search
COP30

GENERAL DATA PROTECTION LAW (LGPD) AND PRIVACY - Terms of Use

Published on Mar 12, 2025 11:09 AM

1. What information does this document contain?

In these Terms of Use, users of the COP30 Portal Service will find information about:

- The operation of the service and the applicable rules;

- The set of regulations related to the provision of the service;

- User responsibilities when using the service;

- Public administration responsibilities when providing the service;

- Contact information for updates or clarification of doubts;

- The authority responsible for handling complaints if issues in these Terms of Use are violated.

Additionally, in the Privacy Notice, COP30 Portal Service users will find information about:

- The processing of personal data and its purpose;

- The personal data of users necessary for the provision of this service;

- Information about cookies;

- How data is processed;

- Security measures used to protect personal data;

- Information about data sharing with third parties.

2. Acceptance of the Terms

By using the COP30 Portal Service, the user acknowledges that their personal data will be processed and shared as described in the Privacy Notice and agrees to its terms.

The following laws and regulations apply to this service:

- Law No. 12,965, of April 23, 2014 - Brazilian Civil Rights Framework for the Internet - Establishes principles, guarantees, rights, and duties for the use of the Internet in Brasil.

- Law No. 13,460, of June 26, 2017 - Provides for participation, protection, and defense of the rights of users of public services of the public administration.

- Law No. 13,709, of August 14, 2018 - General Data Protection Law (Lei Geral de Proteção de Dados/LGPD) - Introduces data processing procedures to protect the fundamental rights of freedom and privacy.

- Decree No. 8,936, of December 19, 2016 - Institutes the Digital Citizenship Platform and proposes the provision of digital public services within the scope of the bodies and entities of the direct federal public administration, autarchic, and foundational.

- Decree No. 9,637, of December 26, 2018 - Institutes the National Information Security Policy, proposes information security governance, and amends Decree No. 2,295, of August 4, 1997, which regulates the provisions of Article 24, paragraph, item IX, of Law No. 8,666, of June 21, 1993, and proposes the waiver of bidding in cases that may compromise national security.

3. Service Description

The COP30 Portal is a website that consolidates information related to Brasil's presidency of the 30th United Nations Climate Change Conference, to be held in November in the city of Belém, Pará. This is the most important forum for the international debate on measures to tackle climate change.

4. What are the obligations of users of this service?

Users are responsible for the accuracy of the information provided and acknowledge that inaccuracies may prevent the use of the COP30 Portal Service.

When using this service, users must provide only their personal data, not that of third parties, to preserve and protect the rights of others.

Users are responsible for updating their personal information and any negligence or errors in the registered personal information are their responsibility.

Users are liable for any damage, direct or indirect (including those resulting from the disregard of the rights of other users, third parties, including intellectual property rights, secrecy, and personality rights), caused to the public administration, other users, or third parties, including the violation of these Terms of Use or any act resulting from their access to this service.

The public administration cannot be held responsible for the following events, if they do not arise from the use of the COP30 Portal Service:

- a) Equipment infected or invaded by attackers;

- b) Equipment damaged at the time-of-service consumption;

- c) Computer protection;

- d) Protection of information based on users' computers;

- e) Abuse of users' computer use;

- f) Illegal monitoring of users' computers;

- g) Existing vulnerabilities or instabilities in users' systems;

- h) Insecure perimeter.

Under no circumstances will the federal public administration be held responsible for the installation of malicious code (viruses, trojans, malware, worms, bots, backdoors, spyware, rootkits, or any others that may be created) on the user's equipment or that of third parties as a result of the user's Internet browsing.

5. What are the responsibilities of the public administration regarding personal data?

The public administration undertakes to comply with all laws relating to the correct use of citizens' personal data, guaranteeing all the legal rights and guarantees of users. It also undertakes to promote, independently of requests, the publication in an easily accessible place, within its competence, of information of collective or general interest produced or protected. It is responsible for implementing security controls to protect users' personal data.

