2.1. For the purposes of applying this Policy, the following are considered: data subjects any and all individuals who, in relation to the Marist Network, are under one or more of the following conditions:

• associated;
• employee;
• trainee;
• student;
• teaching;
• legal guardian;
• patient;
• voluntary,
• supplier;
• partner;
• service provider;
• member of the educational community who does not fit into the above categories;
• user of their websites and applications;
• any other identified or identifiable individual interested in its activities and services.

2.2. All such data subjects are guaranteed adequate and fair data processing, but not necessarily the implementation of the same legal bases for its collection and/or storage, considering that the Marist Network it's composed by enterprises with distinct areas of activity, each under the responsibility of one of its maintainers, each with its own legal personality, as indicated below.

Enterprise: Schools e Social Units
Website: https://colegios.redemarista.org.br/ e https://social.redemarista.org.br/
Sponsor: SOUTHERN BRAZILIAN UNION OF EDUCATION AND EDUCATION – USBEE
CNPJ: 92.706.308 / 0001-75
Sponsor: SOUTHERN EDUCATION SOCIETY – SOME
CNPJ: 92.023.159/0001-40

Enterprise: St. Luke’s Hospital – HSL
Website: https://www.hospitalsaolucas.pucrs.br/​
Sponsor: BRAZILIAN UNION OF EDUCATION AND ASSISTANCE – UBEA
CNPJ: 88.630.413 / 0001-09

Enterprise: Brain Institute – InsCer
Website: https://www.pucrs.br/inscer/
Sponsor: BRAZILIAN UNION OF EDUCATION AND ASSISTANCE – UBEA
CNPJ: 88.630.413 / 0001-09

Enterprise: Pontifical Catholic University of Rio Grande do Sul – PUCRS
Website: https://www.pucrs.br/​
Sponsor: BRAZILIAN UNION OF EDUCATION AND ASSISTANCE – UBEA
CNPJ: 88.630.413 / 0001-09

2.3. Therefore, due to the diversity of services provided by these enterprises and/or its units and the consequent specificity in the treatment of the data collected by them, this Privacy Policy may be supplemented by operational guidelines specific to each enterprise and / or unit, to be duly made available, also applying the specific legislation of each area of ​​activity.

2.4. The Marist Network may, at any time, create, institute new enterprises, units and/or service offerings, as well as terminate any of them. Likewise, the Marist Network may transfer to third parties the operations that fulfill its institutional purposes, considering the activities of the Marist Institute in Brazil and in the world, and its possible institutional reorganization processes, observing the provisions of the Federal Constitution and other regulatory standards for its area of ​​activity.

2.5. Any of the hypotheses in item 2.4, if they occur, will be carried out without prejudice to the commitments previously provided for in this Privacy Policy, except for any changes that may be necessary, including for the purposes of greater guarantee of the privacy of data subjects.

2.6. If any of the hypotheses in item 2.4 occur and, as a consequence, there is an influence on the way in which the Marist Network processes personal data, the consequent update of this Privacy Policy will be informed through its official communication channels and when new access is made by users and data holders to its platforms.

3.1. In addition to the legal premises, the Privacy Policy da Marist Network is built and conducted under the inspiration of some of the human principles and values ​​represented by institutional values, among them responsibility and discretion in their actions with those who relate to them.

3.2. Likewise, respect for the principle of dignity of human life is present in the conduct of this Privacy Policy, which is why, without prejudice to the due protection of other types of personal data and other types of data subjects, Marist Network extends special care to those described in the items 3.2.1 and 3.2.2.

3.2.1 Sensitive Personal Data

3.2.1.2. The Marist Network extends special care to personal data sensitive areas that are under its control, considering its areas of activity in the areas of education, assistance, health and research.

3.2.1.3. To the holders of this data, when informed to them, or to their legal guardian, of the need to collect and process the same, this Privacy Policy serves as a complementary basis to that provided for in Art. 11, II, of Law 13.709/2019, through which the processing of sensitive data may occur without providing consent of the holder when it is essential for, among other situations provided for by law:

a) compliance with legal or regulatory obligations for the controller;

b) shared treatment of data necessary for execution, for public administration, of public policies provided for in laws or regulations;

c) conducting studies by research body, guaranteed, whenever possible, to anonymization of two sensitive data;

d) regular exercise of rights, including in contracts and in judicial, administrative and arbitration proceedings;

e) protection of life or physical security of the owner or third party;

f) health protection, exclusively, in a procedure carried out by health professionals, health services or health authorities;

g) ensuring fraud prevention and the security of the holder, in the identification and authentication processes for registration in electronic systems.

