Privacy Policy

AEB / Etica Viva Privacy Policy

This policy explains how the Brazilian Ethics Association (AEB) collects, uses, stores, shares and protects personal data submitted through eticaviva.org.br, the Conect@ Portal · PCDs & Companies and the AEB Projects Hub, in compliance with the Brazilian General Data Protection Law (LGPD).

v1.2-2026-05 · May 17, 2026

Data controller

Brazilian Ethics Association (AEB) — public-interest civil society organization, CNPJ 09.350.354/0001-30, headquartered at QS 01, Block D, Suite 1.505, Connect Towers Building, Aguas Claras, Brasilia-DF, Brazil, ZIP 71.950-550.

Data officer and rights-exercise channel

To request access, correction, deletion, portability or consent withdrawal, email [email protected] with the subject "LGPD" and describe your request. We respond within 15 days.

Legal bases

  • Consent of the data subject (LGPD, art. 7, IX) — Conect@ Portal sign-ups, applications, company submissions, proposals and support manifestations sent through the AEB Projects Hub, and contact forms.
  • Execution of public policies (LGPD, art. 11, II, "a") — support for productive inclusion of people with disabilities and neurodivergent people in partnership with public bodies and companies.
  • Compliance with legal obligation (LGPD, art. 7, II) — minimum records kept for OSCIP audits and public accountability.

Processing purposes

  • Mediate qualified contact between neurodivergent/PWD candidates and companies offering inclusive jobs.
  • Maintain a talent pool supporting the Brazilian Quota Law (Law 8,213/1991) and the Statute of Persons with Disabilities.
  • Track hiring, retention and satisfaction for project statistics (without exposing identities).
  • Receive, review and follow up on proposals and demands sent through the AEB Projects Hub (Citizen Cinema, Caravana do Bem, NGO advisory and other fronts).
  • Organize support manifestations (money, volunteering, items, services) sent through the Projects Hub and align next steps with the person who manifested.
  • Share AEB opportunities, news and activities when you authorize it.
  • Reply to messages sent through the contact, donation or partnership forms.

Data collected

  • Identification: name, email, phone, city/state.
  • Professional: professional summary, applications and company details (when applicable).
  • Projects Hub — submissions: proposal title and description, proposing organization, tax ID or document, audience, estimated participants, desired date/theme, available structure, needs, estimated budget and accessibility notes.
  • Projects Hub — support manifestations: linked project, support type (money, items, volunteering, professional service, space, transport, outreach or other), message describing the support and estimated amount when provided.
  • Contributing Member application: full name, CPF, RG (optional), birth date, full address, city/state/ZIP, phone, mobile, email, chosen monthly contribution, explicit Bylaws and LGPD acceptance, and payment receipt. Data is restricted to AEB staff; the receipt is stored in private storage (Cloudflare R2) and accessed only via the authenticated admin panel.
  • Accessibility and self-declaration: support needs and voluntarily declared conditions (optional, may be left blank).
  • Operational: event timestamps, one-way hash of IP, browser, language and consent record.
  • Strictly necessary cookies (session, language) and analytics (Google Analytics) only with explicit consent.

Retention

  • Active accounts: while the account is active and for up to 24 months after the last sign-in, unless a longer legal retention applies.
  • Applications and company leads: up to 24 months after the last update.
  • Projects Hub — submissions and support manifestations: up to 24 months after the last update. Archived submissions preserve history but leave active operation.
  • Contributing Member application: while the membership is active and for up to 60 months after its end, for legal and OSCIP audit purposes.
  • Consent records: at least 5 years for evidentiary purposes.
  • Infrastructure backups: automatic rotation as defined by the Cloudflare D1 policy.

Data sharing

  • Partner companies: professional candidate data is shared only after expressed interest and AEB mediation.
  • Projects Hub: proposal and support data are restricted to the AEB team. Only aggregated indicators (totals of projects, support calls, proposals received and support manifestations) appear in public APIs — never names, emails, phones, messages or organizations.
  • Operators: hosting (Cloudflare), transactional email (AWS SES) and anti-spam (Google reCAPTCHA), each under contract and limited purpose.
  • Authorities: only when required by law, judicial order or substantiated request from a competent body.

Your rights

  • Confirm whether we process data about you.
  • Access the data we keep about you.
  • Correct incomplete, inaccurate or outdated data.
  • Anonymize, block or delete data that is unnecessary or processed unlawfully.
  • Request data portability to another provider.
  • Withdraw consent at any time.
  • Object to processing carried out under a consent-exempt basis.

Security

We adopt technical and administrative measures: PBKDF2 password hashing with iterations, signed HttpOnly cookies, HTTPS/TLS, separation between admin and public portal, audit-ready consent log and automatic infrastructure backups.

Changes to this policy

This policy may be updated to reflect legal or operational changes. The current version is dated at the top of the page; relevant changes will be announced on the portal.

Complaints

You may also file a complaint with the Brazilian National Data Protection Authority (ANPD) at gov.br/anpd.