Our Privacy Notice has been developed to restate our commitment with safety and privacy of personal information and data we collect from users, a service provided by Petróleo Brasileiro S.A., hereinafter referred to as Petrobras. Petrobras commitment with the subject is provided in our Code of Ethical Conduct.
This Privacy Notice covers the handling provided by Petrobras to personal information and data of natural persons capable of identifying users, collected when they are on Petrobras website on the internet or if they comprise the company electronic data.
It is worth mentioning that Petrobras website can have access to links to external websites (also known as ‘hyperlinks’), which contents and privacy policies are not liable to Petrobras, i.e., they are out of Petrobras control and are not covered by this Privacy Notice. Thus, it is recommended that, as they are redirected to external websites, users should always read the relevant privacy statements/policies before providing personal data, especially sensitive data. It should be highlighted that Petrobras does not control privacy practices of such websites, and it does not approve third party website statements.
We remind that Petrobras reviews privacy notices regularly, including the present Privacy Notice. Thus, its regular reading is recommended.
In case of change of personal information or data collection and/or handling, as well as in the case of purpose change, Petrobras will report the new privacy conditions clearly and objectively, concerning Petrobras information safety notices, for personal data handling transparent management: a) to general public, by means of announcement in our main page; b) to registered users, by means of electronic communication.
As far as this Privacy Notice is concerning, the following provisions should be considered:
Petrobras, as it handles personal data, it is based on legal foundations and principles in force, especially caring for information self-ruling foundation, as well as good faith, purpose, non-prejudice, responsibility and accountability principles.
- Petrobras Website: Petróleo Brasileiro S.A. Investor Relations Website
- User: Person that uses and/or interacts with some Petrobras digital channels.
- Personal data: information related to identified or identifiable natural person.
- Sensitive personal data: Personal data on racial or technical origin, religious belief, political opinion, labor union or religious, philosophical or political organization membership, data related to health or sex life, genetic or biometric data, whenever linked to a natural person.
- Handling: every operation performed with personal data, as the ones related to collection, production, reception, classification, usage, access, reproduction, transmission, distribution, processing, filing, storage, deletion, assessment or control of information, change, communication, transfer, broadcast or extraction.
- Tracking technologies (cookies, pixels, etc.): small files created by websites visited and stored in the user computer through the browser that can be used to identify visitors, customize the page based on navigability profile, track enhancement and control use patterns, and enable data control between the same website. In order to enable information transparency provided by the user to the website, it is important to know the information that can be achieved through cookies by means of cookies policy/statement.
- Petrobras can monitor all user motion in the Portal, to enhance navigability and consequent technological solution development in activity daily routines, focused on the process simplification, service improvement, highlighting information cost-effectiveness, governance and traceability aspects.
- Petrobras collects personal information and data capable of identifying users, including texts and images, whenever they:
- a) navigate on the website
- b) download documents, presentations and other materials
- c) fill in forms and access systems
On the User:
- For each data collection mode, different information can be requested, according solely to the collection specific purpose, with the relevant legal support and storage time. Thus, users will be previously notified on data and the purpose that will be collected, and they can provide them at their own discretion.
- Petrobras use essential cookies on the Investors Relations website. The user can set up his/her browser in order not to be tracked.
- a) Petrobras does not have access to the navigation IP address in Petrobras Denouncement Channel, which is an independent, classified and unbiased tool, and it is available to Petrobras external and internal audience and its controlled companies. It is, thus, a classified environment, hosted outside Petrobras System and managed by a contracted company. Anonymity is assured by the internet and by phone, as there is no IP record of whistleblower computers or call tracking.
- User personal data input on Petrobras website is not a requirement to navigate on the website, and, thus, it is optional. The user expressly decides explicitly to provide personal data, as he/she acknowledges and accepts this Privacy Notice terms. Petrobras is concerned that its stakeholder specificities are considered in personal data handling and are included in collection previous use, especially in situations where the holder express authorization is required, evidencing unequivocally his/her will statement.
- Petrobras fosters risk prevention related to privacy in every activity, from development, with reflexes in all its processes and information systems.
- Petrobras makes its best efforts, so that personal data and its handling inherent risks are mapped properly, updated and organized to include all information about the subject in reports required by legal regulations in force.
- Petrobras stores personal data, in order to provide access to users, based on information security regulations, by means of a request, through LGPD.