3.2.1.4. Other definitions on the treatment of personal data Sensitive data are present in the General Data Protection Law and in other rules of Brazilian legislation, about which the data subject cannot claim ignorance, under the terms of Art. 3 of Decree-Law 4.657/42.

3.2.1.5. In case of doubt, the holder of personal data sensitive you can easily obtain information about the treatment of the same by Marist Network through the contacts disclosed in this policy.

3.2.2 Personal Data of Children and Adolescents

3.2.2.1. As described in the previous section, considering its areas of activity in the areas of education, health and research, Marist Network extends special care to personal data of children and adolescents who are under their control.

3.2.2.2. Considering the dynamics and routines of the services offered, it is possible that the collection of this data occurs not only at the time the child or adolescent enters a space where the service operates, Marist Network, but also in certain activities during the provision of the services offered.

3.2.2.3. Therefore, any of the legal guardians of the child or adolescent who is the owner of the collected data, upon accepting this Privacy Policy, will be aware of this, and that, even so, the Marist Network will make proportionate and reasonable efforts to collect new consent, at least from one legal guardian of the child or adolescent, considering the dynamics and purpose of the activity to be developed, as well as the resources and technologies available, prioritizing the use of simple, clear and accessible language.

3.2.2.4. The treatment of personal data of children and adolescents from  Marist Network may also be given based on the Law 8.069/1990 – Statute of Children and Adolescents​, so that, when collecting and processing data from people who fall under this law, it will be acting in compliance with a legal obligation, with legal guardians thus being aware that the need for consent may be waived.

4.1 Collection and Use of Personal Data, including cookies

4.1.1. The Marist Network collects personal data in order to implement and operationalize the service or care that is of interest to the person holding such data, always based on the requirements for the Processing of Personal Data foreseen in Art. 7 of Law 13.709/2018.

4.1.2. In order to improve its services and assistance, occasionally, each of its enterprises ou units maintained may collect other data beyond those minimums necessary for the specific purpose of operating the service or care requested by the data subject. In these situations, the data subject will be informed of the specific purposes of such collections, as well as the legal hypotheses adopted, among those provided for in the General Data Protection Law.

4.1.3. In each enterprise ou unit da Marist Network, the use and processing of this data will inevitably occur across areas, departments or sectors, for the correct development of work routines and execution of the purposes for which this data is intended.

4.1.4. In addition to the following, the following will also be collected: personal data “normal” information (such as name, date of birth, legal guardians, residential address, telephone number, e-mail), any data or information digital that, in some way, may, together with other data, make a particular person identifiable (for example, IP address, login user, date and time, screens accessed, mobile device information, logs, cookies and the like).

4.1.5. Data and information such as these are necessary to allow their holders to navigate through the various pages, virtual platforms and information systems made available by Marist Network, as well as to guarantee the security of the information processed and its users.

4.1.6. This data may also be processed using analytical tools, in order to better understand our audience, their habits and needs and thus continually improve the services offered to them. In addition to using specific tools for these purposes, Marist Network You may also make use of applications from partners and service providers contracted with these market experts, who take on the role of our data operators under the terms established by Law 13.709 / 2018 and the principles detailed in this policy.

4.1.7. By reading and accepting this Privacy Policy, therefore, anyone who uses these pages, virtual platforms and information systems is aware of the collection of this data, as well as its purposes.

4.2 Data storage

4.2.1. Data collected by Marist Network will remain stored securely and even anonymized, if necessary, and always observing the specificity of service and space of each enterprise ou unit.

4.2.2. To maintain this data with you, Marist Network will observe not only the collection rules provided for by Law 13.709/2018 – General Data Protection Law, but also the laws and regulations that require or allow the conservation and storage of certain data for a longer or shorter period of time, regardless of the consent or will of the holder.

4.2.3. It is possible that the deadlines mentioned above may be altered by changes in the respective laws, standards, regulations and the like, which will not necessarily imply the immediate updating of this Privacy Policy, if the way data is processed is not impacted by these changes.

4.2.4. Therefore, any legal bases that may exist and are in force that allow the Marist Network carrying out the processing of certain personal data, even without the consent of its holder, overrides its mention or not in this document.

4.3 Use of Data by Operators

4.3.1. Whether in the past, present or future, the sharing of personal data with partners, service providers and/or subcontractors of Marist Network it is necessary for it to be able to meet and provide the services for which it was contracted, in accordance with each of its areas and spaces of operation.

