Privacy Policy
PRESENTATION
The purpose of this page is to share with citizens and other institutions, both public and private, the process of adapting this Court of Justice of the State of Tocantins to comply with the Law No. 13.709/18 - General Data Protection Law, in addition to promoting a better understanding and awareness of the main aspects.
INITIAL INFORMATION ON THE LGPD
Getting to know and simplifying the LGPD
The LGPD is the abbreviation for the "General Data Protection Law", the name given to the Law No. 13,709 of August 14th, 2018, whose main purpose is to regulate the processing of personal data and provide data subjects with more knowledge and greater control over this processing, inspired by the GDPR.
What is the GDPR?
This is the abbreviation for the General Data Protection Regulation, a law that deals with the protection of personal data within the European Union, which must be observed when a Brazilian organization, whether public or private, processes the personal data of people from those countries.
What is personal data?
Personal data can be understood as information that identifies the Data Subject (the person to whom the information belongs), either directly (name, affiliation, date of birth, ID, CPF, CNH, telephone number, address, etc.) or indirectly (location, consumer preferences, cookies, etc.). In turn, anonymized data is defined as information that does not identify its Holder.
If the data refers to information on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, health or sex life, genetics or biometrics, it is categorized as sensitive personal data.
Who can be considered a data subject?
The data subject is the natural person to whom the personal data being processed belongs.
What is processing?
These are actions carried out for the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction of these data.
Does the law only apply when processing takes place over the internet?
The LGPD applies to processing regardless of the medium used, whether physical or digital, online or offline.
What are the legal grounds authorizing processing?
The first general rule is that processing can only be carried out with the consent of the data subject.
Personal data may also be processed to comply with a legal or regulatory obligation, by the Public Administration for the execution of public policies, to carry out studies by research bodies, in judicial, administrative or arbitration proceedings, for the protection of life, legitimate interest of the Controller, among other situations.
Are there exceptions to the application of the law?
Yes, when personal data is used exclusively for the purposes of public security, national defense, state security and the investigation and prosecution of criminal offenses, among other hypotheses.
Likewise, the requirement for consent is waived when personal data is already public, but the purpose, good faith and public interest that justified its availability must still be considered.
What is consent, who can give it and how can it be given?
Consent is the conscious expression by which the data subject agrees to the processing of their personal data for a specific purpose.
It can be given by the data subject or their legal guardian.
Consent can be given in writing or by another means that demonstrates the free and unequivocal expression of the will of the data subject.
Can you revoke your consent?
Yes, at any time.
Who does this law apply to?
The LGPD applies to natural person or legal entities governed by public or private law, under the terms of the law.
Does anyone monitor compliance with the LGPD?
The National Data Protection Authority (ANPD) is a body linked to the Presidency of the Republic and it is responsible for overseeing and ensuring the application of the LGPD throughout the country.
Who is responsible for this processing?
Within the scope of the Judiciary of the State of Tocantins, the Controller (Court of Justice, represented by its President) is the person governed by public law responsible for decisions regarding the processing of personal data.
The Operator (e.g. third-party company) is the natural or legal person who carries out the processing in accordance with the instructions of the Controller.
The Data Protection Officer or DPO is the person or people responsible for being the communication channel between the Controller and the ANPD, the data subject or any other person in matters relating to the protection of personal data, clarifying doubts, responding to requests, guiding the practices for processing personal data, among other duties.
What if an incident occurs with personal data?
In addition to making every effort to reverse the situation, stabilize or mitigate the damage, the Court of Justice of the State of Tocantins, as the Controller, will notify the ANPD, in addition to other legal and procedural measures.
Where can I find more information?
For more information on the LGPD and its regulation within the Judiciary of the State of Tocantins, we recommend accessing the Regulatory Plan.