This Privacy Policy contains information regarding the processing, total or partial, automated or not, of the personal data of users visiting our website. It aims to describe to the interested parties the types of data collected, the reasons for collection, and how users can update, manage, or exclude this information. This Privacy Policy was created according to Federal Law #12.965 of April 23, 2014 (Internet Civil Framework), Federal Law #13.709 of August 14, 2018 (LGPD; Brazilian General Personal Data Protection Law), and EU Regulation #2016/679 of April 27, 2016 (GDPR; European General Data Protection Regulation). This Privacy Policy can be updated due to an occasional normative revision, which is why users are invited to periodically visit this section.

The website commits to complying with the norms provided in the LGPD regarding the following principles:

• personal user data processing will be lawful, fair, and transparent (lawfulness, fairness, and transparency);
• personal user data will be collected only for determined, explicit, and legitimate purposes and may not later be processed inconsistently with these purposes (purpose limitation);
• personal user data collection will be adequate, pertinent, and restricted to the needs of the purpose for which they are processed (data minimization);
• personal user data will be accurate and updated whenever necessary, and inaccurate data will be erased or rectified when possible (accuracy);
• personal user data will be stored to allow the identification of data holders only for the time necessary for the purpose of data processing (storage limitation);
• personal user data processing will be secure, protected from unauthorized or illegal processing, and against loss, destruction, or accidental damage, using proper technical or organizational techniques (integrity and confidentiality).

Website users hold the following rights provided by the Brazilian General Personal Data Protection Law - LGPD::

• the right of confirmation and access: Users have the right to obtain from the website a confirmation of whether personal data are being processed and, in this case, the right to access these data;
• the right to rectification: Users have the right to obtain from the website, without unjustified delay, the rectification of inaccurate personal data;
• the right to data erasure (right to be forgotten): Users have the right to have personal data erased from the website;
• the right to restrict data processing: Users have the right to restrict personal data processing and obtain them in cases of contesting data accuracy, unlawful processing, the website no longer needing the data for the purposes of processing and the data subject opposes data processing, and unnecessary data processing;
• the right to object: Users have the right to object at any time, due to private matters, to personal data processing, and may object to personal data use for marketing profiling;
• the right to avoid automated decision-making: Users have the right to not be subjected to any decision made exclusively based on automated processing, including profiling, which may cause effects on their legal domain or significantly affect them similarly.

Users can exercise their rights through written communication sent to the website with the subject line "Privacy Policy - my rights", specifying::

• full name and e-mail address of the user and, if so, their representative;
• the right to be exercised with the website;
• request date and user signature;
• every document that demonstrates or justifies the exercise of such right.

The request must be sent to the e-mail bc@bariatricchannel.com.

The user will be notified in case of data rectification or erasure.

When navigating the website, users must provide only personal data instead of third-party information in order to protect the rights of third parties.

User data will be collected according to the provisions of this Privacy Policy, and it will depend on user consent, which is dispensable only in the hypotheses provided in article 11, clause II, of the Personal Data Protection Law.

4.1. Types of collected data

4.1.1. User identification data for registration

User application of certain website functionalities will depend on registration, and, in these cases, the following user data might be collected and stored:

• full name
• e-mail address
• mobile
• country
• state
• city
• category

4.1.2. Data informed in the contact form

The data occasionally informed by users who fill out the contact form available on the website, including the content of the sent message, will be collected and stored.

4.1.3. Access record

Complying with the provisions of article 15, head and paragraphs, of Federal Law #12.965/2014 (Internet Civil Framework), user access records will be collected and stored for up to six months.

4.1.4. Newsletter

The e-mail address registered by the user authorizes the website to e-mail communications. Communication from website partners may also be sent when authorized by the user.

4.1.5. Sensitive data

Sensitive user data will not be collected, as defined in articles 9 and 10 of the GDPR and articles 11 and forth of the Personal Data Protection Law. Thus, among others, the following data will not be collected:

• data revealing race or ethnicity, political opinions, religious or philosophical beliefs, or union affiliation of users;
• genetic data;
• biometric data to identify a person unequivocally;
• user health data;
• data regarding the sex life or sexual orientation of users;
• data regarding criminal convictions or offenses or with connected security measures.

4.1.6. Collection of data not expressly provided

Occasionally, other types of data not expressly provided in the Privacy Policy might be collected, as long as they are granted with user consent or collection is either authorized or required by law.

4.2. Legal basis for personal data processing

When using the website services, users are consenting to this Privacy Policy.

Users have the right to withdraw their consent at any time without compromising the lawfulness of personal data processing before the withdrawal. Consent can be withdrawn via the e-mail bc@bariatricchannel.com or directly in the "My profile" function on the website.

The consent of the relatively or absolutely incapable, especially children under 16 (sixteen) years old, can only be done, respectively, if properly assisted or represented.

Personal data will only be processed without user consent in case of legitimate interest or for the hypotheses provided by law, that is, among others, the following:

• for complying with the legal or regulatory obligations of the controller;
• for performing studies by research agencies, ensuring, whenever possible, personal data anonymity;
• for regularly exercising the rights in judicial, administrative, or arbitrary proceedings, the latter according to Law #9.307 of September 23, 1996 (Arbitration Law);
• for the protection of life or physical safety of data holders or third parties;
• for health guardianship in procedures performed by health professionals or sanitary entities;
• whenever necessary, for attending to the legitimate interests of the controller or third parties, except when prevailing essential rights and freedoms of data holders who require personal data protection.

4.3. Purposes of personal data processing

The personal user data collected by the website aims to facilitate, expedite, and comply with the commitments established with users and enforce the requests made through forms.

Personal data can also be used for commercial purposes to customize the content offered to users and provide resources to the website to improve the quality and functioning of services.

