How we handle your personal data.

The UFRRJ Innovation Agency is the Technology Innovation Office (NIT) of the Federal Rural University of Rio de Janeiro, established in 2008 under the Graduate Studies & Research Office. We operate under the Innovation Law (10.973/2004) and the Science, Technology & Innovation Legal Framework (Law 13.243/2016).

This policy applies to all channels we maintain — institutional portal, technology showcase, submission forms, support and contracts. For LGPD purposes, UFRRJ is the Data Controller; the Innovation Agency acts as the responsible unit within its scope.

We adopt the definitions of LGPD article 5:

• Personal data — information that identifies or makes identifiable a natural person.
• Sensitive data — racial origin, religious belief, health, biometric data, among others.
• Data subject — the natural person to whom the data refers.
• Processing — any operation on data (collection, use, storage, deletion).
• Controller — who decides on processing (UFRRJ).
• Operator — who processes data on behalf of the controller.
• Officer (DPO) — channel between controller, data subjects and ANPD.

We process only the data necessary for our activities:

3.1 Identification and contact

Name, ID, SIAPE/UFRRJ enrolment, e-mail, phone, institutional affiliation. Collected when filling forms, submitting an invention, signing contracts or starting service.

3.2 Invention and intellectual property

Title, description, knowledge area, TRL, co-authorship, partners, INPI number. These data receive specific confidentiality treatment, especially before filing.

3.3 Contractual and financial

Company name, tax ID, legal representatives, banking details for royalty transfer, amounts and licensing clauses.

3.4 Browsing

IP, browser, pages visited, referrer, duration. Used in aggregate form — details in section 8.

Every data point is linked to a purpose and a legal basis (article 7):

We do not make solely automated decisions with legal impact on data subjects. Technical and legal opinions are always human.

We share data only with parties essential to the execution of these purposes:

• UFRRJ units — PROPPG, PROAF, Federal Attorney, involved institutes.
• INPI and IP firms — for filings and follow-up.
• Licensee companies — minimum data for contract execution.
• Funding agencies — CAPES, CNPq, FAPERJ, FINEP, EMBRAPII.
• Oversight bodies — CGU, TCU, ANPD when required.
• Technical operators — e-mail, cloud and e-signature providers, under contract.

We do not sell, rent or trade personal data.

Occasionally, data is transferred outside Brazil — for example, in international PCT filings, foreign-based licensees or operators with servers abroad. We follow LGPD article 33: only to countries with adequate protection levels, through specific contractual clauses or specific consent.

• Invention and IP data — duration of right + 5 years.
• Licensing contracts — duration + 10 years.
• Tax data — 10 years (CTN).
• Selection processes — 2 years after closure.
• Newsletter — while consent is active; deletion within 30 days of revocation.
• Access logs — 6 months (Civil Framework, art. 15).

After expiration, data is deleted or anonymized irreversibly.

We use cookies to maintain sessions, remember preferences and generate anonymous statistics. You can manage cookies in your browser.

• Encryption in transit (TLS 1.3) and at rest for sensitive databases.
• Role-based access control with 2FA for Agency staff.
• Environment segregation — pre-filing inventions in encrypted repository.
• Daily backups with 90-day retention.
• Audit records of access to sensitive data.
• Incident response plan — ANPD notification within 72h.

LGPD article 18 grants the following rights, exercised free of charge through the DPO:

• Confirmation and access — copy of data in readable format.
• Correction — incomplete, inaccurate or outdated data.
• Anonymization or blocking — unnecessary or excessive data.
• Portability — data in structured format.
• Deletion — data processed based on consent.
• Sharing information — with whom your data was shared.
• Consent revocation — at any time.
• Objection and review — of legitimate-interest processing and automated decisions.

We reply within 15 days. If you consider your request poorly handled, file a complaint with ANPD.

To exercise rights, clarify questions or report incidents, use UFRRJ's institutional channel. Your message will be forwarded to the Officer designated under LGPD article 41.

This policy will be reviewed at least once a year and whenever there are legislative, process or operator changes. Substantial changes will be communicated by e-mail to registered contacts and highlighted at the top of the site for 30 days.