GENERAL DATA PROTECTION LAW AND PRIVACY NOTICE

Terms of use

1. What information is present in this document?

In this Terms of Use, users of the G20 portal service will find information about:

The operation of the service and the applicable rules;

The set of rules related to the provision of the service;

User responsibilities when using the service;

Public administration responsibilities when providing the service;

Contact information for updates or clarification of doubts;

Authority responsible for complaints if issues in this Terms of Use are violated.

Additionally, in the Privacy Notice, G20 portal service users will find information about:

The processing of personal data and its purpose;

Personal data of users necessary for the provision of this service;

Information about cookies;

How data is processed;

Security measures used to protect personal data;

Information about data sharing with third parties.

2. Acceptance of the Terms

By using the G20 portal services, the user understands that their personal data will be processed and shared as described in the Privacy Notice and agrees to its terms.

The following laws and regulations apply to this service:

Law No. 12,965, of April 23, 2014 - Brazilian Civil Rights Framework for the Internet - Establishes principles, guarantees, rights, and duties for the use of the Internet in Brazil.

Law No. 13,460, of June 26, 2017 - Provides about participation, protection, and defense of the rights of users of public services of the public administration;

Law No. 13,709, of August 14, 2018 - General Data Protection Law (LGPD) - Introduces data processing procedures in order to protect the fundamental rights of freedom and privacy.

Decree No. 8,936, of December 19, 2016 - Institutes the Digital Citizenship Platform and proposes the provision of digital public services within the scope of the bodies and entities of the direct federal public administration, autarchic, and foundational.

Decree No. 9,637, of December 26, 2018 - Institutes the National Information Security Policy, proposes on information security governance, and amends Decree No. 2,295, of August 4, 1997, which regulates the provisions of Article 24, paragraph, item IX, of Law No. 8,666, of June 21, 1993, and proposes on the waiver of bidding in cases that may compromise national security.

3. Service Description

The G20 portal is a website that consolidates information regarding the representation of countries in the G20 group, the main forum for international economic cooperation. It plays a crucial role in shaping and strengthening global governance on major international economic issues, including invited countries and events representing common interests and partnerships among participating nations.

4. What are the obligations of users of this service?

Users are responsible for the accuracy of the information provided and acknowledge that inaccuracies may prevent the use of the G20 portal service.

During the use of this service, users must provide only their personal data, not those of third parties, to preserve and protect the rights of others.

Users are responsible for updating their personal information, and any negligence or errors in the registered personal information are their responsibility.

Users are liable for any damages, direct or indirect (including those derived from the disrespect of the rights of other users, third parties, including intellectual property rights, secrecy and personality rights), caused to the Public Administration, any other users, or third parties, including the violation of these Terms of Use or any act deriving from their access to this service.

The public administration is not responsible for certain events unrelated to the use of the G20 portal service.

a) Equipment infected or invaded by attackers;

b) Equipment damaged at the time of service consumption;

c) Computer protection;

d) Protection of information based on users' computers;

e) Abuse of users' computer use;

f) Illegal monitoring of users' computers;

g) Existing vulnerabilities or instabilities in users' systems;

h) Insecure perimeter.

Under no circumstances will the Federal Public Administration be responsible for the installation of malicious codes (viruses, trojans, malware, worms, bots, backdoors, spyware, rootkits, or any others that may be created) on the user's equipment or that of third parties, resulting from the user's internet browsing.

5. What are the responsibilities of the public administration regarding personal data?

The Public Administration commits to complying with all laws related to the correct use of citizens' personal data, ensuring all legal rights and guarantees of users. It also undertakes to promote, independently of requests, the disclosure in an easily accessible location, within its competencies, of information of collective or general interest produced or safeguarded. It is responsible for implementing security controls to protect users' personal data.

The Public Administration may share necessary information in response to judicial orders for investigations or actions related to illegal activities, fraud suspicions, or potential threats against people, goods or systems that maintain the Service, or for other necessary reasons to fulfill its legal obligations, in which case the Public Administration will notify users, except in cases in which the procedure is in judicial secrecy.

PRIVACY NOTICE

Privacy and security are priorities for the G20 portal, committed to transparently processing users' personal data. This Privacy Notice explains how user data is processed when accessing the Portal.

When using the G20 portal services, users understand that their personal data will be processed and shared as described in this Privacy Notice and agree to its terms. The following laws and regulations apply to this service:

Law No. 12,965, of April 23, 2014 - Brazilian Civil Rights Framework for the Internet - Establishes principles, guarantees, rights, and duties for the use of the Internet in Brazil.

Law No. 13,460, of June 26, 2017 - Provides about participation, protection, and defense of the rights of users of public services of the public administration;

Law No. 13,709, of August 14, 2018 - General Data Protection Law (LGPD) - Introduces data processing procedures in order to protect the fundamental rights of freedom and privacy.