4.3.2. Therefore, it is common and lawful for the data of a given person or holder to be accessible not only to Marist Network, but also for the organization or professional that is its partner, service provider, subcontractor for that specific purpose that will allow it to provide the service or assistance for which it was contracted.

4.3.4. With these other organizations, called operators of data, as per Article 5, VII, of Law 13.709/2018, Marist Network will always strive to establish contractual clauses and security protocols that guarantee the protection and privacy of the data that has been shared or transmitted to them exclusively for the service for which they were contracted, since, being in this condition, they will also be responsible in the event of any incident.

4.3.5. By consenting, therefore, to the provision, or being aware that there is a legal basis for the use of your data by Marist Network, the holder of this data is automatically agreeing therefore, being aware that, in certain cases, it is possible that your rights, as data subjects, must be exercised with these operators.

4.4 Data Sharing

4.4.1. The enterprises ou units da Marist Network may share or transmit among themselves the data of the holders who have a relationship with them, which will occur with the purpose of making the experience of the people who have a relationship with the institution increasingly positive, and based on the Art. 7, § 5, of Law 13.709/2018.

4.4.1. This sharing may also occur as a way of Marist Network establish good governance practices regarding the processing of personal data, as recommended in Art. 50 of Law 13.709/2018.

4.4.2. By reading and accepting this Privacy Policy, all the data holder is aware of this possible sharing, without prejudice to the exercise of its rights, in particular, confirmation of the existence of this processing with sharing and information about the possibility of not providing consent and the consequences of this refusal, in the form of Art. 18, I and VIII, of law 13.709/2018.

5.1 Data Controllers

5.1.1. Although the present Privacy Policy establish the general terms by which the Marist Network ensures the protection of privacy and the guarantee of the rights of data subjects, it is the responsibility of each enterprise and / or unit make decisions regarding the processing of personal data.

5.1.2. Thus, it is considered controller of the data processed by you, for the purposes of applying this Privacy Policy, each one of enterprises ou units da Marist Network identified in item 2.2, with each of them being individually and exclusively responsible in cases of request for rights by the holder, incidents and referrals to the National Data Protection Agency.

5.1.3. In the form of item 4.3 of this Politics, each of the data controllers of Marist Network may interact and share the use of the data it processes with other organizations that will thus be in a position to operators of data.

5.2 Personal Data Protection Officers

5.2.1. Considering the Definitions brought by this Privacy Policy and the diversified scope of service in the areas of activity of Marist Network, each of their enterprises listed in item 2.2 has a Data Controller specific, also called Data Protection Officer (DPO).

5.2.2. The Data Protection Officers personal will act as a communication channel for their respective enterprise with data subjects and the National Data Protection Authority – ANPD, carrying out the activities provided for by law among others provided for by enterprise ou unit data controller.

5.2.3. The identity of each Data Protection Officer is publicly disclosed on the websites of each enterprise, whose addresses are listed in item 2.2.

5.3 Exercise of Rights by Data Subjects

5.3.1. Data subjects may exercise their rights provided for in the General Data Protection Law through the institutional channel ethics and compliance da Marist Network, accessible at the following address: www.conformidade.com.br/ NossosValores

5.3.2. On this website, the data subject or his/her legal representative, demonstrably constituted, you must register your express request by clicking on the field Data Privacy and fill out the form there according to your needs.

5.3.3. Each of the requirements for exercise of rights registered by the data subjects registered on this channel will be accessed, in a protected, restricted and confidential manner, by Data Controller do enterprise and / or unit service to which the request refers.

5.3.4. It is possible that, in response to the data holder applicant, the Marist Network inform the impossibility of immediately adopting measures that meet your request, under the terms of Art. 18. § 4, of Law 13.709/2018, in which case you may communicate that you are not the processing agent for said data, indicating, whenever possible, the processing agent to whom the holder should contact, or also indicate the reasons in fact or in law that prevent the immediate adoption of the measure.

5.3.5. The deadline for the response of the Marist Network, always counted from the date of registration of the application and considering the principle of reasonableness, will observe the provisions of its own regulation, to be defined by National Data Protection Agency – ANPD, in accordance with the Art. 18, §5, of Law 13.709/2018​.

6.1 Changes to the Privacy Policy

6.1.1. The Marist Network reserves the right to update this Privacy Policy whenever necessary, seeking improvement and greater security in processes and adaptations to legislation.

6.1.2. When such updates and changes occur, the Marist Network will inform data subjects about such occurrences, which does not exempt them, whether they are in any of the conditions provided for in item 2.1. of this Privacy Policy, to consult it regularly.