PRIVACY POLICY AND PERSONAL DATA PROTECTION – COMIDA DO AMANHÃ
1. Objective
Comida do Amanhã (“Comida do Amanhã”, “Institute”, “we” or “our”) values the privacy and protection of the Personal Data of all individuals who interact with us, including project and event participants, representatives of public agencies and partners, subscribers to our newsletters, survey respondents, visitors and users of our website, as well as any other Personal Data Subjects.
This Privacy and Personal Data Protection Policy (“Policy”) explains, in a clear and accessible manner, how we collect, use, share, and protect your Personal Data, in accordance with the General Personal Data Protection Law and other applicable regulations. We recommend that you read this document carefully before you sign up for our initiatives, participate in activities, events, surveys, or interact with us by any means.
If you have any questions, please use the channel indicated at the end of this Policy.
Translated with DeepL.com (free version)
2. Identification and responsibility for Personal Data
The Comida do Amanhã Institute, registered with the CNPJ under number 31.370.383/0001-13, located at Rua Hans Staden, nº 10, Botafogo district, Rio de Janeiro – RJ, Postcode 22.281-060, processes the Personal Data necessary to operate its content platforms and disseminate information and communication products.
To this end, it acts as a Controller for the activities described in this Policy, and is responsible for decisions regarding the processing of Personal Data conducted in accordance with the LGPD.
3. Definitions adopted in this Policy
For the purposes of this Policy, the following definitions apply:
- Controller: person or organisation responsible for decisions regarding the Processing of Personal Data – in this case, Comida do Amanhã.
- Personal Data: information that identifies or may identify an individual, such as name, CPF (Individual Taxpayer Registration Number), RG (Identity Card Number), telephone number, email address, address, among others.
- Sensitive Personal Data: data on racial or ethnic origin, religious beliefs, political opinions, membership in a trade union or religious, philosophical or political organisation, data relating to health or sex life, genetic or biometric data, when linked to a natural person.
- Internal Data Protection Officer: person appointed as responsible for issues related to privacy and protection of Personal Data and to act as a communication channel between the Institute, Data Subjects and the National Data Protection Agency (ANPD).
- Data Subject: natural person to whom the Personal Data refers.
Processing: any operation performed on Personal Data, such as collection, use, access, storage, sharing, deletion, among others, under the terms of the LGPD.
4. Applicability and target audience
This Policy applies to Personal Data Processing activities carried out by Comida do Amanhã in online interactions (through the website, forms, third-party platforms, and social networks) and offline interactions (through events, workshops, meetings, and other in-person activities).
All Personal Data Processing operations carried out by Comida do Amanhã are covered by this Policy. Below are some situations in which we use Personal Data:
- Registration for events and activities (online and in person) and attendance lists;
- Subscriptions to newsletters and receipt of institutional communications;
- Participation in projects, programmes, workshops, and working groups;
- Access to logged-in areas and project platforms (e.g., ‘internal area’ environment for municipal managers);
- Responses to public surveys and satisfaction surveys;
- Browsing and use of the website and its features;
- Image and sound recordings (photos, videos, testimonials) captured during institutional activities;
- Interactions with public agencies, partners, and funders, including for accountability purposes.
This Policy is external and intended for the general public and website users. Examples of Data Subjects include:
- Sponsors, funders, and institutional partners;
- Visitors, participants in events, workshops, debates, and lectures;
- Newsletter subscribers; Service providers, suppliers.
5. Methods of collecting Personal Data
There are several ways in which Comida do Amanhã may collect Personal Data from Data Subjects, considering the different relationships and interactions with the Institute. In this sense, we may collect Personal Data in the following ways:
a) Directly from the Data Subject. When you fill out registration forms (e.g. Google Forms, landing pages), subscribe to our monthly newsletters and weekly news clippings (e.g. via Substack or Café Coado), participate in events (e.g. via Zoom), workshops, debates, lectures, studies, publications, research and training that we promote, or interact with us by email, telephone, WhatsApp, social networks, via the website and in person. In some activities, Personal Data is entered by the Data Subject themselves on project platforms, forms or attendance lists.
b) Through third parties. In certain initiatives, we may receive data from partners, sponsors and other funders, public bodies (e.g. city councils and ministries), development agencies and organisations participating in consortia, when necessary to enable participation in programmes and comply with legal, regulatory and accountability obligations (e.g. mandatory submission of data to the transfere.gov.br system under the terms of funding).
c) Automatic collection on the website. When you access our website, we may automatically collect information such as your IP address, country, approximate geolocation, browser type and version, operating system, date and time of
6. Categories of Personal Data processed
The categories of data collected vary according to the Data Subject’s relationship with Comida do Amanhã:
- Identification and contact details: include information such as full name, social name (if applicable), ID number, CPF (Individual Taxpayer Registration Number), date of birth, gender, email address, mobile/telephone number, address, city, state, country.
