Privacy

Operational Guidelines for the website www.topsgirls.com

Tops Girls Cam Prive - The Largest Social Network for Sex, Swing and exhibitionism in all of Brazil.
Welcome to our social network in Brazil!

We are the largest social network platform exclusively, the largest private live cam social network in Brazil and exclusive to people over 18 years old,
Who will be made up of people interested in sex, swinging, dating, fetishes, fantasies, liberal parties, livecam etc,
and whatever else your imagination sends you can do it here.

Our purpose is to offer a great, completely safe and judgment-free environment to anyone,
so that people can live their sexuality fully without restrictions and without verbal and moral prejudice, we all have freedom.

Discreet super safe environment for only people over 18 years old as required by Brazilian laws:

We value everyone's security and privacy on a large dedicated server with encryption security for everyone without restrictions.

We have a team of great professionals 24 hours a day, committed to security and platform maintenance,
Reporting any and all content considered suspicious and that comes from or deviates from our guidelines are,
detailed in the terms of use. In addition, we have a large, super-trained support team ready forever,
to respond to any demand or analyze any complaints that reach our support team so that we can act quickly.

Free from prejudice and presumption of belief or any judgment whatsoever, everyone has their freedom:

All of our content on our platform is and is produced by users, who have the freedom to enjoy their sexuality,
as they find most suitable for themselves and/or for themselves. Many people of both sexes are looking for real or just virtual meetings,
And themed parties, etc., to meet new and different people, to explore new and great fetishes, from the world of sex,
While other people just want to look, watch or enjoy virtual or online, that's what our platform has to offer everyone.


The most important thing is that everyone has their own freedom and free choice regarding how to have fun, etc.
as long as no practice interferes with the freedom of the other and the respect of the other.

To find out a little more about our platform, top girls, fetishes, etc.,
and great practices in the world of swing sex and sexuality in general, visit our blog:

Our virtual electronic magazine has an expert in the world of adult entertainment to help women, couples, brides, grooms, etc.
by an exclusive couple just so that I have your registration with your email correctly and your data correctly etc.
We also have a great specialist who gives a talk about the world of sex, which is available in a male massage parlor that is very popular with 90% of married men, etc.
For more information, send your email and you will have your question and answer on the psychology of the world of sex for a small fee
with cell phone service, etc. exclusively just for you with complete security and confidentiality
For consultation, first contact via email topsgirlsvip@gmail.com

security and complete privacy
Service Terms
This Statement is our terms of service that govern our relationships with users and others who interact with Top Girls. By using or accessing top girls, you agree to all of this Statement stated here.

Definitions
Users: All those who have an active profile on our website top girls.com.
Subscribers: All those who have a paid profile on the website, having access to exclusive resources and benefits.
advertisers: All those who have an active profile on the website and are previously authorized to carry out marketing campaigns within topsgirls.com using the banner below.

1 - Privacy

1 - Recognize that Top Girls fully complies with what is determined by Brazilian Legislation in relation to freedom of expression, under the terms of Article 5, VI of the Federal Constitution, thus, any suppression of content (texts and images) only if becomes mandatory through a competent Court Order or notification, in writing, as determined by article 21 of Law 12,965/2014 "Marco Civil da Internet". However, Top Girls reserves the right to monitor, edit, block or even remove any content of any User that is reported, which is in disagreement with these Terms of Use or with the Brazilian legislation, also reserving the right to retain certain categories of data linked to a User suspended, blocked and/or excluded from the platform due to violation of the Terms of Use, in accordance with the law;
Your privacy is very important to us at Top Girls, which is why we will never contact you again without your prior authorization at any time.

Your sensitive data such as password, email, IP, telephone number, real name and/or full address will never be exposed to third parties or other users of the website or even to third parties, except in cases of judicial/police demand.within the form of the law with a court order

2 - Regarding the creation and maintenance of your accounts created here on topsgirls.com
You, and everyone involved, must be 18 years of age or older.
It is your responsibility to choose a secure password, avoiding weak passwords such as "12345".change123.
It is not permitted to have more than one (2) active profile on the website. Except if it's one for a couple and one for a single person, etc. This is a liberal site and not a dictator's site..
It is not permitted to create false profiles with the intention of deceiving, deceiving or defaming other users of top girls.com.
Creating a new account is not permitted when you have been blocked or banned by one of our moderators or site directors.
3 - Regarding the publication of content (wall, comments and private messages)
All communication carried out within topsgirls.com must be governed by good manners, cordiality and respect for the wishes and limits of other users.

4 - Background images with people who are or appear to be under 18 years of age in accordance with Brazilian legislation or with people who are a legal minority in the Users' country of residence or where Tops GIRLS is accessed, or even if they appear to be out of their lucid condition, such as people under the influence of drugs of any kind or under the influence of alcohol, or who may suffer from any other type of physical or psychological or mental disorder;

5 - If I came to use the website or our network or our Tops Girls Platform for criminal offenses as provided for in current Brazilian Legislation, as well as in current Criminal Legislation in this Country or other countries in the world in which the Platform and/or the Tops Girls website is accessed, if any practice considered criminal is identified, the profile account of any of its users will be immediately suspended, access to our platform will be blocked, and the appropriate legal measures will be taken, without prejudice to the company's data. Users in general mode, registered/registration data, their access records and connection records, access history to services, products and content, IP address, and other information, are preserved, for the purposes of criminal and judicial investigation, whether within the entire Brazilian territory, whether within any country abroad.

You are responsible for all content you post on your profile.
You will not publish commercial communications (paid and/or free parties, programs, product advertisements, etc.) on topsgirls.com without prior authorization from the management.
You must not use the wall or comments for your own commercial gain.
You will not take part in illegal multi-level marketing, such as a pyramid scheme, on topsgirls.com.
You will not send viruses or other malicious codes. I came to do this and respond criminally within the terms of the laws in force in Brazil.
You will not intimidate, offend or bully any user, group of users or moderators of the site.
You will not use topsgirls.com
to carry out any illegal, mistaken, malicious, discriminatory or false or religious act, racist or narcotics, etc.
You will not publish content intended to generate discord, fights or slander and defame against anyone else on the top girls.com website.
You will not post spam (repeated and/or unsolicited messages).
6 - Regarding the publication of media (photos, videos and the like)
You guarantee that you will only publish media that you own the rights to.
You will not publish media copied from the internet or copied from other Top Girls users.
You will not publish media with images from third parties without prior digitally signed authorization.
You will not publish media that contains pedophilia, zoophilia, mutilation or content considered illegal, discriminatory or aggressive.
7 - Special rights and duties for advertisers
Advertisers can use the wall itself to advertise their products and services, containing images and/or prices if they wish.
Advertisers must not post any commercial content on other website users' walls or in the comment system.
Advertisers must respect the minimum interval between commercial publications agreed at the time of contracting.
8 - Rights of top girls
WE TRY TO KEEP TOP GIRLS UPDATED, AND SUPER SAFE AND ERROR-FREE, BUT YOU USE IT AT YOUR OWN RISK. WE PROVIDE TOP GIRLS AS IS WITHOUT EXPRESS OR IMPLIED WARRANTIES.
((((( YOU HAVE THE SAME RIGHT AS OTHERS ON OUR TOPSGIRLS SITE,Advertise – Luxury Escort – Call Girl – CamGirls – Transvestites – Virtual Sex
If you are a luxury escort, call girl, erotic masseuse, call boy or camgirls in Brazil, come create a profile and advertise for free on our online classifieds site, we are waiting for you!
We may remove any content or information posted by you if we believe it violates the letter or spirit of this Statement.
If you violate the terms of service, we will deactivate your account when we deem appropriate without prior notice to the user.
All content removed by you, including media, may be stored in our backups indefinitely.
All PUBLIC content can be seen by all visitors to the site, whether or not they have an account on top girls.com.
Your PUBLIC media may be selected for the website's main page or used in our marketing campaigns.
Our brand and logo are for restricted use by the legal representatives of topsgirls.com, and must not be used without their authorization.
We may, at any time, change any free feature of the website for exclusive use by subscribers, etc.
9 - Termination
If you violate the letter or spirit of this Statement, or otherwise create potential risk or legal exposure for us, we may stop providing all or part of topsgirls.com to you. We will notify you the next time you try to access your account. You are also free to delete your account at any time.

