Privacy Policy

This site is maintained and operated by the National Pact Institute for the Eradication of Slave Labor.

We collect and use some personal data that belongs to those who use our website. In doing so, we act as the controller of this data and are subject to the provisions of Federal Law No. 13.709 / 2018 (General Law for the Protection of Personal Data - LGPD). 

We take care of the protection of your personal data and, therefore, we provide this privacy policy, which contains important information about:

  • Who should use our site
  • What data we collect and what we do with it;
  • Your rights in relation to your personal data; and
  • How to contact us.

1. Data we collect and reasons for collection

Our website collects and uses some personal data from our users, in accordance with the provisions of this section.

1. Personal data provided expressly by the user

We collect the following personal data that our users expressly provide to us when using our website: 

  • Full Name:
  • E-mail:

The collection of this data occurs at the following times: 

  • when the user fills out a contact form
  • when the user is registered on the portal

The data provided by our users is collected for the following purposes: 

  • so that users can receive information and communications from InPACTO
  • so that users can access the InPACTO Vulnerability Index platform

2. Sensitive data

Sensitive data from our users will not be collected, thus understood those defined in arts. 11 et seq. Of the Personal Data Protection Law. Thus, there will be no data collection on racial or ethnic origin, religious conviction, political opinion, union membership or religious, philosophical or political organization, health or sexual life data, genetic or biometric data, when linked to a natural person.

3. Cookies

Cookies are small text files automatically downloaded to your device when you access and browse a website. They basically serve to identify devices, activities and user preferences. Cookies do not allow any file or information to be extracted from the user's hard drive, and it is not yet possible, through them, to have access to personal information that has not come from the user or the way he uses the website's resources. .

The. Site cookies

Site cookies are those sent to the user's and administrator's computer or device exclusively by the site. The information collected through these cookies is used to improve and personalize the user experience, and some cookies can, for example, be used to remember the user's preferences and choices, as well as to offer personalized content.

B. Third-party cookies

Some of our partners may set cookies on the devices of users who access our website.

These cookies, in general, aim to enable our partners to offer their content and services to the user who accesses our website in a personalized way, by obtaining navigation data extracted from their interaction with the website. 

The user will be able to obtain more information about third party cookies and about the way the data obtained from it is treated, in addition to having access to the description of the cookies used and their characteristics by accessing the following link:

The entities in charge of collecting cookies may transfer the information obtained to third parties.

ç. Cookie management

The user may object to the use of cookies by the website, simply by deactivating them when he starts using the service, following the following instructions:

Disabling all cookies, however, will not be possible, as some of them are essential for the website to function properly.

In addition, disabling cookies that can be disabled may impair the user experience, since information used to personalize it will no longer be used.

4. Collection of data not expressly provided

Eventually, other types of data not expressly provided for in this Privacy Policy may be collected, as long as they are provided with the user's consent, or even if the collection is allowed based on another legal basis provided by law.

In any case, the data collection and the resulting processing activities will be informed to the users of the website.

2. Sharing personal data with third parties

We do not share your personal data with third parties. In spite of this, it is possible that we do so to comply with some legal or regulatory determination, or, still, to comply with some order issued by public authority.

3. How long will your personal data be stored

The personal data collected by the website are stored and used for a period of time that corresponds to what is necessary to achieve the purposes listed in this document and that considers the rights of its owners, the rights of the website controller and the applicable legal or regulatory provisions.

Once the periods for storing personal data have expired, they are removed from our databases or anonymized, except in cases where there is the possibility or the need for storage due to legal or regulatory provision.

4. Legal bases for the processing of personal data

A legal basis for the processing of personal data is nothing more than a legal basis, provided for by law, that justifies it. Thus, each operation of processing personal data must have a corresponding legal basis.

We treat our users' personal data in the following cases:

  • with the consent of the holder of personal data
  • for the fulfillment of legal or regulatory obligation by the controller
  • when necessary to serve the legitimate interests of the controller or third party

1. Consent

Certain operations for the processing of personal data carried out on our website will depend on the user's prior agreement, who must express it in a free, informed and unambiguous manner.