- Professional data: position/role, sector, organisation/entity, professional profile and skills, professional experience, availability, previous experience in the field, undergraduate degree (name, period, institution), postgraduate degree, salary expectations, technical skills and languages, study experience, courses and/or research.
- Travel information: data for issuing tickets, cities of origin and destination, schedules, logistical information (place of accommodation for determining transport, schedules, routes, etc.), when necessary.
- Activity participation data: information about registrations, attendance or absence, attendance lists, certificates, interactions at events (online/offline), participation in working groups, and other data shared in the logged-in area (e.g., municipal managers with profile and, when applicable, photo).
- Website navigation and traffic data: IP address, device, browser, approximate geolocation, pages accessed, date and time, length of stay, click events, and traffic source may be collected.
- Banking and financial data: to enable the issuance of receipts, processing of financial transactions, transfers, accountability and formalisation of partnerships, data such as bank name, branch, account, proof of payment, among other financial data, may be processed.
- Demographic, socioeconomic, and audience data: information on the ethnic or racial origin of job applicants or participants in our activities, as well as income bracket, family income, education level, sexual orientation, gender identity, disability, and other data provided, whenever possible, voluntarily by the Data Subject, as per the questionnaire.
- Audiovisual records: images, voice, testimonials, photos and videos captured at events, workshops, training sessions, debates, lectures and other institutional activities of Comida do Amanhã.
When we eventually collect Sensitive Data (for example, in specific cases of research, selection processes or for accessibility purposes), we will ensure that sharing is always optional, except in cases where that Sensitive Data is indispensable for the intended purpose (e.g., in cases of job openings for PCD candidates). In addition, we will always use the appropriate legal basis to justify the Processing, supported by additional protections compatible with the LGPD.
7. Purposes of Processing and Legal Bases
Comida do Amanhã processes Personal Data in a transparent manner and in line with its operations. For this reason, we detail in this Policy all the purposes that underpin the Processing we carry out, explaining each process and indicating the respective applicable legal basis, in accordance with the provisions of the LGPD:
Process or activity | Description of purpose | Legal bases |
|---|---|---|
| Registration for events, workshops and other activities (online and in person) | Make available, receive and manage registrations, organise debates, workshops, training sessions, study groups and mentoring based on registrations, enable participation, register participants present and issue certificates. | Contract performance Legitimate interest |
| Conducting selection processes | Analyse CVs, the information contained therein, as well as that recorded on the job application form, such as academic and professional history and salary expectations, in order to select candidates for interviews. Conduct interviews and evaluate participation in other stages of the selection process in order to make job offers to successful candidates. During the selection process, we may collect information on the ethnic or racial origin of candidates, as well as on disabilities. | Legitimate interest Consent (where applicable, especially for sensitive data) |
| Project management with public authorities and development agencies (e.g., transfere.gov.br) | Formalise terms and other applicable legal instruments, comply with legal, regulatory and contractual obligations for promotion, identify beneficiaries, render accounts and meet the requirements of public bodies. | Compliance with legal or regulatory obligations Legitimate interest |
| Logged-in area and project platforms (e.g., municipal managers) | Manage profiles and shared information, identify registered users, track usage and participation in activities. | Legitimate interest |
| Ticket issuance and travel logistics | Issue tickets, arrange travel and logistics for participation in face-to-face activities. | Contract performance Legitimate interest |
| Institutional communications and newsletters | Send content, reports, invitations, and materials of interest. Manage subscription preferences, considering that the opt-out option will always be available to the Data Subject. | Legitimate interest Consent (where applicable) |
| Audience and satisfaction surveys | Understand the audience profile, assess impact, and improve initiatives and communication based on the assessment. To this end, we may collect your sexual orientation, gender identity, ethnicity, monthly household income, or race/ethnicity when our actions have a specific target audience. | Legitimate interest Consent (where applicable, especially for sensitive data) |
