Through this document, FCJ intends to adapt its personal data processing operations to the legal regulations on the subject, and in particular to the LGPD approved in August 2018.
We emphasize that the LGPD is a comprehensive law and is intended for different economic agents in Brazil, whether in the public, private or third sector; and brings legal requirements so that personal data can be used in the activities of these agents.
In May 2018, the General Data Protection Regulation (Regulation EU 2016/679 – “GDPR”) came into force. Considering that this regulation has points of contact with the activities carried out by the FCJ in the European Union, we believe it is good to also cover this regulation, adjusting to the conformities of the LGPD.
In the performance of some of the activities provided for in its statute, FCJ carries out personal data processing operations in line with the best interest and rights of the holders of personal data, and may be characterized as Personal Data Controller, Personal Data Operator, Controller and Operator of Personal Data or Co-Controller of Personal Data, in accordance with the definitions of the LGPD, reinforcing, in all positions held, its commitment to complying with the applicable privacy and personal data protection rules.
The compliance adjustments referring to the LGPD compliance process include a work of interpretation of the Law to define the legal obligations, survey of material and pertinent facts for its application and verification of flows and processes that contribute or not to the adjustments to the legal standard .
TERMS AND DEFINITIONS
PERSONAL DATA: Information related to an identified or identifiable natural person. Personal data are also considered to be those used to form the behavioral profile of a particular natural person.
SENSITIVE PERSONAL DATA: Personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data when linked to a natural person .
NATIONAL DATA PROTECTION AUTHORITY (“ANPD”): Public administration body responsible for overseeing, implementing and monitoring compliance with the LGPD throughout the national territory. The ANPD was established by the LGPD as an organ of the federal public administration with technical autonomy, part of the Presidency of the Republic, its nature being defined as transitory and subject to transformation by the Executive Power into an entity of the indirect federal public administration, subject to a special autonomous regime and linked to the Presidency of the Republic.
GENERAL DATA PROTECTION LAW (“LGPD”): Normative diploma (Law No. public or private, with the objective of defending the holders of personal data and at the same time allowing the use of data for different purposes, balancing interests and harmonizing the protection of the human person with technological and economic development.
PERSONAL DATA PROCESSING AGENTS: The controller and operator of personal data.
PERSONAL DATA CONTROLLER: Individual or legal entity, of public or private law, who are responsible for decisions regarding the processing of personal data.
PERSONAL DATA OPERATOR: Individual or legal entity, governed by public or private law, who processes personal data on behalf of the Controller.
PROCESSING OF PERSONAL DATA (“PROCESSING”): Any operation performed with personal data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation , information control, modification, communication, transfer, diffusion or extraction.
ANONYMIZATION: Use of technical, reasonable and available means at the time of processing personal data, through which a data loses the possibility of association, directly or indirectly, with an individual. Anonymized data is not considered personal data for the purposes of the LGPD.
HOLDER OF PERSONAL DATA (“HOLDER”): Natural person to whom the personal data being processed refers.
PERSON IN CHARGE OR DATA PROTECTION OFFICER (“DPO”): Individual or legal entity appointed by the Processing Agent to act as a communication channel between the Controller, the data subjects and the National Protection Authority.