There will be no refund of amounts paid due to disagreement with any term of this Declaration or regret. Only due to technical problem or billing error

10 - Final grade
By agreeing to these terms of service, you also agree that the moderators of topsgirls.com act as arbitrators for the judgment of the issues mentioned above

LiveCam is a platform offered by Tops Girls so that Users can broadcast live video calls in real time via streaming). When using LiveCam, Users undertake to:

Never use the camera for illegal purposes, or contrary to these Terms of Use, Brazilian legislation, the legislation where you reside and, any part of the world or the legislation from where you access our website Tops Girls;
Never make available content considered illicit, or unduly, criminal, repugnant, horrendous, including, but not limited to, paid sex services, prostitution, filming of people, partners or cohabitants in a poor condition, vulnerability, fragility, under the influence of drugs, alcohol , sleeping or in any other way that includes reduced ability to consent to photos or filming, of content of children or minors, ruffianism, pedophilia, crimes against sexual freedom, that contains improper use of creations or any type of authorial animal and intellectuals, brands of companies and public or private institutions, logos, acronyms or any other symbols used or identifying bodies or entities of the Public Administration, hate speech, use of firearms or bladed weapons, etc., and the apology or incitement to crime of any nature, bestiality, breach of consent, among others, in accordance with Brazilian legislation, the legislation where you reside even outside Brazil, even abroad, or the legislation from where you access our website Tops Girls.;.

11 -Prostitution is not a crime in Brazil. The profession is even included in the Brazilian Classification of Occupations (CBO) under the entry "sex worker", with the number 5198. What is a crime is the act of taking advantage of prostitution, which characterizes sexual exploitation.

12 -Advertise – Luxury Escort – Call Girl – CamGirls – Transvestites – Virtual Sex
If you are a luxury escort, call girl, erotic masseuse, call boy or camgirls in Brazil, come create a profile and advertise for free on our online classifieds site, we are waiting for you!
Since 2002, prostitution has been a profession recognized by the Ministry of Labor and permitted for people aged 18 and over. Sex workers can collect social security contributions and guarantee rights common to all workers, such as retirement and sickness benefits.
In eight European countries (Netherlands, Germany, Austria, Switzerland, Greece, Turkey, Hungary and Latvia), prostitution is legal and regulated. The degree of prohibition and legislation against prostitution varies between countries around the world.

13 - We are the only site in Brazil that all users regardless of sexual gender, from everything the site earns, everyone who does their live cam, will also receive a very high part of the turnover of the Tops Girls site, but we are the only one in Brazil that does not practice sexual exploitation, keeping all the money
such as tokens, and all subscriptions that for you users to be able to interact with whoever is doing your livecam, if you don't pay you can't say anything either, in short, the beings in Brazil have been openly practicing sexual exploitation, but this can also be due to There are many users who submit themselves to this on these sites.

If a female or transvestite escort will also be able to participate in the site and take advantage of it and make your free advertisement, convert our visitors into customers and take advantage of all our options, we are always online to serve you, being one of the best in Brazil today.

It's a way to create your page on our website for free (And have your web page without paying a penny) for you to promote your work, manage it through the panel and our attendants, you will be able to publish your photos < and videos or audio of your work and we hope that customers interested in your services will contact you directly, come register and create your profile right now https://www.topsgirls.com

Security
Your privacy is extremely important to the Tops Girls Cam Network and we value any measure that makes your browsing,
It's still super and much safer, without it coming and ruining your fun.

Therefore, all of our websites have an HTTPS protocol that makes it difficult and SiteLock, with several additional layers of security on the tops girls platform,
which allows your data, such as users, etc., to have your password and personal information all encrypted,
and verified by the server using digital certificates.

In practice, HTTPS makes it difficult and SiteLock attacks hackers to gain unauthorized access to confidential data and protect information disclosed on our network.

Furthermore, in all technological development of our top girls websites,
Resources were used to further improve its security and be as less susceptible as possible to any type of invasion.

All this so you, our customers and subscribers, etc., can use all the facilities offered by the tops girls platform,
It will provide real and total pleasure in your search.
But the platform makes it very clear about any meeting of people who come to be on our platform or on our website.
If a physical meeting takes place, the first and second meeting should be in public places such as shopping malls, etc.

Privacy and Security Policy - Statement of rights and responsibilities
Security notice about your data and rights.

In accordance with Law No. 13,709 of August 14, 2018, called General Personal Data Protection Law
https://www.gov.br/pt-br (“LGPD”), as the holder of your personal data, you have the right to: confirm the existence and processing,
Access, correct incomplete, inaccurate or outdated data, anonymize,
block or eliminate the existence of excessive unnecessary data or data processed in non-compliance with the provisions of the LGPD,
Portability with third parties (except commercial and industrial secrets),
Delete previously consented data, except in the cases provided for in art.16 of the law,
Know which public or private entities the controller shared their data with,
Know about the possibility of not providing consent and the consequences of refusal.
Find out more about LGPD by accessing our help center.
Computerized Legislation - LAW No. 13,709, OF AUGUST 14, 2018 - Original Publication
The Actors of the law: LAW No. 13,709, OF AUGUST 14, 2018
Provides for the protection of personal data and amends Law No. 12,965, of April 23, 2014 (Marco Civil da Internet).

      THE PRESIDENT OF THE REPUBLIC
      I make it known that the National Congress decrees and I sanction the following Law:

CHAPTER I
PRELIMINARY PROVISIONS

      Art. 1 This Law provides for the processing of personal data, including in digital media, by natural persons or legal entities governed by public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of personality of the natural person.

      Art. 2 The discipline of personal data protection is based on:

      I - respect for privacy;

      II - informative self-determination;

      III - freedom of expression, information, communication and opinion;

      IV - the inviolability of intimacy, honor and image;

      V - economic and technological development and innovation;

      VI - free enterprise, free competition and consumer protection; It is

      VII - human rights, the free development of personality, dignity and the exercise of citizenship by natural persons.

      Art. 3 This Law applies to any processing operation carried out by a natural person or legal entity governed by public or private law, regardless of the medium, the country of its headquarters or the country where the data is located, provided that:

      I - the processing operation is carried out in the national territory;

      II - the purpose of the processing activity is to offer or supply goods or services or to process data from individuals located in the national territory;

      III - the personal data subject to processing have been collected in the national territory.

      1º Personal data whose holder is located there at the time of collection are considered collected in the national territory.

      2. The processing of data provided for in item IV of the caput of the art is excluded from the provisions of section I of this article. 4th of this Law.

      Art. 4 This Law does not apply to the processing of personal data:

      I - carried out by a natural person for exclusively private and non-economic purposes;

      II - carried out exclusively for the following purposes:

a)journalistic and artistic; or
b) academics, applying arts. 7 and 11 of this Law;

      III - carried out for the exclusive purposes of:
a) public security;
b)national defense;
c) state security; or
d) investigation and repression activities for criminal offenses; or

      IV - originating from outside the national territory and which are not the subject of communication, shared use of data with Brazilian processing agents or subject to international data transfer with another country other than the country of origin, provided that the country of origin provides a degree of protection of personal data appropriate to the provisions of this Law.

      1º The processing of personal data provided for in section III will be governed by specific legislation, which must provide for proportionate and strictly necessary measures to meet the public interest, observing due legal process, the general principles of protection and the rights of the holder provided for in this Law.