The public administration may disclose necessary information in response to judicial orders for investigations or actions related to illegal activities, suspected fraud, or potential threats to persons, property, or systems that maintain the Service, or for other reasons necessary to comply with its legal obligations, in which case the public administration will notify users, except in cases where the proceedings are subject to judicial secrecy.

PRIVACY NOTICE

Privacy and security are priorities for the COP30 Portal, which is committed to processing users' data transparently. This Privacy Notice explains how users' data will be processed when accessing the Portal.

By using the COP30 Portal Service, users understand that their personal data will be processed and shared as described in this Privacy Notice and agree to its terms. The following laws and regulations apply to this service:

- Law No. 12,965, of April 23, 2014 - Brazilian Civil Rights Framework for the Internet - Establishes principles, guarantees, rights, and duties for the use of the Internet in Brasil.

- Law No. 13,460, of June 26, 2017 - Provides for participation, protection, and defense of the rights of users of public services of the public administration.

- Law No. 13,709, of August 14, 2018 - General Data Protection Law (LGPD) - Introduces data processing procedures to protect the fundamental rights of freedom and privacy.

- Decree No. 8,936, of December 19, 2016 - Institutes the Digital Citizenship Platform and proposes the provision of digital public services within the scope of the bodies and entities of the direct federal public administration, autarchic, and foundational.

- Decree No. 9,637, of December 26, 2018 - Institutes the National Information Security Policy, proposes information security governance, and amends Decree No. 2,295, of August 4, 1997, which regulates the provisions of Article 24, paragraph, item IX, of Law No. 8,666, of June 21, 1993, and proposes the waiver of bidding in cases that may compromise national security.

- Decree No. 10,332, dated April 28, 2020 - Establishes the Digital Government Strategy for the period from 2020 to 2022, within the scope of the bodies and entities of the direct federal public administration, autarchic, and foundational, and provides for other measures.

In accordance with Article 5, item VI, of Law No. 13,709, of 2018, the controller is defined as "a natural or legal person, of public or private law, to whom the decisions regarding the processing of personal data belong."

With regard to the COP30 Portal Service, the COP30 Presidency, the Office of the Chief of Staff, the Ministry of Foreign Affairs (Ministério das Relações Exteriores/MRE), and the Secretariat for Social Communication of the Presidency of the Republic (Secom/PR) are responsible for making it available, exercising on behalf of the Union the role of controller with regard to the decisions on the processing of personal data referred to in this Privacy Notice.

1. Data Processing Purposes

The COP30 Portal collects personal information from your browser and stores it in cookies. The information is processed for the following purposes:

- Simplifying access to information about member and guest countries;

- Recording statistical data;

- Facilitating user access by retrieving selected preferences.

2. Processing Scenario

In accordance with the General Data Protection Act, personal data will be processed based on the following legal grounds:

Article 7 - Processing of personal data shall only be carried out under the following circumstances:

- I - With the consent of the data subject;

- II - By the public administration, for the processing and shared use of data necessary for the execution of public policies provided in laws or regulations, or based on contracts, agreements, or similar instruments, subject to the provisions of Chapter IV of this Law;

- IX - When necessary to meet the legitimate interests of the controller or a third party, except where the fundamental rights and liberties of the data subject that require the protection of personal data prevail.

2.1. Which Data Will Be Processed?

For the purposes mentioned above, the COP30 Portal processes the following personal data:

- Internet page virtual address (search records, including on other visited sites);

- Country, state, and city (general location);

- Age group;

- Biological gender;

- Device data (hardware model, operating system).

2.2. Cookies Declaration

The COP30 Portal uses its own (primary) cookies, i.e., from the COP30 domain, to register user configurations and preferences and to generate statistical reports through Google Analytics. It also uses third-party cookies to complement these statistics.

2.2.1 Essential Cookies

- __ac, auth_token, I18N_LANGUAGE, lgpd-cookie-v2, tree-s.

- Acesso gov: INGRESSCOOKIE, Session_Gov_Br_Prod.

2.2.2 Analytic Cookies

- Google Analytics: _ga, _ga_CBX8TDSVBM.

For more information and configurations about Google Analytics Consent, please refer to the relevant documentation.

