Privacy and Security

Privacy Policy

At the Instituto de Pesquisa Ambiental da Amazônia, henceforth IPAM, privacy and security are priorities and we are committed to the transparency of the processing of our USER’s personal data; hereinafter simply referred to as USER. Therefore, this present Privacy Policy, hereinafter POLICY, establishes how the collection, use and transfer of USER information that access or use our website is carried out.

When using our services, the USER understands that we will collect and use their personal information in the ways described in this POLICY, under the rules of the General Data Protection Law, hereinafter LGPD (Federal Law 13.709/2018), of the consumerist provisions of Federal Law 8078/ 1990 and other applicable rules of the Brazilian legal system.

In this way, IPAM, in the role of Data Controller, is bound by the provisions of this POLICY.

 

1. What data do we collect about you and for what purpose?

The USER’s personal data, if entered on this site, are for exclusive use to identify the USER and generate business requested by them, not being shared with third parties, except when expressed at some stage in which there is a need to share the data; for example with logistic operators (Post Office, etc.) for the exchange of printed communication.

1.1. Personal data provided by the holder

IPAM obtains only personal information to identify its USER, such as:

* Full name.
* CPF (Brazil only).
* RG (Brazil only).
* Residential or professional address.
* Other information of this nature.

1.2. Personal data collected automatically

We do not obtain in any way the data considered PERSONAL and/or SENSITIVE from our USER; such as:

* Ethnic origin.
* Political or social opinions.
* Religious convictions.
* Data referring to health.
* Sex life.
* Other data of an intimate nature of the USER.

In this way, IPAM guarantees the provisions of article 17 of Law 13/709/2018 – LGPD; namely: Every natural person is assured the ownership of their personal data and guaranteed the fundamental rights of freedom, intimacy and privacy, under the terms of this Law.

 

2. How do we collect your data?

In this sense, the collection of the USER’s personal data occurs as follows:

* By e-mail sent by the USER.
* When the USER fills out a form on this site.

 

2.1. Consent

It is based on the USER’s consent that we process their personal data. Consent is the free, informed and unequivocal statement by which the USER authorizes IPAM to process their data.

Thus, in line with the LGPD, your data will only be collected, processed and stored with prior and express consent.

Your consent will be obtained specifically for each purpose described above, evidencing IPAM’s commitment to transparency and good faith towards its USER, following the relevant legislative regulations.

When using IPAM services and providing their personal data, the USER is aware of and consenting to the provisions of this POLICY, in addition to knowing their rights and how to exercise them.

At any time and at no cost, the USER may revoke their consent.

It is important to highlight that the revocation of consent for the processing of data may imply the impossibility of the proper performance of some functionality of the website that depends on the operation. Such consequences will be informed in advance.

 

3. What are your rights?

IPAM assures its USER of the titleholder rights provided for in article 18 of the LGPD. This way, you can, free of charge and at any time:

* Confirm the existence of data processing, in a simplified way or in a clear and complete format.
* Access your data, being able to request them in a readable copy in printed form or electronically, safe and suitable.
* Correct your data, when requesting its edition, correction or update.
* Limit your data when unnecessary, excessive or treated in violation of the legislation through anonymity, blocking or deletion.
* Request the portability of your data, through a registration data report that IPAM treats about you.
* Delete your processed data based on your consent, except in cases provided for by law.
* Revoke your consent, disallowing the processing of your data.
* Find out about the possibility of not giving your consent and about the consequences of the refusal.

 

4. How can you exercise your titleholder rights?

In order to exercise their rights as holders, the USER must contact IPAM through the following available means:

* By e-mail: contato@ipam.org.br.

In order to guarantee your correct identification as the holder of the personal data object of the request, it is possible that we request documents or other evidence that can prove your identity. In this case, you will be informed in advance.

 

5. How and for how long will your data be stored?

Your personal data collected by IPAM will be used and stored for the time necessary to provide the service or to achieve the purposes listed in this POLICY, considering the rights of data subjects and controllers.

In general, your data will be kept as long as the relationship between the USER and IPAM lasts. At the end of the period of storage of personal data, these will be deleted from our databases or anonymized, except for the hypotheses legally provided for in article 16 of the LGPD, namely:

* Compliance with legal or regulatory obligations by the controller.
* Study by research body, guaranteed, whenever possible, the anonymity of personal data.
* Transfer to a third party, provided that the data processing requirements set forth in this Law are respected.
* Exclusive use of the controller, access by a third party is prohibited, and provided that the data is anonymised.