      2. The processing of the data referred to in item III of the caput of this article by a person governed by private law is prohibited, except in procedures under the supervision of a legal entity governed by public law, which will be the subject of a specific report to the national authority and which must comply with the limitation imposed in § 4 of this article.

      3º The national authority will issue technical opinions or recommendations regarding the exceptions provided for in item III of the caput of this article and must request impact reports on the protection of personal data from those responsible.

      4º In no case may the totality of personal data in the database referred to in item III of the caput of this article be processed by a person governed by private law.

      Art. 5 For the purposes of this Law, it is considered:

      I - personal data: information related to an identified or identifiable natural person;

      II - sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person;

      III - anonymized data: data relating to a holder who cannot be identified, considering the use of reasonable technical means available at the time of processing;

      IV - database: structured set of personal data, established in one or more locations, in electronic or physical format;

      V - holder: natural person to whom the personal data that is subject to processing refers;

      VI - controller: natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data;

      VII - operator: natural or legal person, governed by public or private law, who processes personal data on behalf of the controller;

      VIII - person in charge: natural person, appointed by the controller, who acts as a communication channel between the controller and the holders and the national authority;

      IX - treatment agents: the controller and the operator;

      X - Treatment: All operation performed with personal data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification , communication, transfer, diffusion or extraction;

      XI - anonymization: use of reasonable technical means available at the time of processing, through which data loses the possibility of association, directly or indirectly, with an individual;
XII - consent: free, informed and unequivocal expression by which the holder agrees to the processing of their personal data for a specific purpose;

      XIII - blocking: temporary suspension of any processing operation, by storing personal data or the database;

      XIV - elimination: deletion of data or set of data stored in a database, regardless of the procedure used;

      XV - international data transfer: transfer of personal data to a foreign country or international organization of which the country is a member;

      XVI - shared use of data: communication, dissemination, international transfer, interconnection of personal data or shared processing of personal databases by public bodies and entities in compliance with their legal powers, or between them and private entities, reciprocally, with specific authorization , for one or more types of treatment permitted by these public entities, or between private entities;

      XVII - personal data protection impact report: documentation from the controller that contains a description of personal data processing processes that may generate risks to civil liberties and fundamental rights, as well as measures, safeguards and risk mitigation mechanisms;

      XVIII - research body: direct or indirect public administration body or entity or non-profit private law legal entity legally constituted under Brazilian laws, with headquarters and jurisdiction in the country, which includes in its institutional mission or in its social objective or basic or applied research of a historical, scientific, technological or statistical nature is statutory;

      XIX - national authority: indirect public administration body responsible for ensuring, implementing and monitoring compliance with this Law.

      Art. 6 Personal data processing activities must comply with good faith and the following principles:

      I - purpose: carrying out the processing for legitimate, specific, explicit and informed purposes to the holder, without the possibility of subsequent processing in a manner incompatible with these purposes;

      II - adequacy: compatibility of the processing with the purposes informed to the holder, according to the context of the processing;

      III - necessity: limitation of processing to the minimum necessary to achieve its purposes, with coverage of pertinent data, proportional and not excessive in relation to the purposes of data processing;

      IV - free access: guarantee, to holders, easy and free consultation on the form and duration of processing, as well as the completeness of their personal data;

      V - data quality: guarantee, to data subjects, of accuracy, clarity, relevance and updating of data, according to the need and to fulfill the purpose of its processing;

      VI - transparency: guarantee to holders of clear, precise and easily accessible information about the carrying out of the processing and the respective processing agents, observing commercial and industrial secrets;

      VII - security: use of technical and administrative measures capable of protecting personal data from unauthorized access and accidental or illicit situations of destruction, loss, alteration, communication or dissemination;

      VIII - prevention: adoption of measures to prevent the occurrence of damage due to the processing of personal data;

      IX - non-discrimination: impossibility of carrying out processing for illicit or abusive discriminatory purposes;

      X- Accountability and accountability: demonstration by the agent of the adoption of effective measures and capable of proving compliance and compliance with personal data protection rules and even the effectiveness of these measures.
CHAPTER II
PROCESSING OF PERSONAL DATA

Section I
Requirements for the Processing of Personal Data


      Art. 7 The processing of personal data may only be carried out in the following cases:

      I - upon provision of consent by the holder;

      II - for compliance with legal or regulatory obligations by the controller;

      III - by the public administration, for the processing and shared use of data necessary for the execution of public policies provided for in laws and regulations or supported by contracts, agreements or similar instruments, observing the provisions of Chapter IV of this Law;

      IV - for carrying out studies by a research body, ensuring, whenever possible, the anonymization of personal data;

      V - when necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;

      VI - for the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter in accordance with Law No. 9,307, of September 23, 1996 (Arbitration Law);

      VII - to protect the life or physical safety of the holder or third party;

      VIII - for the protection of health, in a procedure carried out by health professionals or health entities;

      IX - when necessary to meet the legitimate interests of the controller or a third party, except in the case where the fundamental rights and freedoms of the holder that require the protection of personal data prevail; or

      X - for credit protection, including the provisions of the relevant legislation.

      1º In cases of application of the provisions of items II and III of the caput of this article and except for the hypotheses provided for in art. 4th of this Law, the holder will be informed of the hypotheses in which the processing of their data will be permitted.

      2º The form of making available the information provided for in § 1º and in item I of the caput of art. 23 of this Law may be specified by the national authority.

      3º The processing of personal data to which access is public must consider the purpose, good faith and public interest that justified its availability.

      4 The requirement for consent provided for in the caput of this article is waived for data made manifestly public by the holder, safeguarding the holder's rights and the principles set out in this Law.
5º The controller who obtained the consent referred to in section I of the caput of this article who needs to communicate or share personal data with other controllers must obtain specific consent from the holder for this purpose, except in the cases of exemption from consent provided for in this Law.

      6. Any exemption from the requirement for consent does not exempt processing agents from the other obligations set out in this Law, especially the observance of general principles and the guarantee of the holder's rights.

      Art. 8 The consent provided for in item I of art. 7th of this Law must be provided in writing or by other means that demonstrates the holder's expression of will.

      1 If consent is provided in writing, it must be included in a separate clause from the other contractual clauses.

      2 The burden of proving that consent was obtained in accordance with the provisions of this Law is on the controller.

      3º The processing of personal data is prohibited subject to a lack of consent.

      4 Consent must refer to specific purposes, and generic authorizations for the processing of personal data will be null and void.

      5th Consent may be revoked at any time upon express manifestation by the holder, through a free and facilitated procedure, ratifying the treatments carried out under the protection of previously expressed consent as long as there is no request for deletion, in accordance with item VI of the caput of the art. 18 of this Law.

      6º In case of change of information referred to in items I, II, III or V of art. 9 of this Law, the controller must inform the holder, specifically highlighting the content of the changes, and the holder may, in cases where his consent is required, revoke it if he disagrees with the change.

      Art. 9 The holder has the right to facilitated access to information about the processing of their data, which must be made available in a clear, adequate and conspicuous manner regarding, among other characteristics provided for in regulations to comply with the principle of free access:

      I - specific purpose of the processing;

      II - form and duration of treatment, observing commercial and industrial secrets;

      III - identification of the controller;

      IV - controller contact information;

      V - information about the shared use of data by the controller and the purpose;

      VI - responsibilities of the agents who will carry out the treatment; It is

      VII - rights of the holder, with explicit mention of the rights contained in art. 18 of this Law.
1º In the event that consent is required, it will be considered null if the information provided to the holder has misleading or abusive content or has not been previously presented transparently, in a clear and unambiguous manner.

      2nd In the event that consent is required, if there are changes in the purpose for processing personal data that are not compatible with the original consent, the controller must inform the holder in advance about the changes in purpose, and the holder may revoke consent if they disagree. of the changes.

      3º When the processing of personal data is a condition for the provision of a product or service or for the exercise of a right, the holder will be prominently informed about this fact and the means by which he or she can exercise the holder's rights listed in art. 18 of this Law.