| Audiovisual records and institutional dissemination | Capture and disseminate photos, videos, and testimonials for record-keeping, accountability, transparency, and institutional communication, respecting participants’ authorisations and statements, where applicable. | Legitimate interest Consent (where applicable) |
| Compliance with legal and regulatory obligations and involvement in proceedings | Comply with requirements from public bodies, render accounts, respond to requests from authorities, maintain mandatory records, act and defend oneself in administrative, judicial or arbitration proceedings, comply with legal and regulatory determinations. | Compliance with legal or regulatory obligations |
| Use of our website and interaction with our content | To understand aspects related to the use and navigation of our website, such as the pages that have been visited and the duration of visits, in order to improve the content provided to visitors. | Legitimate Interest |
Security and fraud prevention | Ensure the security of activities, protect data and systems, prevent fraud, unauthorised access and misuse of information, perform access control, auditing and investigate security incidents. We will also evaluate unusual patterns in relation to the use of our platform, unexpected large access requests, attempts to access with incorrect logins and passwords, among other actions that may indicate a cyber attack against confidentiality, integrity or availability. | Compliance with legal or regulatory obligations Legitimate interest |
When the legal basis is consent, you may revoke it at any time by requesting it through our contact channel, without affecting the legality of the Processing carried out prior to revocation.
In cases where legitimate interest is used as the legal basis, the interests of the controller or third parties must be compatible with the law, concrete and linked to legitimate purposes. For its applicability, we will carry out a prior assessment to determine whether the respective Processing meets the requirements of legitimate interest and does not violate the fundamental rights and freedoms of the Data Subjects. When we understand that the degree of necessity and suitability for the processing activity is consistent, based on a legitimate and concrete purpose, and that the safeguards adopted mitigate the risks and impacts to Data Subjects in a proportionate manner, we will continue to use legitimate interest. On the other hand, when the requirements of legitimate interest are not met, we will seek another legal basis for the processing.
8. Sharing of Personal Data
Comida do Amanhã may share Personal Data with third parties strictly necessary for the purposes stated, including:
- Service providers and suppliers: information technology, cloud storage, newsletter delivery platforms (e.g. Substack), video conferencing (e.g. Zoom), analytics (e.g. Google), website hosting and support, communication and marketing, consulting, accounting and legal advice, the sharing of your Personal Data may be necessary. These third parties may be any suppliers that provide services essential to the operation of Comida do Amanhã’s activities. All providers must maintain confidentiality and use Personal Data only for authorised purposes.
- Institutional partners: for the formalisation of the partnership, the execution of joint projects and activities, including the organisation of workshops, events and operational management.
- Public bodies and authorities: to comply with legal and regulatory obligations (e.g. registration of information on transfere.gov.br), accountability in terms of promotion, responding to requests from public bodies, inspections, accountability, participation in public notices, agreements, acting and defending in administrative, judicial or arbitration proceedings or in response to judicial and administrative orders.
- General public: dissemination of photos, videos and testimonials on our website, social networks and promotional materials, campaigns and presentations.
9. Security and protection of Personal Data
Your Personal Data is stored in physical and digital environments with access controls and appropriate technical and administrative measures to protect it from unauthorised access, loss, destruction, alteration or improper disclosure.
Among the measures we adopt are access controls, user authentication, antivirus and firewall, detecting malicious files or attacks on our website, systems and platforms. In addition, we store your data in an environment that is not accessible to the public, being segregated and secure.
Although the Institute implements these measures that minimise the risks of security incidents and unauthorised access, sophisticated and complex attacks by malicious agents pose constant threats. The security of your Personal Data also depends on you taking reasonable measures when using your devices and software. If you identify or become aware of anything that could compromise the security of your Personal Data, or any possible vulnerability in our website or systems, please contact us at the address indicated at the end of this Policy.
10. Storage of Personal Data
We will retain Personal Data only for as long as necessary to fulfil the purposes stated in this Policy, and Comida do Amanhã is committed to ensuring that Personal Data is retained for the shortest possible period of time.