That is, personal information about the USER that is essential for the fulfillment of legal, judicial and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be maintained, despite the exclusion of other data.

The storage of data collected by IPAM reflects our commitment to the security and privacy of your data. We employ technical protection measures and solutions able to guarantee the confidentiality, integrity and inviolability of your data. In addition, we also have security measures appropriate to the risks and control access to stored information.

 

6. What do we do to keep your data safe?

To keep your personal information safe, we use physical, electronic and managerial tools aimed at protecting your privacy.

We apply these tools taking into account the nature of the personal data collected, the context and purpose of the treatment and the risks that possible violations would generate for the rights and freedoms of the holder of the data collected and processed.

Among the measures we adopt, we highlight the following:

* Only authorized persons have access to your personal data.
* Access to your personal data is only done after the commitment of confidentiality.
* Your personal data is stored in a safe and suitable environment.

IPAM is committed to adopting the best postures to avoid security incidents. However, it is necessary to emphasize that no virtual environment is entirely safe and risk-free. It is possible that, despite all our security protocols, problems that are solely the fault of third parties may occur, such as cyber attacks by hackers, or also as a result of negligence or imprudence by the USER.

In the event of a security incident that could generate risk or significant damage to our USER, we will notify those affected and the National Data Protection Authority about the incident, in accordance with the provisions of the LGPD.

 

7. With whom may your data be shared?

With a view to preserving your privacy, IPAM will not share your personal data with any third party not authorized by the USER, except, as mentioned in Topic 1, when expressed at some stage in which there is a need to share postal data with logistics operators to the exchange of printed communication.

 

8. Cookies or navigation data

IPAM uses Cookies, which are text files sent by the platform to your computer and stored there, which contain information related to website navigation. In short, Cookies are used to improve the user experience.

When accessing our website, the USER is aware of and accepts the use of a navigation data collection system with the use of Cookies on their devices, as some functionalities require cookies to function properly. Cookies allow us to:

* Recognize you the moment you access our websites and offer you a personalized experience.
* Knowing the personal setting you specified.
* Calculate the number of hits and measure some traffic parameters, since each browser that accesses our websites acquires cookies used to determine the frequency of use and the sections of the websites visited, thus reflecting your habits and preferences, information that is useful to us to improve the content, as well as, if any, advertisements and promotions for the USER.

Cookies also help us to track some activities that help simplify or improve our USER’s navigation on our websites. As an example, we may use cookies in some of the surveys we carry out online to detect whether the user has already completed a survey and prevent it from being asked again if it has already been completed.

 

9. Amendment to this Privacy Policy

The current version of the POLICY was formulated and last updated on: September 30, 2021.

We reserve the right to modify this POLICY at any time, mainly in terms of adaptation to any changes made to our website or in the legislative field. We recommend that you review it frequently.

Any changes will come into effect as of their publication on our website and we will always notify you of any changes that have occurred.

By using our services and providing your personal data after such changes, you consent to them.

 

10. Responsibility

IPAM provides for the responsibility of agents who work in data processing processes, in accordance with articles 42 to 45 of the LGPD.

We are committed to keeping this POLICY up to date, observing its provisions and ensuring compliance.

In addition, we are also committed to seeking technical and organizational conditions that are safely able to protect the entire data processing process.

If the National Data Protection Authority requires the adoption of measures in relation to the processing of data carried out by IPAM, we undertake to follow them.

10.1 Disclaimer

As mentioned in Topic 6, although we adopt high security standards in order to prevent incidents, no virtual environment is entirely risk-free. In this sense, IPAM is not responsible for:

* Any consequences resulting from the negligence, imprudence or malpractice of the USER in relation to his/her individual data. We guarantee and are only responsible for the security of the data processing processes and the fulfillment of the purposes described in this instrument. We point out that the USER is responsible for the confidentiality of access data.
* Malicious actions by third parties, such as hacker attacks, unless proven guilty or deliberate conduct by IPAM. We point out that in case of security incidents that may generate risk or relevant damage to the USER, we will inform those affected and the National Data Protection Authority about what happened and we will comply with the necessary measures.
* Inaccuracy of the information entered by the USER in the records necessary for the use of IPAM services; any consequences arising from false information or information entered in bad faith are entirely the responsibility of the USER.

 

11. Data Protection Officer

IPAM provides, as seen in Topic 4, means of contact to exercise your holder rights.

If you have questions about this POLICY or about the personal data we process, you can contact our Personal Data Protection Officer, through the channels mentioned in Topic 4.