2.2.3 Third-Party Cookies

The COP30 Portal depends on services provided by third parties to:

- Enhance government information campaigns;

- Offer interactive content;

- Improve usability and facilitate content sharing on social networks;

- Run videos and animated presentations directly from the COP30 Portal.

The third-party cookies on the COP30 Portal include Google advertising and multimedia cookies. These third parties will collect and use browsing data for their purposes. Users can disable them directly on Google's website.

- Official information on third-party cookies from Google Policy.

- Google Policy.

Google Analytics on the COP30 Portal has advertising reporting enabled, which collects additional information through a cookie from DoubleClick.net (a company affiliated with Google), such as web activity and device advertising IDs (application activity).

The COP30 Portal has no control over which third-party cookies will be activated. Some third-party cookies that may be found when accessing the site include:

- Domains: YouTube, Instagram, and Twitter.

- YouTube: VISITOR_INFO1_LIVE, YSC, wide, LOGIN_INFO, VISITOR_PRIVACY_METADATA, PREF, HSID, SIDCC, APISID, __Secure-3PSID, SAPISID, __Secure-1PSID, __Secure-1PAPISID, __Secure-3PAPISID, SID, __Secure-3PSIDTS, __Secure-1PSIDTS, __Secure-1PSIDCC, SSID, __Secure-3PSIDCC.

- Twitter: guest_id_ads, guest_id, guest_id_marketing, personalization_id.

2.2.4 Information on Cookies Used for Social Networks

The COP30 Portal incorporates videos and other media files from Instagram, YouTube, and Google. Users can find out more about the cookies used by these social networks and how their personal data is processed. Below are links to the Privacy Policies of each social network:

- Instagram

- YouTube

- Google

- Twitter

2.2.5 Cookies Configuration on Browser

To manage cookies, one alternative is configuring the browser. Tutorials on the topic can be found in the links below:

- Internet Explorer

- Firefox

- Safari

- Google Chrome

- Microsoft Edge

- Opera

The user can change permissions, block, or refuse cookies in their browser at any time, except for strictly necessary ones (essential cookies). However, revoking consent for certain cookies may affect the proper functioning of some features of the COP30 Portal.

3. How, and for How Long, Will Data Be Stored?

The personal data processed through the COP30 Portal will be used and stored in Brasil for the time necessary to provide the service or to achieve the purposes listed in this Privacy Notice, considering the rights of users and those responsible for data processing (controllers and operators).

The data collected by Google Analytics cookies may be transferred outside Brasil, with protections outlined in data processing terms.

Data will be kept while relevant, and after the necessary period, it will be deleted or anonymized, following LGPD provisions (Article 16), i.e., personal information necessary for compliance with legal, judicial, and administrative determinations and/or for the exercise of the right to defense in judicial and administrative proceedings will be retained, despite the deletion of other data.

4. Personal Data Processing Safety

The way data is handled by the COP30 Portal reflects its commitment to the security and protection of personal data to ensure privacy. Appropriate technical measures and solutions are used to guarantee the confidentiality, integrity, and inviolability of personal data. To keep personal data protected, physical, electronic, and managerial tools are employed, specifically aimed at protection and privacy.

The application of these tools takes into consideration the nature of the personal data processed, the context and purpose of the processing, and the risks that potential breaches would pose to the rights and freedoms of the data subject.

The COP30 Portal is committed to using best practices to prevent security incidents.

In the event of security incidents that may pose significant risk or harm to users, the Ministry of Foreign Affairs (Ministério das Relações Exteriores/MRE), with the Secretariat of Social Communication of the Presidency of the Republic (Secom/PR), will take action by notifying the data subjects, especially those directly affected, and also the National Data Protection Authority (Autoridade Nacional de Proteção de Dados/ANPD), which will act following the provisions of the LGPD.

5. Data Sharing

To preserve privacy, the COP30 Portal will not share personal data with any unauthorized third party not listed below. The operators listed below carry out the processing of personal data on behalf of the data controller. They receive data only to the extent necessary to achieve the purpose of the processing. The contracts between these operators are guided by the provisions of the LGPD, and these partners have their Notices or Privacy Policies:

- SERPRO - Brazilian Data Processing Federal Service, Brasília - DF, CEP: 70836-900.