In addition to the purposes established at the time of collection of Personal Data, the Institute may retain it as long as it is necessary to comply with legal or regulatory obligations or court orders, as well as to defend ourselves in legal, administrative or arbitration proceedings, considering the applicable limitation periods.
Whenever possible and appropriate, we will also adopt anonymisation to reduce the direct identification of Data Subjects, especially in cases where Sensitive Data is processed.
Thus, the retention period for each category of Personal Data is defined according to the characteristics of each Processing, based on its purpose, the nature of the data, the existence of any legal or regulatory obligations, among other criteria relevant to this definition.
11. Rights of Personal Data Subjects
We provide means for Data Subjects to exercise their rights under the LGPD with Comida do Amanhã. As a Data Subject whose Personal Data we process, you have the following rights:
- Confirmation of Processing: you may request confirmation from Comida do Amanhã as to whether or not your Personal Data is being processed.
- Access to Personal Data: the possibility of requesting access to your Personal Data that we process, and receiving a copy of this information, in electronic or printed format, according to your preference.
- Correction of incomplete, inaccurate or outdated data: the possibility of requesting the correction or updating of your Personal Data that is incomplete, inaccurate or outdated.
- Anonymisation, blocking or deletion of unnecessary, excessive or non-compliant data: the possibility of requesting that your Personal Data be anonymised, blocked or deleted when it is unnecessary, excessive or processed in non-compliance with the law.
- Data portability: possibility to request the portability of your Personal Data to another service or product provider, subject to any ANPD regulations and the commercial and industrial secrets of Comida do Amanhã.
Deletion of Personal Data processed with consent: possibility to request the deletion of Personal Data processed based on consent, except in legal cases that justify retention or for the regular exercise of rights in judicial, administrative or arbitration proceedings.Information about sharing: possibility to request information about the public and private entities with which we share your Personal Data.
- Information about the possibility of not providing consent and the consequences of refusal: right to be informed about the possibility of not providing consent and about the consequences of refusal, when consent is the legal basis applicable to the Processing.
- Revocation of consent: possibility of revoking consent at any time, by express statement, provided that the revocation does not invalidate the Processing carried out previously.
- Opposition to Processing: possibility of opposing the Processing of your Personal Data in cases where consent is not the applicable legal basis and if the Processing violates the law. Comida do Amanhã will evaluate your request and inform you about the possibility of suspending the Processing or the grounds for its maintenance.
- Petition to the ANPD: possibility of petitioning the ANPD if you believe that your rights have not been met by Comida do Amanhã.
Review of automated decisions: possibility to request the review of decisions based exclusively on automated processing of Personal Data that impact your interests.
To exercise any of the above rights, simply send your request to Comida do Amanhã, through the channel indicated at the end of this Policy. For your security, we may request information or documents proving your identity before responding to your request. The Institute will respond to requests within a reasonable time, in accordance with applicable law.
12. Cookies and similar technologies
12. Cookies and similar technologies We use cookies and similar technologies on our website to enable features, compile usage statistics, and improve your browsing experience. Therefore, when you access the Comida do Amanhã website, certain user data may be collected automatically, namely:
- Browsing and traffic data: IP address, approximate location (city, region and country, inferred from the IP), information about the device and browser (operating system, screen resolution, browser language), date and time of access, pages accessed, time spent on each page, clicks and interactions, URL or referral marketing campaign, indication of whether the visit originated from a search or social media, as well as records of custom events, such as downloads, video views, and form submissions.
Strictly necessary cookies are processed based on legitimate interest. Non-essential cookies (e.g., analytics or performance cookies) depend on your consent, which you can manage in the cookie preferences on our website and/or in your browser.
13. Changes to this Policy
This Policy may be updated at any time to reflect changes in our Personal Data Processing practices or to comply with legal requirements, so we recommend that this Policy be reviewed periodically.
Relevant changes will be communicated through a specific notice on our website.
14. Data Protection Contact Channel
If you have any questions, requests, or wish to exercise your rights as a Data Subject, Comida do Amanhã has a specific channel through which issues related to privacy and personal data protection are addressed. To contact us, please use the following email address: privacidade@comidadoamanha.org
An Internal Officer appointed by the Institute will analyse and respond to requests received through the channel, clarifying doubts, responding to requests to exercise rights and acting to facilitate communication with Data Subjects whose Personal Data is processed by Comida do Amanhã.