      Art. 10. The legitimate interest of the controller may only justify the processing of personal data for legitimate purposes, considered based on specific situations, which include, but are not limited to:

      I - support and promotion of the controller's activities; It is

      II - protection, in relation to the holder, of the regular exercise of their rights or provision of services that benefit them, respecting their legitimate expectations and fundamental rights and freedoms, under the terms of this Law.

      1 When processing is based on the legitimate interest of the controller, only personal data strictly necessary for the intended purpose may be processed.

      2º The controller must adopt measures to guarantee the transparency of data processing based on their legitimate interests.

      3º The national authority may request a report on the impact on the protection of personal data from the controller, when the processing is based on its legitimate interest, observing commercial and industrial secrets.

Section II
The Processing of Sensitive Personal Data

      Art. 11. The processing of sensitive personal data may only occur in the following cases:

      I - when the holder or his/her legal guardian consents, in a specific and prominent manner, for specific purposes;

      II - without providing consent from the holder, in cases where it is essential to:
a)compliance with legal or regulatory obligations by the controller;
b) shared processing of data necessary for the execution, by the public administration, of public policies provided for in laws or regulations;
c) carrying out studies by a research body, guaranteeing, whenever possible, the anonymization of sensitive personal data;
d)regular exercise of rights, including in contract and in judicial, administrative and arbitration proceedings, the latter in accordance with Law No. 9,307, of September 23, 1996 (Arbitration Law);
e)protection of the life or physical safety of the holder or third party;
f) health protection, in a procedure carried out by health professionals or health entities; or
g) guarantee of fraud prevention and security of the holder, in the processes of identification and authentication of registration in electronic systems, safeguarding the rights mentioned in art. 9th of this Law and except in the case of prevailing fundamental rights and freedoms of the holder that require the protection of personal data.

      1 The provisions of this article apply to any processing of personal data that reveals sensitive personal data and that may cause harm to the holder, except as provided for in specific legislation.

      2º In cases of application of the provisions of paragraphs "a" and "b" of item II of the caput of this article by bodies and public entities, the aforementioned exemption from consent will be publicized, in accordance with item I of the caput of the art. 23 of this Law.

      3º The communication or shared use of sensitive personal data between controllers with the aim of obtaining economic advantage may be subject to prohibition or regulation by the national authority, after hearing the sectoral bodies of the Public Power, within the scope of their competences.

      § 4 Communication or shared use between controllers of sensitive personal data relating to health with the aim of obtaining an economic advantage is prohibited, except in cases of data portability when consented by the holder.

      Art. 12. Anonymized data will not be considered personal data for the purposes of this Law, except when the anonymization process to which they were subjected is reversed, using exclusive means, or when, with reasonable efforts, it can be reversed.

      1st The determination of what is reasonable must take into account objective factors, such as the cost and time required to reverse the anonymization process, according to available technologies, and the exclusive use of own means.

      2º Those used to form the behavioral profile of a given natural person, if identified, may also be considered as personal data, for the purposes of this Law.

      3rd The national authority may provide for standards and techniques used in anonymization processes and carry out checks on their security, after consulting the National Council for the Protection of Personal Data.

Art. 13. When carrying out public health studies, research bodies may have access to personal databases, which will be treated exclusively within the body and strictly for the purpose of carrying out studies and research and kept in a controlled and secure environment , in accordance with security practices provided for in specific regulations and which include, whenever possible, the anonymization or pseudonymization of data, as well as considering the appropriate ethical standards related to studies and research.

      1º The disclosure of the results or any excerpt of the study or research referred to in the caput of this article under no circumstances may reveal personal data.

      2º The research body will be responsible for the security of the information provided for in the caput of this article, under no circumstances will the transfer of data to third parties be permitted.

      3º Access to the data referred to in this article will be subject to regulation by the national authority and health and sanitary authorities, within the scope of their competences.

      4 For the purposes of this article, pseudo minimization is the treatment through which data loses the possibility of association, directly or indirectly, with an individual, except through the use of additional information kept separately by the controller in a controlled and secure environment.

Section III
The Processing of Personal Data of Children and
Teenagers

      Art. 14. The processing of personal data of children and adolescents must be carried out in their best interests, in accordance with this article and the relevant legislation.

      1st The processing of children's personal data must be carried out with the specific and prominent consent given by at least one of the parents or legal guardian.

      2 In the processing of data referred to in § 1 of this article, controllers must keep public information about the types of data collected, the way in which they are used and the procedures for exercising the rights referred to in art. 18 of this Law.

      3rd Personal data from children may be collected without the consent referred to in § 1st of this article when the collection is necessary to contact the parents or legal guardian, used once and without storage, or for their protection, and under no circumstances In this case, they may be passed on to a third party without the consent referred to in § 1 of this article.

      4. Controllers must not condition the participation of the holders referred to in § 1 of this article in games, internet applications or other activities to the provision of personal information beyond that strictly necessary for the activity.

      5 The controller must make all reasonable efforts to verify that the consent referred to in § 1 of this article was given by the person responsible for the child, taking into account the available technologies.

      6. Information on data processing referred to in this article must be provided in a simple, clear and accessible manner, taking into account the physical-motor, perceptual, sensory, intellectual and mental characteristics of the user, with the use of audiovisual resources when appropriate, in order to provide the necessary information to the parents or legal guardian and appropriate for the child's understanding.

Section IV
Termination of Data Processing

      Art. 15. The termination of the processing of personal data will occur in the following cases:

      I - verification that the purpose was achieved or that the data are no longer necessary or relevant to achieving the specific purpose sought;

      II - end of the treatment period;

      III - communication from the holder, including the exercise of their right to revoke consent as provided for in 5th of art. 8th of this Law, safeguarding the public interest; or

      IV - determination of the national authority, when there is a violation of the provisions of this Law.

      Art. 16. Personal data will be deleted after the end of their processing, within the scope and technical limits of the activities, conservation being authorized for the following purposes:

      I - compliance with legal or regulatory obligations by the controller;

      II - study by a research body, guaranteeing, whenever possible, the anonymization of personal data;

      III - transfer to a third party, provided that the data processing requirements set out in this Law are respected; or

      IV - exclusive use by the controller, access by third parties is prohibited, and provided that the data is anonymized.

CHAPTER III
THE HOLDER'S RIGHTS

      Art. 17. Every natural person has guaranteed ownership of their personal data and the fundamental rights of freedom, intimacy and privacy are guaranteed, in accordance with this Law.

      Art. 18. The holder of personal data has the right to obtain from the controller, in relation to the holder's data processed by him, at any time and upon request:

      I - confirmation of the existence of treatment;

      II - access to data;

      III - correction of incomplete, inaccurate or outdated data;

      IV - anonymization, blocking or elimination of unnecessary, excessive or processed data that does not comply with the provisions of this Law;

      V - portability of data to another service or product provider, upon express request and in compliance with commercial and industrial secrets, in accordance with the regulations of the controlling body;

VI - deletion of personal data processed with the holder's consent, except in the cases provided for in art. 16 of this Law;

      VII - information on public and private entities with which the controller shared data;

      VIII - information about the possibility of not providing consent and the consequences of refusal;

      IX - revocation of consent, pursuant to § 5 of art. 8th of this Law.

      1º The holder of personal data has the right to petition in relation to their data against the controller before the national authority.

      2º The holder may oppose the treatment carried out based on one of the hypotheses of exemption from consent, in case of non-compliance with the provisions of this Law.

      3º The rights provided for in this article will be exercised upon express request from the holder or legally constituted representative, to the processing agent.

      4º If it is impossible to immediately adopt the measure referred to in § 3º of this article, the controller will send the holder a response in which he/she may:

      I - communicate that it is not a data processing agent and indicate, whenever possible, the agent; or

      II - indicate the reasons in fact or in law that prevent the immediate adoption of the measure.