Decree No. 10,332, dated April 28, 2020 - Establishes the Digital Government Strategy for the period from 2020 to 2022, within the scope of the bodies and entities of the direct federal public administration, autarchic, and foundational, and provides for other measures.

In accordance with Article 5, item VI, of Law No. 13,709, of 2018, the controller is defined as "a natural or legal person, of public or private law, to whom the decisions regarding the processing of personal data belong."

Regarding the G20 portal service, it is the responsibility of the Ministry of Foreign Affairs and Secretariat of Communication of the Presidency to provide it, exercising, on behalf of the Union, the role of the controller concerning decisions regarding the processing of personal data addressed in this Privacy Notice.

1.The data collected by the G20 portal through cookies will be used for:

The G20 Portal collects and stores personal data through the browser in the form of cookies. Data will be collected for the following purposes:

Simplifying access to information about member and guest countries;

Recording statistical data;

Facilitating user access by retrieving selected preferences.

2. Processing Scenario

In accordance with the General Data Protection Law (LGPD), Personal data will be processed based on the following legal grounds:

"Art. 7 Processing of personal data shall only be carried out under the following circumstances:

I - with the consent of the data subject;

(...)

III - by the public administration, for the processing and shared use of data necessary for the execution of public policies provided in laws or regulations, or based on contracts, agreements or similar instruments, subject to the provisions of Chapter IV of this Law;

(...)

IX - when necessary to fulfill the legitimate interests of the controller or a third party, except when the data subject’s fundamental rights and liberties which require personal data protection prevail;

2.1. Which data will be processed

For the purposes mentioned above, the G20 Portal processes the following personal data:

Internet page virtual address (search records, including on other visited sites);

Country, state, and city (general location);

Age group;

Biological gender;

Device data (hardware model, operating system).

2.2. Cookies Declaration

The G20 Portal uses its own (primary) cookies, i.e., from the domain on the G20 Portal, to register user configurations and preferences, and to generate statistical reports through Google Analytics, and also third-party cookies to complement these statistics.

2.2.1 Essential cookies

__ac, auth_token, I18N_LANGUAGE, lgpd-cookie-v2, tree-s.
Acesso gov: INGRESSCOOKIE, Session_Gov_Br_Prod.

2.2.2 Analytic cookies

Google analytics: _ga, _ga_CBX8TDSVBM.

More information and configurations about Google Analytics Consent.

2.2.3 Third-party cookies

The G20 Portal depends on services provided by third parties in order to:

Enhance Government information campaigns;

Offer interactive content;

Improve usability, and facilitate content sharing on social networks;

Run videos and animated presentations directly from the G20 portal.

The third-party cookies in the G20 portal are Google publicity and multimedia cookies. These third parties will collect and use browsing data also for their own purposes. Users can disable them directly on Google's website.

Official information on third-party cookies from Google Policy

Google Analytics advertising reporting features that collect additional information through cookies from DoubleClick.net (a company linked to Google), such as web activity and device advertising ID activity (app activity), are activated on the G20 Portal.

The G20 Portal has no control over which third-party cookies will be activated.

Some third-party cookies that may be encountered when accessing the portal:

Domains: YouTube, Instagram and Twitter

YouTube: VISITOR_INFO1_LIVE, YSC, wide, LOGIN_INFO, VISITOR_PRIVACY_METADATA, PREF, HSID, SIDCC, APISID, __Secure-3PSID, SAPISID, __Secure-1PSID, __Secure-1PAPISID, __Secure-3PAPISID, SID, __Secure-3PSIDTS, __Secure-1PSIDTS, __Secure-1PSIDCC, SSID, __Secure-3PSIDCC.

Twiter: guest_id_ads, guest_id, guest_id_marketing, personalization_id.

2.2.4 Information on Cookies used for social network

The G20 portal incorporates videos and other media files from Instagram, YouTube, and Google. Users can search for more information about the cookies used by these social networks and how personal data is processed by them. Below are links to access the Privacy Policies of each social network.

2.2.5 Cookies configuration on browser

To manage cookies, one alternative is configuring the browser. Tutorials on the topic can be found in the links below:

If you use Internet Explorer

If you use Firefox

If you use Safari

If you use Google Chrome

If you use Microsoft Edge

If you use Opera

The user can change permissions, block, or refuse cookies in their browser at any time, except for strictly necessary ones (essential cookies). However, revoking consent for certain cookies may affect the proper functioning of some features of the G20 portal.

3. How, and for how long, will data be stored

The personal data processed through the G20 portal will be used and stored in Brazil for the time necessary to provide the service or to achieve the purposes listed in this Privacy Notice, considering the rights of users and those responsible for data processing (controllers and operators).