There are other scenarios in which personal data may be shared:

- I - Legal determination, request, requisition, or judicial order, with competent judicial, administrative, or governmental authorities.

- II - Protection of the rights of the COP30 Portal in any type of conflict, including those of a judicial nature.

6. Users’ Rights (Data Owner)

The COP30 Portal ensures its users their rights as data subjects as provided in Article 18 of the LGPD. Therefore, it is possible, free of charge and at any time:

- To object to the processing of personal data at any time. However, it is important to understand that exercising this right will result in disagreement in the relationship between the citizen and the State, and consequently, in less effective treatment by the COP30 Portal in delivering available services;

- To confirm the existence of the processing of personal data, in a simplified or clear and complete format;

- To access your personal data, being able to request them in a legible copy in printed form or electronically, securely and reliably;

- To correct your personal data by requesting the editing, correction, or updating of these;

- To limit your personal data when unnecessary, excessive, or processed in non-compliance with the legislation through anonymization, blocking, or elimination;

- To revoke your consent, disallowing the processing of your data.

7. Personal Data Controller

The person in charge of processing personal data acts as a communication channel between the controller, the data subjects, and the National Data Protection Authority (Law No. 13,709/2018, Article 5, VIII).

The duties of the person in charge of the processing of personal data (LGPD, Article 41, §2) are:

- I - Accept complaints and communications from data subjects, provide clarifications, and take action;

- II - Receive communications from the national authority and take action;

- III - Guide the employees and contractors of the entity on the practices to be adopted concerning the protection of personal data; and

- IV - Perform other duties as determined by the controller or established in supplementary regulations.

The Ministry of Foreign Affairs, following Article 41 of the LGPD, has appointed its data controller for the processing of personal data through MRE Decree No. 372 of January 12, 2022:

- Responsible: Inspetoria-Geral do Serviço Exterior (ISEX).

- Address: Ministry of Foreign Affairs (Ministério das Relações Exteriores/MRE), Esplanada dos Ministérios, Bloco H, Anexo Maria José de Castro Rebello Mendes, 7º andar, sala 741. CEP 70.170-090. Brasília/DF.

- Contact: Fala.BR Platform.

8. Modification of this Privacy Notice

The present version of this Privacy Notice was last updated on 03/12/2025.

The editor reserves the right to modify these rules at any time, especially to adapt them to improvements in the COP30 Portal Service, whether by providing new features or by removing or modifying existing ones.

Any changes or updates to the Terms of Use or Privacy Notice will take effect from the date of their publication on the service's website and must be fully observed by users.

In cases where changes or updates to the Privacy Notice relate to the purpose, form, and duration of data processing, change of controller(s), or data sharing, the data subject will be informed, and they will be allowed to revoke their consent if they disagree with the changes.

9. Responsibilities

The COP30 Portal foresees the responsibility of the agents involved in data processes, following Articles 42 to 45 of the LGPD.

It also commits to keeping this Privacy Notice updated, observing its determinations, and ensuring compliance. Additionally, it undertakes the commitment to seek technical and organizational conditions to protect the entire data process.

10. Disclaimer

As mentioned in Topic 4, although high-security standards are adopted to prevent incidents, no web page is entirely free of risks. In this regard, the COP30 Portal is not responsible for:

- I - Any consequences arising from users' negligence or carelessness regarding their individual data. The COP30 Portal is only responsible for the security of data processing processes and the fulfillment of the purposes described in this Privacy Notice. It is emphasized that the responsibility for the confidentiality of access data lies with the user.

- II - Malicious actions by third parties, such as cyber-attacks, unless culpable or deliberate conduct by the COP30 Portal is proven.

- III - The inaccuracy of information entered by the user in the records necessary for the use of the COP30 Portal Service, and any consequences arising from false or maliciously entered information, are entirely the user's responsibility.

English Version: Translated by Bárbara Menezes 

Editorial Review and Editing: Enrique Villamil