Legal

Privacy Policy

Last updated: May 31, 2026

This Privacy Policy explains how the São Paulo Innovation and Science Diplomacy School (InnSciD SP), an academic initiative hosted at the University of São Paulo (USP), collects, uses, stores and protects personal data of visitors and applicants of the website 2026.innscidsp.com.

We comply with the European Union General Data Protection Regulation (GDPR, Regulation 2016/679) and the Brazilian General Data Protection Law (LGPD, Law 13.709/2018).

1. Data Controller

InnSciD SP — University of São Paulo
Av. Prof. Luciano Gualberto, 315 — Cidade Universitária, São Paulo / SP, Brazil.
Contact for data protection matters: innscidsp@usp.br

2. Personal data we collect

  • Registration form: full name, email address, institutional affiliation, country, academic background, motivation letter and any additional information you voluntarily provide.
  • Communications: messages you send us by email or through forms.
  • Technical data: IP address, browser type, device information and pages visited (collected via essential and analytics cookies — see our Cookie Policy).

3. Legal bases and purposes

  • Consent (GDPR art. 6.1.a / LGPD art. 7, I) — for analytics cookies and marketing communications.
  • Performance of a contract / pre-contractual steps (GDPR art. 6.1.b / LGPD art. 7, V) — to process your application, confirm participation, issue certificates and provide event-related services.
  • Legitimate interest (GDPR art. 6.1.f / LGPD art. 7, IX) — to ensure site security, prevent fraud and improve the user experience.
  • Legal obligation (GDPR art. 6.1.c / LGPD art. 7, II) — when required by Brazilian or EU law.

4. Sharing of data

We may share your personal data with:

  • Internal USP departments and the InnSciD SP organising committee for the purposes described above;
  • Institutional partners and co-organisers of the event, strictly for selection and operational purposes;
  • Service providers acting as data processors (cloud hosting, database and authentication providers) under appropriate data processing agreements;
  • Public authorities, when required by law.

We do not sell personal data.

5. International data transfers

Some of our service providers may process data outside Brazil or the European Economic Area. When this happens, we ensure adequate safeguards are in place (Standard Contractual Clauses, adequacy decisions or equivalent mechanisms under LGPD art. 33).

6. Retention

Application data is kept for up to 5 years after the event for academic record-keeping and certificate reissuance. Marketing contact data is kept until you withdraw consent. Technical logs are kept for up to 12 months.

7. Your rights

Under GDPR (art. 15–22) and LGPD (art. 18), you have the right to:

  • Access your personal data and obtain a copy;
  • Request rectification of inaccurate data;
  • Request deletion (right to be forgotten);
  • Restrict or object to processing;
  • Request data portability;
  • Withdraw consent at any time;
  • Lodge a complaint with a supervisory authority — in Brazil, the ANPD; in the EU, your local data protection authority.

To exercise these rights, contact us at innscidsp@usp.br. We will respond within 15 days (LGPD) or 30 days (GDPR).

8. Security

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure, including encryption in transit, access controls and secure cloud infrastructure.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of the page indicates the latest revision.