The data collected by Google Analytics cookies may be transferred outside Brazil, with protections outlined in data processing terms.

Data will be kept while relevant, and after the necessary period, it will be deleted or anonymized, following LGPD provisions (Art. 16), i.e., personal information necessary for compliance with legal, judicial, and administrative determinations and/or for the exercise of the right to defense in judicial and administrative proceedings will be retained, despite the deletion of other data.

4. Personal data processing safety

The way data is handled by the G20 Portal reflects its commitment to the security and protection of personal data to ensure privacy. Appropriate technical measures and solutions are used to guarantee the confidentiality, integrity, and inviolability of personal data. To keep personal data protected, physical, electronic, and managerial tools are employed, specifically aimed at protection and privacy.

The application of these tools takes into consideration the nature of the personal data processed, the context and purpose of the processing, and the risks that potential breaches would pose to the rights and freedoms of the data subject.

The G20 Portal is committed to using best practices to prevent security incidents.

In the event of security incidents that may pose significant risk or harm to users, the Ministry of Foreign Affairs along with the Secretariat of Communication of the Presidency will take action by notifying the data subjects, especially those directly affected, and also the National Data Protection Authority (ANPD), which will act in accordance with the provisions of the LGPD.

5. Data sharing

In order to preserve privacy, the G20 Portal will not share personal data with any unauthorized third party not listed below. The operators listed below carry out the processing of personal data on behalf of the data controller. They receive data only to the extent necessary to achieve the purpose of the processing. The contracts between these operators are guided by the provisions of the LGPD, and these partners have their own Notices or Privacy Policies:

SERPRO - Brazilian Data Processing Federal Service, Brasília - DF, CEP: 70836-900

There are other scenarios in which personal data may be shared:

I – Legal determination, request, requisition, or judicial order, with competent judicial, administrative, or governmental authorities.

II – Protection of the rights of the G20 portal in any type of conflict, including those of a judicial nature.

6. Users’ rights (data owner)

The G20 portal ensures its users their rights as data subjects as provided in Article 18 of the LGPD. Therefore, it is possible, free of charge and at any time:

To object to the processing of personal data at any time. However, it is important to understand that exercising this right will result in disagreement in the relationship between the citizen and the State, and consequently, in less effective treatment by the G20 portal in delivering available services;

To confirm the existence of the processing of personal data, in a simplified or clear and complete format;

To access your personal data, being able to request them in a legible copy in printed form or electronically, in a secure and reliable manner;

To correct your personal data by requesting the editing, correction, or updating of these;

To limit your personal data when unnecessary, excessive, or processed in non-compliance with the legislation through anonymization, blocking, or elimination;

To revoke your consent, disallowing the processing of your data.

7. How to exercise your rights

To exercise your rights as a user (data owner), you can contact the Data Processing Officer through the following channels:

Marta Juvina de Medeiros, Contact: Fala.BR Platform, Address: Ministério da Fazenda. Esplanada dos Ministérios, Bloco P, 4º andar, sala 425. CEP 70048-900. Brasília/DF.

8. Modification of this Privacy Notice

The present version of this Privacy Notice was last updated on 1/11/2023.

The editor reserves the right to modify these rules at any time, especially to adapt them to improvements in the G20 portal service, whether by providing new features or by removing or modifying existing ones.

Any changes or updates to the Terms of Use or Privacy Notice will take effect from the date of their publication on the service's website and must be fully observed by users.

In cases where changes or updates to the Privacy Notice relate to the purpose, form, and duration of data processing, change of controller(s), or data sharing, the data subject will be informed, and they will be allowed to revoke their consent if they disagree with the changes.

9. Responsibilities

The G20 portal foresees the responsibility of the agents involved in data processing processes, in accordance with articles 42 to 45 of the LGPD.

It also commits to keeping this Privacy Notice updated, observing its determinations, and ensuring compliance. Additionally, it undertakes the commitment to seek technical and organizational conditions capable of protecting the entire data processing process.

10. Disclaimer

As mentioned in Topic 4, although high security standards are adopted to prevent incidents, there is no web page entirely free of risks. In this regard, the G20 portal is not responsible for:

I – Any consequences arising from users' negligence or carelessness regarding their individual data. The G20 portal is only responsible for the security of data processing processes and the fulfillment of the purposes described in this Privacy Notice. It is emphasized that the responsibility for the confidentiality of access data lies with the user.

II – Malicious actions by third parties, such as cyber-attacks, unless culpable or deliberate conduct by the G20 portal is proven.

III – The inaccuracy of information entered by the user in the records necessary for the use of G20 portal services, and any consequences arising from false or maliciously entered information are entirely the user's responsibility.