The website collects user data for profiling, that is, automated personal data processing that consists of using these data to evaluate certain personal aspects of users, mainly to analyze or predict characteristics related to their professional performance, personal preferences, interests, reliability, behavior, location, or displacement.

Registration data will be used to allow user access to certain website contents, exclusive to registered users.

Personal data will only be processed for purposes not provided in this Privacy Policy in case of previous communication with the user and, in any case, the rights and obligations hereby provided will remain applicable.

4.4. Personal data storage time

Personal user data will be stored indefinitely or until the user requests their erasure.

4.5. Personal data recipients and transfer

Personal user data might be shared with the website owner and partners.

Data can only be transferred to another country if said country, territory, or international organization guarantees an adequate user data protection level.

In case of inadequate protection level, the website commits to ensuring data protection according to the strictest rules, through specific contractual clauses for a given transfer, standard contractual clauses, global corporation norms or seals, certificates, and codes of conduct regularly issued.

5.1. Regarding the person responsible for data processing (data controller)

The controller, responsible for personal user data processing, is the natural person or legal entity, public authority, agency, or another organism that, individually or combined with others, determines the purposes and means of personal data processing.

On this website, the person responsible for processing the collected personal data is the BCA - Bariatric Channel Association, represented by Victor Dib and Carlos Madalosso.

5.2. Regarding the outsourced data operator (data processor)

The outsourced data operator is the natural person or legal entity, public authority, agency, or another organism that processes personal data supervised by the person responsible for user data processing.

Personal user data are processed by:

• administration: BCA - Bariatric Channel Association, e-mail bc@bariatricchannel.com
• website: Stai Computadores Ltda, e-mail stai@stai.com.br
• online streaming: Encontro Digital Tecnologia e Eventos Ltda, e-mail comercial@encontrodigital.com.br

The website commits to applying the technical and organizational measures that protect personal data from unauthorized access and cases of destruction, loss, alteration, communication, or diffusion of such data.

Security will be ensured by solutions that consider the following: adequate techniques; application costs; nature, scope, context, and purposes of data processing; and the risks to user rights and freedoms.

The website uses the SSL (Secure Socket Layer) certificate, which guarantees secure and confidential personal data transmission, with completely ciphered or encrypted data transmission between server and user and as feedback.

However, the website exempts from liability due to exclusive third-party fault, such as attacks by hackers or crackers, or exclusive user fault, such as when transferring their data to third parties. The website also commits to promptly notifying users in case of some type of security breach of personal data that may cause a high risk to personal rights and freedoms.

Personal data violation is a security breach that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or subject to any other type of processing.

Finally, the website commits to processing personal user data confidentially and within legal limits.

Cookies are small text files sent by the website to the user's computer, in which they are stored, with information about website navigation.

Cookies allow the user browser to store small portions of information so that our server can later read them. Data on the device handled by users and the location and time of website access are examples of stored data.

Cookies do not allow the extraction of any file or information from the user's hard drive, and it is impossible, through cookies, to access personal information that did not originate from users or their use of website resources.

It is worth noting that not all cookies contain information that allows user identification, as some cookies may be simply used to correctly load the website or perform its functionalities as expected.

The information occasionally stored in cookies that allows user identification is considered personal data. Therefore, all rules provided in this Privacy Policy are also applicable to cookies.

7.1. Website cookies

Website cookies are sent to the computer or device of users and managed exclusively by the website.

The information collected by these cookies is used to improve and customize the user experience, considering that some cookies can, for instance, be used to remember user preferences and choices and offer customized content.

7.2. Third-party cookies

Some of our partners may set up cookies on the devices of users who visit our website.

These cookies usually aim to allow our partners to offer their content and services to the users who visit our website in a customized manner by obtaining navigation data extracted from user interaction with the website.

Users can obtain more information about third-party cookies and the processing of data obtained from them and access the description of the used cookies and their characteristics by visiting the following link:
Google Analytics
https://developers.google.com/analytics/devguides/collection/gajs/cookie-usage

The entities in charge of collecting cookies might transfer the obtained information to third parties.

7.3. Cookies management and browser settings

Users can object to the registration of cookies by the website by just deactivating this option from their browser or device.

Cookies deactivation, however, may affect the availability of some website tools and functionalities, compromising its correct and expected operation. Another possible consequence is removing occasionally saved user preferences, harming the user experience.

Below, we provide some links to help and support pages of the most used browsers, which interested users may visit to obtain further information on cookies management in their browser:

• Internet Explorer:
  https://support.microsoft.com/pt-br/help/17442/windows-internet-explorer-delete-manage-cookies
• Safari:
  https://support.apple.com/pt-br/guide/safari/sfri11471/mac
• Google Chrome:
  https://support.google.com/chrome/answer/95647?hl=pt-BR&hlrm=pt
• Mozila Firefox:
  https://support.mozilla.org/pt-BR/kb/ative-e-desative-os-cookies-que-os-sites-usam
• Opera:
  https://www.opera.com/help/tutorials/security/privacy/

All data holders have the right to file a complaint to a control authority without harming any other administrative or legal appeal. Users can file a complaint to an authority in the website headquarters, their habitual country of residence, their workplace, or the location the offense was allegedly practiced.

The present version of this Privacy Policy was last updated on January 18, 2023.

The editor reserves the right to modify, at any time and without prior notice, the present website norms, mainly to adapt them to website development, by either providing new functionalities or suppressing or modifying the existing ones.

Therefore, users are invited to periodically visit this page to verify updates.

By using the service after occasional modifications, users agree with the new norms. If disagreeing with any modification, users have to immediately require an account termination and present their claim to customer service, if so desired.

The Brazilian Law will be integrally enforced to solve controversies from the present instrument.

Occasional litigations must be presented in the judicial district venue where the headquarters of the website editor is located.