      5 The request referred to in § 3 of this article will be met at no cost to the holder, within the deadlines and under the terms set out in the regulations.

      6º The person responsible must immediately inform the processing agents with whom the data has been shared about the correction, deletion, anonymization or blocking of the data, so that they can repeat the same procedure.

      7º The portability of personal data referred to in section V of the caput of this article does not include data that has already been anonymized by the controller.

      8 The right referred to in § 1 of this article may also be exercised before consumer protection bodies.

      Art. 19. Confirmation of the existence of or access to personal data will be provided, upon request from the holder:

      I - in simplified format, immediately; or

      II - by means of a clear and complete declaration, which indicates the origin of the data, the lack of registration, the criteria used and the purpose of the processing, observing commercial and industrial secrets, provided within a period of up to 15 (fifteen) days, counting from the date of the holder's application.

      1º Personal data will be stored in a format that favors the exercise of the right of access.

      2º Information and data may be provided, at the holder’s discretion:

      I - by electronic, secure and suitable means for this purpose; or

      II - in printed form.

3º When the processing originates from the holder's consent or from a contract, the holder may request a full electronic copy of their personal data, observing commercial and industrial secrets, in accordance with the regulations of the national authority, in a format that allows its subsequent use, including in other processing operations.

      4 The national authority may provide different provisions regarding the deadlines set out in items I and II of the caput of this article for specific sectors.

      Art. 20. The data subject has the right to request a review, by a natural person, of decisions taken solely on the basis of automated processing of personal data that affect their interests, including decisions intended to define their personal, professional, consumer profile and credit or aspects of your personality.

      1º The controller must provide, whenever requested, clear and adequate information regarding the criteria and procedures used for the automated decision, observing commercial and industrial secrets.

      2. If the information referred to in § 1 of this article is not provided based on compliance with commercial and industrial secrets, the national authority may carry out an audit to verify discriminatory aspects in the automated processing of personal data.

      Art. 21. Personal data relating to the regular exercise of rights by the holder cannot be used to their detriment.

      Art. 22. The defense of the interests and rights of data subjects may be exercised in court, individually or collectively, in accordance with the provisions of the relevant legislation, regarding individual and collective protection instruments.

CHAPTER IV
THE PROCESSING OF PERSONAL DATA BY PUBLIC AUTHORITY

Section I
Of the Rules

Art. 23. The processing of personal data by legal entities governed by public law referred to in the sole paragraph of art. 1 of Law No. 12,527, of November 18, 2011 (Access to Information Law), must be carried out to meet its public purpose, in pursuit of the public interest, with the aim of executing legal powers or fulfilling legal duties public service, provided that:

      I - the hypotheses in which, in the exercise of their powers, they carry out the processing of personal data, providing clear and updated information on the legal provisions, purpose, procedures and practices used to carry out these activities, in vehicles of easy access, preferably on their websites;

      II - (VETOED); It is

      III - a person in charge is appointed when carrying out personal data processing operations, in accordance with art. 39 of this Law.

      1º The national authority may decide on the forms of advertising of processing operations.

      2 The provisions of this Law do not exempt the legal entities mentioned in the caput of this article from establishing the authorities referred to in Law No. 12,527, of November 18, 2011 (Access to Information Law).

      3º The deadlines and procedures for exercising the holder's rights before the Public Power will comply with the provisions of specific legislation, in particular the provisions contained in Law No. 9,507, of November 12, 1997 (Habeas Data Law), Law No. 9,784, of January 29, 1999 (General Law of Administrative Procedure), and Law No. 12,527, of November 18, 2011 (Access to Information Law).

      4º Notary and registration services carried out in a private capacity, by delegation from the Public Power, will have the same treatment given to the legal entities referred to in the caput of this article, under the terms of this Law.

      5º Notary and registration bodies must provide access to data electronically for the public administration, bearing in mind the purposes set out in the caput of this article.

      Art. 24. Public companies and mixed capital companies that operate under a competitive regime, subject to the provisions of art. 173 of the Federal Constitution, will have the same treatment given to private legal entities, under the terms of this Law.

      Single paragraph. Public companies and mixed-economy companies, when operationalizing public policies and in the scope of their execution, will have the same treatment given to Public Power bodies and entities, under the terms of this Chapter.

      Art. 25. Data must be maintained in an interoperable and structured format for shared use, with a view to implementing public policies, providing public services, decentralizing public activity and disseminating and accessing information by the general public .

      Art. 26. The shared use of personal data by the Public Authorities must meet specific purposes of implementing public policies and legal attribution by public bodies and entities, respecting the principles of protection of personal data listed in art. 6 of this Law.

      1. Public Authorities are prohibited from transferring personal data contained in databases to which they have access to private entities, except:

      I - in cases of decentralized execution of public activity that requires transfer, exclusively for this specific and determined purpose, observing the provisions of Law No. 12,527, of November 18, 2011 (Access to Information Law);

II - (VETOED);

      III - in cases where the data is publicly accessible, in compliance with the provisions of this Law.

      2 The contracts and agreements referred to in § 1 of this article must be communicated to the national authority.

      Art. 27. The communication or shared use of personal data from a legal entity governed by public law to a person governed by private law will be reported to the national authority and will depend on the holder's consent, except:

      I - in the cases of exemption from consent provided for in this Law;

      II - in cases of shared use of data, in which publicity will be given in accordance with item I of the caput of art. 23 of this Law; or

      III - in the exceptions set out in § 1 of art. 26 of this Law.

      Art. 28. (VETOED).

      Art. 29. The national authority may request, at any time, Public Power entities to carry out personal data processing operations, specific information on the scope and nature of the data and other details of the processing carried out and may issue an opinion additional technician to ensure compliance with this Law.

      Art. 30. The national authority may establish complementary standards for communication activities and shared use of personal data.

Section II
Of Responsibility

      Art. 31. When there is a violation of this Law as a result of the processing of personal data by public bodies, the national authority may send a report with appropriate measures to put an end to the violation.

      Art. 32. The national authority may request Public Power agents to publish impact reports on the protection of personal data and suggest the adoption of standards and good practices for the processing of personal data by the Public Power.

CHAPTER V
INTERNATIONAL DATA TRANSFER

      Art. 33. The international transfer of personal data is only permitted in the following cases:

      I - for countries or international organizations that provide a level of protection for personal data appropriate to that provided for in this Law;

      II - when the controller offers and proves guarantees of compliance with the principles, rights of the holder and the data protection regime provided for in this Law, in the form of:

a) specific contractual clauses for a given transfer;
b) standard contractual clauses;
c) global corporate standards;
d)seals, certificates and codes of conduct regularly issued;

      III - when the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, in accordance with the instruments of international law;

IV - when the transfer is necessary to protect the life or physical safety of the holder or a third party;

      V - when the national authority authorizes the transfer;

      VI - when the transfer results in a commitment made in an international cooperation agreement;

      VII - when the transfer is necessary for the execution of public policy or legal attribution of the public service, publicity being given under the terms of item I of the caput of art. 23 of this Law;

      VIII - when the holder has provided specific and prominent consent for the transfer, with prior information about the international nature of the operation, clearly distinguishing this from other purposes; or

      IX - when necessary to meet the hypotheses provided for in items II, V and VI of art. 7th of this Law.

      Single paragraph. For the purposes of section I of this article, the legal entities governed by public law referred to in the sole paragraph of art. 1 of Law No. 12,527, of November 18, 2011 (Access to Information Law), within the scope of their legal powers, and responsible parties, within the scope of their activities, may request the national authority to assess the level of protection of personal data awarded by a country or international organization.

