impede our ability to fulfill our obligations or restrict your usage of the website, its functionalities, and participation in events and activities in cases where the specific personal data is essential for such engagement. We are committed to safeguarding your data and ensuring compliance with applicable data protection regulations. Please contact us if you have questions or wish to exercise these rights.

8. UPDATE

Changes to our privacy policy may occur throughout the provision of our service in order to address technical or legal matters related to our service. In the event of any changes to the privacy policy of Comuá Network, you, as a user, will be directly and expressly informed. At that time, you will have the opportunity to renew your consent and exercise other rights granted to you by law.

By accepting the terms of use, you, as a user, are consenting to Comuá Network collecting, processing, and storing personal data, including sensitive data, when necessary.

Comuá Network is committed to using your personal data strictly for the purposes for which they were collected or, when required, to fulfill legal or regulatory obligations imposed on us by law, in accordance with Article 7, Clause II of Law No. 13,709/2018 – General Data Protection Law, and Article 6, Item 1, Letter c of Regulation (EU) 2016/679 – General Data Protection Regulation.

9. HOW TO CONTACT

If you have questions or concerns about data protection or your personal information, or if you wish to file a complaint, please get in touch with Comuá Network at [email protected]