Through this Policy, the Owner will be informed about:
I. Which of his/her personal data we process;
II. How we use his/her personal data;
III. How we protect his/her personal data;
IV. With whom his/her personal data can be shared;
V. What are the Rights of the Owners regarding the processing of their personal data; and
VI. The communication channel to be used by Owners to exercise their rights.
1.1 To facilitate understanding of the technical terms provided in this Policy, we explain some basic concepts that have been used:
Data processing: any operation performed with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, diffusion, or extraction.
Personal data: all data related to the natural, identified, or identifiable person.
Sensible personal data: personal data on racial, ethnic origin, religious conviction, political opinion, affiliation to a union or organization of a religious, philosophical, or political nature, data referring to health or sexual life, genetic, or biometric data, when linked to a natural person.
Child and adolescent personal data: the Child and Adolescent Statute (Estatuto da Criança e do Adolescente, ECA) considers a child to be a person up to the age of 12 incomplete years of age and an adolescent as someone between 12 and 18 years of age. Particularly, the LGPD determines that information on the processing of personal data of children and adolescents must be provided in a simple, clear, and accessible way, to provide the necessary information to the parents or legal guardian and appropriate to the child’s understanding.
Processing agents: a term that covers the concepts of personal data controller and operator, as defined by Law 13.709/2018.
Data controller: natural or legal person, under public or private law, who are responsible for decisions regarding the processing of personal data.
Data operator: natural or legal person, under public or private law, who processes personal data on behalf of the controller.
Data protection officer (DPO): a person appointed by the controller and operator to act as a communication channel between the controller, the data subjects, and the National Data Protection Authority (Autoridade Nacional de Proteção de Dados, ANPD).
National Data Protection Authority (Autoridade Nacional de Proteção de Dados, ANPD): federal public administration body, member of the Presidency of the Republic and responsible for supervising and regulating the application of Law 13.709/2018.
Purpose: principle of Law 13.709/2018 that foresees the fulfillment of processing for legitimate, specific, explicit, and informed purposes to the Owner, with no possibility of further processing in a manner incompatible with these purposes.
Consent: free, informed, and unambiguous manifestation by which the owner agrees with the processing of his/her personal data for a specific purpose.
Security incident: adverse event, confirmed or suspected, related to the security of computer systems or computer services.
Legitimate interest: legal basis that allows the performance of data processing activities to meet the legitimate interests of the controller or third parties.
Anonymized personal data: data relating to owners who cannot be identified.
Anonymization: data processing technique, whereby data loses the possibility of association, directly or indirectly, with an individual.
Blockade: temporary suspension of any processing operation, by keeping personal data or database.
Data sharing: communication, dissemination, international transfer, interconnection of personal data, or shared processing of personal data banks, with specific authorization between public or private entities.
Content: any information, data, communications, software, photos, videos, graphics, music, sounds, and other materials and services that can be viewed by the owners on the website, including messages, conversations, chats, and other original content.
Cookies: small files saved on the user’s computer that store preferences and other information on the visited web pages.
Manifestly public data: data published and openly shared by the Owner.
Elimination: deleting the data or dataset stored in a database, regardless of the procedure used.
2. PRINCIPLES OF PERSONAL DATA PROCESSING ACTIVITIES
2.1. This Policy was created with the objective of reiterating SciELO‘s commitment to security, privacy, accessibility, and transparency in the activities of processing personal data through our channel: https://
2.2. All personal data processing activities described will be governed by the principles of purpose, adequacy, necessity, free access, non-discrimination, prevention, data quality, security, transparency, responsibility, and accountability.
3. PURPOSE OF PROCESSING PERSONAL DATA
3.1. Through this Policy, the Owner is aware of the processing of personal data described below:
4. PERSONAL DATA PROCESSING PURPOSES
4.1. SciELO carries out the processing activities of the Owner’s personal data in a transparent manner, limited to the minimum necessary for the fulfillment of the lawful and specific purposes, described below:
4.2. SciELO will delete the stored information of Owners when the purpose for which the data was processed is achieved, or when personal data are no longer needed to achieve such purpose.
4.3. The exclusion will also occur when there is revocation of the consent by the owner, in cases where this is necessary, and upon determination of the competent authority to do so.
5. COLLECTION OF PERSONAL DATA
5.1. SciELO collects personal data from Owners as follows:
5.2. SciELO also obtains automatically personal data from the Owner, through “cookies” and other similar technologies, in order to ensure the best owner experience, as well as for trends statistical analysis, administration of web pages and media, and user behavior tracking.
5.2.1. The types of cookies used are as follows:
5.2.2. Session cookies: they expire at the end of the browser session and allow to link the owner’s actions during that particular browser session.
5.2.3. Persistent cookies: they are stored on the device between browser sessions, allowing SciELO to remember the owner’s preferences or actions on multiple websites.