The user can revoke his consent at any time, and, if there is no legal possibility that allows or requires its storage, the data provided by consent will be deleted.

In addition, if desired, the user may not agree to any operation of processing personal data based on consent. In such cases, however, it is possible that you may not be able to use any functionality of the website that depends on that operation. The consequences of a lack of consent for a specific activity are reported prior to treatment.

2. Compliance with legal or regulatory obligation by the controller

Some operations of processing personal data, especially data storage, will be carried out so that we can comply with obligations provided for by law or other regulatory provisions applicable to our activities.

3. Legitimate interest

For certain personal data processing operations, we rely solely on our legitimate interest. To find out more about which cases, specifically, we use this legal basis or for more information about the tests we do to make sure we can use it, contact our Personal Data Protection Officer through any of the channels informed in this Privacy Policy, in the section “How to contact us”.

5. User rights

The user of the website has the following rights, conferred by the Personal Data Protection Law: - confirmation of the existence of treatment;

  • access to data;
  • correction of incomplete, inaccurate or outdated data;
  • anonymizing, blocking or eliminating unnecessary, excessive or treated data in non-compliance with the provisions of the law;
  • portability of two dice to another service provider or product, by express request, in accordance with the national authority regulations, observing the commercial and industrial secrets;
  • elimination of personal data processed with the consent of the holder, except in cases provided for by law;
  • information from public and private entities with which the controller shared data use;
  • information about the possibility of not giving consent and about the consequences of the refusal;
  • revocation of consent.

It is important to highlight that, under the terms of the LGPD, there is no right to delete data processed on the basis of legal bases other than consent, unless the data is unnecessary, excessive or treated in non-compliance with the law.

1. How can the holder exercise his rights

In order to guarantee that the user who intends to exercise his rights is, in fact, the holder of the personal data object of the request, we may request documents or other information that may assist in his correct identification, in order to safeguard our rights and the rights of third parties. This will only be done, however, if absolutely necessary and the applicant will receive all related information.

6. Security measures in the processing of personal data

We employ technical and organizational measures to protect personal data from unauthorized access and situations of destruction, loss, loss or alteration of that data.

The measures we use take into account the nature of the data, the context and purpose of the treatment, the risks that an eventual breach would generate for the user's rights and freedoms and the standards currently employed in the market by companies similar to ours.

Among the security measures adopted by us, we highlight the following:

Even if it adopts everything in its power to avoid security incidents, it is possible that there may be a problem motivated exclusively by a third party - such as in the case of hacker or cracker attacks or, even in the case of the user's exclusive fault, that it occurs, for example, when he himself transfers his data to third parties. Thus, although we are generally responsible for the personal data we process, we are exempt from liability in the event of an exceptional situation like these, over which we have no control.

In any case, in the event of any type of security incident that may generate significant risk or damage to any of our users, we will inform those affected and the National Data Protection Authority about the incident, in accordance with the provisions of the General Law of Data Protection.

7. Complaint to a supervisory authority

Without prejudice to any other means of administrative or judicial appeal, the holders of personal data who feel, in any way, injured, may submit a complaint to the National Data Protection Authority.

8. Changes to this policy

This version of this Privacy Policy was last updated on: 27/10/2020.

We reserve the right to modify these rules at any time, especially to adapt them to any changes made to our website, either by making new features available, or by suppressing or modifying existing ones.

Whenever there is a change, our users will be notified of the change.

9. How to contact us

To clarify any doubts about this Privacy Policy or the personal data we process, contact our Personal Data Protection Officer through any of the channels mentioned below:

  • E-mail: contato@inpacto.org.br
  • Phone: (11) 3179-0151 
  • Postal address: Av. Paulista, 2073 Conjunto 321 - Horsa 1 Cj. Nacional Consolação São Paulo SP | 01311 940