- Every personal data collected will be incorporated to Petrobras database for the time required to execute the purpose reported in its collection and relevant legal requirements, as well as to protect Petrobras and/or its users.
- Petrobras can disclose your personal data, as required/allowed by laws and regulations in force in case of rights protection and/or legal action/order or regulation agency request.
- Petrobras, also through third parties, based on legal regulations in force, collects and handles user data with specific and defined purposes, notified to users before its collection, and without later handling that is incompatible with such purposes, based on legal regulations in force.
Petrobras uses the information collected to the following purposes: (i) optimizing use and interactive experience during user navigation on the website; (ii) developing general statistics; (iii) replying to user doubts and requests; (iv) performing communication and relationship marketing campaigns; (v) communicating with users, in order to provide the information on the company, products, services and promotions; (vi) concerning under 13-year old people information, such information use will have educational purpose.
- Petrobras handles personal sensitive data:
- a) through consent, and with specific purposes, according to laws and regulations in force. If the personal data handling takes place through user request, the consent is considered as granted.
- b) without user consent, in case if mandatory, according to laws and regulations in force, for:
(i) compliance with legal or regulatory obligation;
(ii) shared handling of data required to public policy execution provided by laws or regulations;
(iii) survey execution by a survey agency, assuring anonymity, whenever possible;
(iv) regular rights performance, including in agreement and legal, administrative and arbitration proceeding;
(v) user or third party life protection or personal injury safety;
(vi) health care, solely, in a procedure performed by health professionals, health services or sanitation authority;
(vii) user fraud prevention and safety assurance, in registration identification and authentication processes in electronic systems, except in the case that fundamental rights and liberties that require personal data protection prevail.
- Petrobras preferably handles personal data based on a different legal base from user consent, as per legal aspects. In case of doubt concerning need and other normative bases, the user consent will be necessarily requested expressly, with the purpose and consequences of non-consent. And, in case of personal data handling based on consent, the possibility of its revocation and consequences will be explained to the user.
- Access to information collected is restricted to employees and people authorized to such purpose. Employees and/or people authorized, that use such information improperly, will be subject to the penalties provided by our disciplinary proceeding, without exclusion of the other applicable legal measures. Petrobras neither releases nor sells personal data to third parties to enable product and service marketing. However, it might be required to share with other Petrobras System companies and/or outsourced service providers, including to other countries. Under such circumstances, Petrobras assures that personal data receives proper protection level related to Brazil´s laws and regulations on the subject and that is used to the purposes pointed out at the time of the collection and following the guidance set forth in contractual clause and privacy assurance. Petrobras can also check compliance with its contractual clauses to assess the subject obligation compliance.
Access to information collected is restricted to employees and/or people authorized to such purpose, especially sensitive personal data. If they use such information improperly, violating our Privacy Notice, they will be subject to applicable disciplinary and legal measures.
- Personal data can also be shared with public agencies that are subject to the same national laws and regulations on personal data protection.
- The user assures truthfulness and accuracy of personal data provided to this website, taking full responsibility if they are not accurate. Personal data usage is liable to the holder. Petrobras does not take any responsibility in case of inaccuracy of personal data introduced by the user on this website, however, it assures its correction by means of holder´s request.
- Petrobras stores data in full and authentic way, assuring provided information confidentiality. User personal data will be kept according to PETROBRAS information security standards that adopts technological solutions to protect personal data concerning integrity and secrecy. However, PETROBRAS does not assure that its systems are immune to third party intrusions or malicious software action. PETROBRAS is not responsible for damage incurring from unauthorized third party access and/or usage, as provided by law.
- Petrobras provides access to user personal data to enable safe and legitimate access to its holders, assuring its achievement (observing trade and industrial secrets, based on information security and data protection regulations) timely and on demand to:
(i) check handling existence;
(ii) access data;
(iii) correct data (incomplete, inaccurate or outdated);
(iv) to make anonymous, block or delete data that is unnecessary, excessive or handled in noncompliance;
(v) perform data portability to another service or product supplier, whenever possible;
(vi) report on the possibility of not providing consent and denial consequences;
(vii) delete personal data handled through consent, unless in the case there is another legal base to perform the handling;
(viii) revoke consent, as the handling ratified performed based on previously stated consent;
(ix) report to public and private agencies with which Petrobras performed data share use.
In case of doubts or comments related to the present Notice, contact firstname.lastname@example.org.