      Art. 34. The level of data protection of the foreign country or international organization mentioned in item I of the caput of art. 33 of this Law will be evaluated by the national authority, which will take into account:

      I - the general and sectoral standards of the legislation in force in the country of destination or in the international organization;

      II - the nature of the data;

      III - compliance with the general principles of protection of personal data and rights of data subjects provided for in this Law;

      IV - the adoption of security measures provided for in regulation;

      V - the existence of judicial and institutional guarantees to respect personal data protection rights; It is

      VI - other specific circumstances relating to the transfer.

      Art. 35. The definition of the content of standard contractual clauses, as well as the verification of specific contractual clauses for a given transfer, global corporate standards or seals, certificates and codes of conduct, referred to in item II of the caput of the article . 33 of this Law, will be carried out by the national authority.

      1 To verify the provisions of the caput of this article, the requirements, conditions and minimum guarantees for the transfer that comply with the rights, guarantees and principles of this Law must be considered.

      2º When analyzing contractual clauses, documents or global corporate standards submitted for approval by the national authority, additional information may be requested or verification steps may be taken regarding processing operations, when necessary.

      3º The national authority may designate certification bodies to carry out the provisions of the caput of this article, which will remain under its supervision under the terms defined in regulation.

      4º Acts carried out by a certification body may be reviewed by the national authority and, if not in compliance with this Law, subjected to review or annulled.

      5 The sufficient guarantees for compliance with the general principles of protection and the rights of the holder referred to in the caput of this article will also be analyzed in accordance with the technical and organizational measures adopted by the operator, in accordance with the provisions of §§ 1 and 2 of the art. 46 of this Law.

      Art. 36. Changes in the guarantees presented as sufficient to comply with the general principles of protection and the rights of the holder referred to in section II of art. 33 of this Law must be communicated to the national authority.


CHAPTER VI
PERSONAL DATA PROCESSING AGENTS

Section I
From the Controller and the Operator

      Art. 37. The controller and operator must keep a record of the personal data processing operations they carry out, especially when based on legitimate interest.

      Art. 38. The national authority may order the controller to prepare an impact report on the protection of personal data, including sensitive data, regarding its data processing operations, in accordance with regulations, observing commercial and industrial secrets.

      Single paragraph. Subject to the provisions of the caput of this article, the report must contain, at a minimum, a description of the types of data collected, the methodology used for collection and to guarantee the security of information and the controller's analysis in relation to measures, safeguards and risk mitigation mechanisms adopted.

      Art. 39. The operator must carry out the processing according to the instructions provided by the controller, who will verify compliance with the instructions and rules on the matter.

      Art. 40. The national authority may provide for interoperability standards for the purposes of portability, free access to data and security, as well as the storage time for records, especially taking into account the need and transparency.

Section II
From the person responsible for processing personal data

      Art. 41. The controller must appoint the person responsible for processing personal data.

      1º The identity and contact information of the person in charge must be publicly disclosed, in a clear and objective manner, preferably on the controller's website.

      2º The activities of the person in charge consist of:

      I - accept complaints and communications from holders, provide clarifications and adopt measures;

      II - receive communications from the national authority and adopt measures;

      III - guide the entity's employees and contractors regarding the practices to be taken in relation to the protection of personal data; It is

      IV - perform other duties determined by the controller or established in complementary rules.

      3º The national authority may establish complementary rules on the definition and duties of the person in charge, including hypotheses for waiving the need for his/her appointment, depending on the nature and size of the entity or the volume of data processing operations.

Section III
Liability and Damage Compensation

      Art. 42. The controller or operator who, as a result of carrying out personal data processing activities, causes property, moral, individual or collective damage to another person, in violation of personal data protection legislation, is obliged to make reparations. it.

      1 In order to ensure effective compensation to the data subject:

      I - the operator is jointly and severally liable for damages caused by the processing when he fails to comply with the obligations of data protection legislation or when he has not followed the lawful instructions of the controller, in which case the operator is equivalent to the controller, except in the cases of exclusion provided for in art. 43 of this Law;

      II - controllers who are directly involved in the processing that resulted in damage to the data subject respond jointly, except in the cases of exclusion provided for in art. 43 of this Law.

      2º The judge, in civil proceedings, may reverse the burden of proof in favor of the data subject when, in his opinion, the allegation is credible, there is hyposufficiency for the purposes of producing evidence or when the production of evidence by the data subject results in him excessively onerous.

      3º Actions for reparation for collective damages that have as their object liability under the terms of the caput of this article may be exercised collectively in court, subject to the provisions of the relevant legislation.

      4º Whoever repairs the damage to the holder has the right to recourse against the other responsible parties, to the extent of their participation in the harmful event.

      Art. 43. Processing agents will only not be held liable when they prove:

      I - who did not process the personal data assigned to them;

      II - that, although they carried out the processing of personal data assigned to them, there was no violation of data protection legislation; or

      III - that the damage is the result of the exclusive fault of the data subject or a third party.

      Art. 44. The processing of personal data will be irregular when it fails to comply with legislation or when it does not provide the security that the holder can expect, considering the relevant circumstances, including:

      I - the way in which it is carried out;

      II - the result and risks that are reasonably expected from it;

      III - the personal data processing techniques available at the time it was carried out.

      Single paragraph. The controller or operator who, by failing to adopt the security measures provided for in art. 46 of this Law, causes the damage.

      Art. 45. Hypotheses of violation of the holder's rights in the context of consumer relations remain subject to the rules of liability provided for in the relevant legislation.

CHAPTER VII
SAFETY AND GOOD PRACTICES

Section I
Security and Data Confidentiality

      Art. 46. Processing agents must adopt security, technical and administrative measures capable of protecting personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or any form of inappropriate or unlawful processing.

      1º The national authority may provide for minimum technical standards to make the provisions of the caput of this article applicable, considering the nature of the information processed, the specific characteristics of the processing and the current state of technology, especially in the case of sensitive personal data, as well as the principles set out in the caput of art. 6 of this Law.

      2º The measures referred to in the caput of this article must be observed from the design phase of the product or service until its execution.

      Art. 47. Processing agents or any other person who intervenes in one of the processing phases is obliged to guarantee the security of the information provided for in this Law in relation to personal data, even after its end.

      Art. 48. The controller must communicate to the national authority and the holder the occurrence of a security incident that could cause significant risk or damage to the holders.

      1st Communication will be made within a reasonable period of time, as defined by the national authority, and must mention, at least:

      I - description of the nature of the affected personal data;

      II - information about the holders involved;

      III - indication of the technical and security measures used to protect data, observing commercial and industrial secrets;

      IV - the risks related to the incident;

      V - the reasons for the delay, if communication was not immediate; It is

      VI - the measures that have been or will be adopted to reverse or mitigate the effects of the loss.

      2º The national authority will verify the seriousness of the incident and may, if necessary to safeguard the rights of holders, order the controller to adopt measures, such as:

      I - wide dissemination of the fact in the media; It is

      II - measures to reverse or mitigate the effects of the incident.

      § 3 In judging the seriousness of the incident, any proof that appropriate technical measures were adopted that make the affected personal data unintelligible, within the scope and technical limits of its services, to third parties not authorized to access them will be assessed.

      Art. 49. Systems used to process personal data must be structured in such a way as to meet security requirements, standards of good practice and governance and the general principles set out in this Law and other regulatory standards.

Section II
Good Practices and Governance

      Art. 50. Controllers and operators, within the scope of their competences, for the processing of personal data, individually or through associations, may formulate rules of good practice and governance that establish the organizational conditions, operating regime, procedures, including complaints and petitions from data subjects, security standards, technical standards, specific obligations for those involved in the processing, educational actions, internal supervision and risk mitigation mechanisms and other aspects related to data processing personal.

      1 When establishing rules of good practice, the controller and operator will take into account, in relation to processing and data, the nature, scope, purpose and probability and severity of the risks and benefits arising from the processing of data from the holder.