5.2.4. Primary cookies: they are defined by the website being visited.
5.2.5. Third-party cookies: they are defined by third-party sites separate from the site you are visiting.
5.3. The Owner is guaranteed to control cookies through the configuration of the web browser, being aware that, in case of deactivation, the use of certain features and functions of the pages accessed may be limited.
5.4. The Owner acknowledges that he/she is solely responsible for the veracity of the information provided when performing his/her registration and subsequent use of the website.
5.5. The Owner understands that may, at its discretion, proceed with the research and searches necessary to ascertain SciELO the veracity of the information provided, as well as the existence of incorrect, untrue, or outdated data. It may also request additional information and/or documents to check the registration information provided by the Owner.
6. PERSONAL DATA STORAGE
6.1. SciELO will store the owner’s personal data for the duration of the provision of its services, but it will also need to keep certain strictly necessary data after the end of its relationship with the owner, to comply with the law.
7. SAFETY OF PERSONAL DATA
7.1. SciELO is responsible for the adoption and maintenance of reasonable security, technical and administrative measures aimed at protecting personal data against accidental or unlawful situations of destruction, loss, alteration, communication, or any form of inappropriate or unlawful treatment, as well as discriminatory processing of information, according to criteria defined by the best market standards and applicable legislation.
7.2. The security measures adopted are use of high-tech software to prevent unauthorized access to SciELO’s systems; use of encryption methods and anonymization of processed data; adoption of authentication mechanisms for access to records capable of identifying the person responsible for data processing; and limitation of access to data storage locations, among others.
7.3. Access to the information stored by SciELO is restricted to authorized and qualified professionals, within the limits of their need to perform their functions and are subject to confidentiality obligations.
7.4. O SciELO undertakes to inform the Owner and personal data protection bodies of any security incident that may cause relevant risk or harm to the Owners, within a reasonable period, justifying any delay in communication.
8. SHARING PERSONAL DATA
8.1. The Owner understands that SciELO may share some of his/her personal data with third-party service providers, only within the limits of what is strictly necessary to carry out the purposes.
8.2. SciELO emphasizes that, in cases where the sharing of the Owner’s personal data with third parties is necessary, a confidentiality agreement will be signed with them, guaranteeing the confidentiality of the shared information, legal obligations, and the limits of the processing of personal data.
8.3. In cases where the consent of the Owner is required for the processing, the sharing of personal data with third parties will be preceded by the Owner’s consent, whose expression must be free, informed, and unambiguous.
9. OWNER’S RIGHTS
9.1. The Owner may exercise, at any time, through SciELO‘s service channels, all the rights guaranteed by Law 13.709/2018 and other legislation applicable to the subject, such as:
9.1.1. Confirmation of the existence of personal data processing and access to them;
9.1.2. Correction of incomplete, inaccurate, or outdated personal data;
9.1.3. The anonymization, blocking or deletion of unnecessary, excessive, or processed personal data in breach of the provisions of Law 13.709/2018;
9.1.4. The portability of personal data to another service or product provider, complying to commercial and industrial secrets;
9.1.5. The deletion of personal data processed with the Owner’s consent;
9.1.6. The information of public and private entities with which the institution has shared data;
9.1.7. Information about the possibility of revoking or not providing consent, as well as the consequences of such refusal.
9.1.8. Reviewing decisions made solely on the basis of automated processing of personal data that affect their interests;
9.1.9. To request the application of consumer protection regulations in the protection of their data, when applicable;
9.1.10. To request the exclusion from SciELO’s communication or marketing lists, as well as the cancellation of messages and e-mails, if one no longer wishes to receive them.
10. EXERCIZING THE OWNER’S RIGHTS
10.1. SciELO will facilitate the exercise of rights by data owners, whenever possible and in accordance with the law.
10.2. In case of requests, doubts, suggestions, or complaints regarding the processing of personal data by SciELO, please contact the data protection officer, DPO, Mr. Luís Gustavo Gomes, via:
10.2.1 e-mail firstname.lastname@example.org;
10.2.2 By mailing to the address: Rua Dr. Diogo de Faria, 1087 – 9º andar – Vila Clementino, São Paulo/SP, CEP 04037-003.
10.3. When the Owner contacts SciELO to exercise his rights, the institution may process personal data for the purpose of confirming the identity of the data owner, to the extent of his/her interest and within the limits of his/her security.
10.4. The Owner is aware that some of his/her personal data cannot be deleted upon simple request if there is a legal obligation to preserve them.
10.5. The owner’s request to exclude any personal data from our databases may reduce the quality or render unfeasible the services provided, and the applicant is entirely responsible for the consequences arising from such service reduction or unfeasibility.
11.2. The update may occur, especially when there is implementation of the National Data Protection Authority (Autoridade Nacional de Proteção de Dados, ANPD), which may issue new directives on the procedures described in this document.