      2º In the application of the principles indicated in items VII and VIII of the caput of art. 6 of this Law, the controller, observing the structure, scale and volume of its operations, as well as the sensitivity of the data processed and the probability and severity of damage to data subjects, may:

      I - implement a privacy governance program that, at a minimum:

a) demonstrate the controller's commitment to adopting internal processes and policies that ensure comprehensive compliance with standards and good practices relating to the protection of personal data;
b) is applicable to the entire set of personal data that is under its control, regardless of how it was collected;
c)is adapted to the structure, scale and volume of its operations, as well as the sensitivity of the data processed;
d) establish appropriate policies and safeguards based on a systematic assessment process of impacts and risks to privacy;
e) aims to establish a relationship of trust with the holder, through transparent action that ensures mechanisms for the holder’s participation;
f) is integrated into its general governance structure and establishes and applies internal and external supervision mechanisms;
g) have incident response and remediation plans; It is
h) is constantly updated based on information obtained from continuous monitoring and periodic assessments;

      II - demonstrate the effectiveness of its privacy governance program when appropriate and, in particular, at the request of the national authority or other entity responsible for promoting compliance with good practices or codes of conduct, which, independently, promote the compliance with this Law.

      3º The rules of good practices and governance must be published and updated periodically and may be recognized and disclosed by the national authority.

      Art. 51. The national authority will encourage the adoption of technical standards that facilitate control by holders of their personal data.

CHAPTER VIII
INSPECTION

Section I
Administrative Sanctions

      Art. 52. Data processing agents, due to infractions committed against the rules set out in this Law, are subject to the following administrative sanctions applicable by the national authority:

      I - warning, indicating a deadline for adopting corrective measures;

      II - simple fine, of up to 2% (two percent) of the revenue of the private legal entity, group or conglomerate in Brazil in its last year, excluding taxes, limited, in total, to R$ 50,000,000.00 (fifty million reais) per infraction;

      III - daily fine, subject to the total limit referred to in item II;

      IV - publicizing the infraction after its occurrence has been duly investigated and confirmed;

      V - blocking of personal data to which the infringement refers until its regularization;

      VI - deletion of personal data to which the infringement refers;

      VII - partial or total suspension of the operation of the database to which the infringement refers for a maximum period of 6 (six) months, extendable for an equal period until the processing activity is regularized by the controller;

      VIII - suspension of the exercise of the personal data processing activity to which the infringement refers for a maximum period of 6 (six) months, extendable for an equal period;

      IX - partial or total prohibition of carrying out activities related to data processing.

      1º Sanctions will be applied after an administrative procedure that allows the opportunity for broad defense, gradually, isolated or cumulatively, according to the peculiarities of the specific case and considering the following parameters and criteria:

      I - the severity and nature of the infractions and affected personal rights;

      II - the good faith of the offender;

      III - the advantage obtained or intended by the offender;

      IV - the economic condition of the offender;

      V - recidivism;

      VI - the degree of damage;

      VII - (VETOED);

      VIII - (VETOED);

      IX - (VETOED);

      X - the prompt adoption of corrective measures; It is

      XI - the proportionality between the severity of the offense and the intensity of the sanction.

      2 The provisions of this article do not replace the application of administrative, civil or criminal sanctions defined in specific legislation.

3º The provisions of items I, IV, V, VI, VII, VIII and IX of the caput of this article may be applied to public entities and bodies, without prejudice to the provisions of Law No. 8,112, of December 11, 1990 (Statute of Federal Public Servant), in Law No. 8,429, of June 2, 1992 (Administrative Improbity Law), and in Law No. 12,527, of November 18, 2011 (Access to Information Law).

      4º When calculating the value of the fine referred to in item II of the caput of this article, the national authority may consider the total revenue of the company or group of companies, when it does not have the value of the revenue in the branch of business activity in which the infraction occurred. , defined by the national authority, or when the value is presented incompletely or is not demonstrated in an unequivocal and suitable manner.

      Art. 53. The national authority will define, through its own regulation on administrative sanctions for infractions of this Law, which must be subject to public consultation, the methodologies that will guide the calculation of the base value of fine sanctions.

      1st The methodologies referred to in the caput of this article must be previously published, for the knowledge of treatment agents, and must objectively present the forms and dosimetries for calculating the base value of fine sanctions, which must contain detailed justification for all its elements, demonstrating compliance with the criteria set out in this Law.

      2º The regulations on sanctions and corresponding methodologies must establish the circumstances and conditions for the adoption of a simple or daily fine.

      Art. 54. The value of the daily fine sanction applicable to infractions of this Law must take into account the seriousness of the offense and the extent of the damage or loss caused and be substantiated by the national authority.

      Single paragraph. The notice of the daily fine sanction must contain, at a minimum, a description of the obligation imposed, the reasonable period stipulated by the body for its compliance and the value of the daily fine to be applied for non-compliance.

CHAPTER IX
FROM THE NATIONAL DATA PROTECTION AUTHORITY
(ANPD) AND THE NATIONAL COUNCIL FOR THE PROTECTION OF
PERSONAL DATA AND PRIVACY

Section I
From the National Data Protection Authority (ANPD)


      Art. 55. (VETOED).

      Art. 56. (VETOED).

      Art. 57. (VETOED).

Section II
From the National Council for the Protection of Personal Data and the
Privacy


      Art. 58. (VETOED).

      Art. 59. (VETOED).

CHAPTER X
FINAL AND TRANSITIONAL PROVISIONS


      Art. 60. Law No. 12,965, of April 23, 2014 (Marco Civil da Internet), comes into force with the following changes:

"Article 7

X- Definitive exclusion of personal data that has provided the particular application of the Internet, to its request, at the end of the relationship between the parties, except for the hypotheses of compulsory custody of records provided for in this Law and in the provisions of the protection of personal data;
" (NR)
"Art. 16.

II - personal data that is excessive in relation to the purpose for which consent was given by its holder, except in the cases provided for in the Law that provides for the protection of personal data." (NR)
      Art. 61. The foreign company will be notified and notified of all procedural acts provided for in this Law, regardless of power of attorney or contractual or statutory provision, in the person of the agent or representative or person responsible for its branch, agency, branch, establishment or office installed in Brazil.

      Art. 62. The national authority and the National Institute of Educational Studies and Research Anísio Teixeira (Inep), within the scope of their competences, will issue specific regulations for access to data processed by the Union to comply with the provisions of § 2 of art. 9th of Law No. 9,394, of December 20, 1996 (Law of Guidelines and Bases of National Education), and those referring to the National Higher Education Assessment System (Sinaes), covered by Law No. 10,861, of April 14 2004.

      Art. 63. The national authority will establish rules on the progressive adaptation of databases created before the date of entry into force of this Law, taking into account the complexity of the processing operations and the nature of the data.

      Art. 64. The rights and principles expressed in this Law do not exclude others provided for in the national legal system related to the matter or in international treaties to which the Federative Republic of Brazil is a party.

      Art. 65. This Law comes into force 18 (eighteen) months after its official publication.

      Brasília, August 14, 2018; 197th of Independence and 130th of the Republic.

MICHEL TEMER
Torquato Jardim
Aloysio Nunes Ferreira Filho
Eduardo Refinetti Guardia
Esteves Pedro Colnago Junior
Gilberto Magalhães Occhi
Gilberto Kassab
Wagner de Campos Rosario
Gustavo do Vale Rocha
Ilan Goldfajn
Raul Jungmann
Eliseu Padilha

rmas related to topsgirls cam, highlighting the forms of collection, use, storage,
data processing and protection. If the User does not agree with the content of this Privacy Policy,
  You should not access or use the TopsGirls Cam Network sites.

Topsgirls cam is committed to protecting the privacy and security of all Users. All this for you, our User,
  calmly use the facilities that topsgirls cam provides you in the search for real pleasure.

It is worth noting that all information entrusted by the User in their registration will be for the use of topsgirls cam,
being incorporated into its database for the operation of the topsgirls website, through User identification by login and password.

We ask that all users take a moment to read this instrument before registering on topsgirls cam,
  bearing in mind that access to this depends on clicking the “I accept the Privacy Policy” button,
and that topsgirls Users are responsible for knowing the entire contents of this instrument.

To access topsgirls cam, Users must register and register in advance.
must provide true, complete, accurate and updated personal data,
being solely responsible for any damages or losses arising from incomplete or untrue information entered,
at www.topsgirls.com

From the information collected
1. Topsgirls cam may collect information in several ways. Some personal information may be obtained at the time of User registration,
and may also be collected in the content of this post, given that topsgirls cam,
  may collect all information actively entered into topsgirls cam by its Users.

2. Topsgirls cam may automatically collect information when Users access the topsgirls website,
  as well as use tools for automatic collection of data transmitted by topsgirls cam, such as cookies,
  web beacons, crawlers, among others, from partners and suppliers,
such as Google Analytics and possibly data characteristic of the access instrument (browser),
such as websites accessed, computer model, operating system.


3. Any data transmitted by the user of the topsgirls cam website may be collected,
  including forms, posts, messages, comments.

4. Under Brazilian legislation, during all access, including at the time of registration,
  The user's IP address, time and date will be collected.

Data processing
5. The information collected by topsgirls that may be used to personalize and improve the content and/or services that will be,
  made available on the topsgirls website to the User. Knowledge about the User will enable personalized service,
with more efficiency and respect, including enabling easier navigation.

6. For any marketing campaigns specific to the target audience, the data collected may help,
  to limit user interest to offer exclusive products.

7. The collected data may be made available for targeted marketing services and for the preparation of statistical reports,
  for topsgirls cam.

8. Some data may be provided to advertisers, partners, sponsors, including for sending email marketing,
and for billing procedures for Subscriber services.

9. Data may be forwarded at the request of the competent authorities,
as well as for possible judicial or extrajudicial demands as a defense instrument,
preparing complaints or other procedures of interest to topsgirls cam.

10. The topsgirls database constitutes an asset of the company eSapiens Internet SA, and may,
in case of corporate changes, it will be handed over to the rightful party, and it can also be negotiated separately.

Data storage
11. All sites related to topsgirls use the HTTPS protocol,
an additional layer of security that allows your data as a User,
password and personal information are encrypted and verified by the server using digital certificates.

12. As a safety standard stipulated by Brazilian legislation, topsgirls:

Maintains strict control over access to data by defining the responsibilities of the people who will have access,
  and exclusive access privileges for certain Users;
Created authentication mechanisms for access to records to ensure the individualization of those responsible for processing the records;
Maintains detailed inventory of access to application access logs,
containing the date and time of use from a given IP address,
including to comply with the provisions of Brazilian legislation;
13. Topsgirls is committed to retaining as little personal data as possible,
private communications and records of connection and access to applications,
which must be deleted as soon as the purpose of their use has been achieved;
or after the end of the period determined by legal obligation.

14. Topsgirls reserves the right to keep user data for the period determined by Brazilian legislation,
to comply with an order issued by a competent authority.

General Provisions
15. Any tolerance by topsgirls in relation to non-compliance with the provisions of this policy will not constitute,
  under no circumstances, renunciation or novation,
  nor will it prevent topsgirls from asserting any rights set forth herein;

16. If any clause of this Privacy Policy is declared null, for any reason,
the other clauses will remain in force and will fully produce their effects.
If the nullity affects the balance of this relationship,
The parties undertake to renegotiate, in good faith, the conditions established here.

17. The Terms of Use are an integral part of this document,
  both of which will be applied and interpreted together. In case of discrepancy between the Terms of Use and the Privacy Policy,
or other documents, the provisions of the Terms of Use will prevail.

18. Topsgirls cam reserves the right to change this Privacy Policy to adapt it to applicable legislation or best business practices,
  at any time and regardless of justification.

Topsgirls cam cookie policy
Effective from December 3, 2020.

The purpose of this Policy is to provide clear and accessible information about the cookies that topsgirls cam
  uses and the roles they play.
This policy does not exclude the provisions of the Privacy Policy and aims to detail and complement it.

What are cookies

Cookies: Cookies are simple text files sent by the website to the browser,
the first time you visit to ensure the proper functioning of websites and services on the web,
  as they facilitate the total adaptation of topsgirls cam to your total personal needs,
  facilitating the use of our services and making your navigation more pleasant. Furthermore, cookies are used to better understand,
  how our visitors and users use our website and services.

Topsgirls uses the following types of cookies on its website, application and services:
Session cookies: These are temporary use cookies, deleted when you close your browser.
If you reopen your browser and access the website again, you will be treated as a new visitor.
Necessary cookies: They are strictly necessary for the correct functioning of our website,
allowing them to access and use our resources.
Persistent cookies: Cookies that are stored in your browser until they are deleted manually or according to the period,
  established duration. When you return to the topsgirls cam website, application or services you will be recognized even if you have previously closed your browser.
Automatically collected data

Tracking Technologies: Topsgirls cam may also use other tracking technologies that may collect information,
  such as IP addresses, log files and web beacons, among others, that help us provide the website,
topsgirls cam app and services to all your personal needs.

When your device is connected to the internet it will receive a number referring to its IP (Internet Protocol) address.
which is used to identify you. Every time you connect to the internet, your computer receives an IP assigned by your internet service provider. We may record IP Addresses for the following purposes:

Maintain the safety and security of our website, application and services;
Understand how our users and visitors use our website, application and services;
Through geographic location, adapt navigation and content to the user's needs.
Log files

Logs: Topsgirls or a third party, working on our behalf,
  may collect information in the form of log files that detail website activities and collect statistics about habits,
  user navigation, including, for example, time spent on each post and profile.
Typically these records are generated anonymously and help us understand details such as:

The type of browser and system used by users of our website or online services;
Details about the user session, including the originating URL, date,
time and which pages the user visited on our websites and compatible services, and how long the user spent using them;
Other navigation or click count details including website traffic reports,
unique visitor count and similar data.
Other records processed

Web beacons or pixels: We may use web beacons (or clear GIFs)
on the topsgirls cam sites.
Web beacons (also known as webbugs or web beacons)
  are small sequences of codes that allow the delivery of a graphic image on a web page with the aim of transferring,
  data back to us. We use information from web beacons for a variety of purposes, including:

Understand how a user responds to email campaigns;
Traffic reports for our website and compatible services;
Count unique visitors, audit and advertising and email reports,
in addition to personalization on our websites and other compatible services.
Granular consent

Whenever possible, as long as it does not interfere with the functionality and security of the platform or our legal obligations,
we will offer you the ability to select which records you want to be written or read.

On the other hand, it is important to remember that it is up to you to ensure that your computer's settings,
account on the platform or portable device reflect whether you consent to accept Cookies or not.

Most browsers allow you to set rules to warn you before accepting Cookies or simply refusing them.
  You do not need to have Cookies enabled to use or browse most of the topsgirls cam website and online services, however,
in this case,
We cannot guarantee that you will be able to access all of its features and functionality,
  which can result in an unpleasant experience.

We recommend that you see in your browser how to make the necessary settings for your privacy.
  Remember that if you use different browsers, or even computers and/or portable devices in different locations,
  you will need to ensure that each device and browser is adjusted to your personal Cookie preferences.

How our web beacons or pixels may be part of a web page (embedded in code)
  it is not possible to exclude (“opt-out”) this type of resource,
  but you can make it completely non-functional by enabling the “opt-out” feature for Cookies placed by this flag.

Data Protection Officer

If you have any questions about this, or wish to question any provision,
  or even oppose any processing operation that we establish in this policy,
  Contact our Data Protection Officer, through our Privacy and Personal Data Protection Center.
 
© 2024 .:: Tops Girls ::., All rights reserved, under article number 9.610/98 of May 14, 1996. All content on this site is entirely intended for people over 18 (Eighteen) years old.