The Data Protection Act (LGPD – Law No. 13.709/2018) addresses personal data processing, including in digital media, by any individual or legal entity under public or private law, to protect the fundamental rights of freedom and privacy and the free development of the individual’s personality. Under the Law, personal data are information related to an identified or identifiable individual (art. 5-I of the LGPD). 

According to the LGPD, personal data processing must be under good faith and the following principles: 

I – purpose: processing done for legitimate, specific, and explicit purposes of which the data subject is informed, with no possibility of subsequent processing that is incompatible with these purposes; 

II – adequacy: compatibility of the processing with the purposes communicated to the data subject, following the context of the processing;  

III – necessity: limitation of the processing to the minimum necessary to achieve its purposes, covering data that are relevant, proportional, and non-excessive concerning the purposes of the data processing; 

IV – free access: guarantee to the data subjects of facilitated and free-of-charge consultation about the form and duration of the processing, as well as about the integrity of their data;  

V – data quality:  guarantee to the data subjects of the accuracy, clarity, relevancy, and updating of the data, under the need and for achieving the purpose of the processing;  

VI – transparency:  guarantee to the data subjects of clear, precise, and easily accessible information about the carrying out of the processing and the respective processing agents, subject to commercial and industrial secrecy;  

VII - security: use of technical and administrative measures that can protect personal data from unauthorized accesses and accidental or unlawful situations of destruction, loss, alteration, communication, or dissemination;  

VIII – prevention: adoption of measures to prevent the occurrence of damages due to the processing of personal data;  

IX – non-discrimination: Prohibition of processing for illegal or discriminatory purposes;  

X – accountability: demonstration, by the data processing agent, of the adoption of measures that are efficient and capable of proving compliance with the rules of personal data protection, including the efficacy of such measures.  

Furthermore, the LGPD outlines three key roles in safeguarding personal data: the controller, the processor, and the data protection officer. 

The controller is an individual or legal entity under public or private law in charge of making decisions on personal data processing. 

The processor is an individual or legal entity under public or private law, who performs the personal data processing on behalf of the controller. 

Lastly, the data protection officer is someone appointed by the controller and processor to act as a link between the controller, the data subjects, and the National Data Protection Authority (ANPD). 

The LGPD guarantees ownership over personal data to data subjects, safeguarding the fundamental rights of freedom, intimacy, and privacy. 

In turn, art. 18 provides for the data subject’s rights as follows:  

Art. 18. The data subject, regarding the data subject’s data being processed by the controller, at any time and by means of request, has the right to obtain the following from the controller: 

I – confirmation of the existence of processing; 

II – access to the data; 

III – correction of incomplete, inaccurate, or out-of-date data; 

IV – anonymization, blocking, or deletion of unnecessary or excessive data or data processed in noncompliance with the provisions of this Law; 

V – portability of the data to another service provider or product provider, by means of an express request, pursuant to the regulations of the national authority, and subject to commercial and industrial secrets;  

VI – deletion of personal data processed with the consent of the data subject, except in the situations provided in Art. 16 of this Law; 

VII – information about public and private entities with which the controller has shared data; 

VIII – information about the possibility of denying consent and the consequences of such denial; 

IX – revocation of consent as provided in §5 of Art. 8 of this Law. 

Paragraph 1. The personal data subject has the right to petition, regarding her/his data, against the controller before the national authority. 

Paragraph 2. The data subject may oppose the processing carried out based on one of the situations of waiver of consent, if there is noncompliance with the provisions of this Law. 

Paragraph 3. The rights provided in this article shall be exercised through an express request by the data subject or her/his legally constituted representative to the processing agent. 

Paragraph 4. If it is impossible to immediately adopt the measure mentioned in §3 of this article, the controller shall send a reply to the data subject in which she/he may: 

I – communicate that she/he is not the data processing agent and indicate, whenever possible, who the agent is; or 

II – indicate the reasons of fact or law that prevent the immediate adoption of the measure. 

Paragraph 5. The request as mentioned in §3 of this article shall be fulfilled without costs to the data subject, within the periods and the terms as provided in a regulation. 

Paragraph 6. The controller shall immediately inform the processing agents with which she/he has carried out the shared use of data of the correction, deletion, anonymization, or blocking of data, so that they can repeat an identical procedure, except in cases in which this action is proven impossible or involves disproportionate effort. 

Paragraph 7. The portability of personal data referred to in item V of the lead sentence of this article does not include data that have already been anonymized by the controller. 

Paragraph 8. The right referred to in §1 of this article may also be exercised before consumer defense entities. 

The data subject’s rights may be exercised at: https://portal.tcu.gov.br/ouvidoria/ 

Per Art. 5, item VI, of the LGPD, the controller is an individual or legal entity under public or private law in charge of making decisions regarding the processing of personal data. 

The processor (art. 5-VII, of the LGPD) is an individual or legal entity under public or private law, who performs the personal data processing on behalf of the controller. 

Under the terms of the LGPD, the controller is an ‘individual or legal entity’. Since the Federal Court of Accounts (TCU) does not have a legal personality (as it is part of the legal entity called the Federal Government), the TCU does not act as a controller. Therefore, the Federal Government itself is considered to be the controller. 

Although, for the LGPD, the TCU may not be classified as the controller, as it does not have a legal personality, the TCU assumes some duties of a controller in the exercise of its constitutional and legal powers. Among those duties, for example, is included the duty to appoint the data protection officer, in charge of the personal data processing (art. 41 of the LGPD coupled with art. 23-III) and the compliance with the data subject’s rights in the cases applicable to the subject-Federal Government relationship (art. 18 of the LGPD coupled with the art. 23-I). However, not all the controller’s duties apply, such as the liability and the indemnification for damages, given that only the Federal Government may be accountable for them. 

The execution of the TCU’s responsibilities, including those related to personal data processing, is performed by the ministers, whose information may be found here. 

The processors, whether individuals or legal entities are contracted by the TCU through legal means to handle personal data on behalf of the Federal Government. This is done during the duration of their contracts while performing the administrative duties of the TCU. 

The data protection officer is an individual designated by the controller and processor to serve as a liaison between the controller, data subjects, and the National Data Protection Authority (ANPD), as outlined in art. 5-VIII. 

Under the provisions of Article 23-XVI of TCU Resolution 347/2022, the Secretariat of Ombudsmanship and Information Security (Sesouv) has been designated as the entity responsible for the management of personal data within the TCU. 

• TCU Data Protection Officer – Mônica Cotrim Chaves, Head of Sesouv 

• Phone:  +55 61 3527-5292/61 3527-7222 

• Email: encarregado.lgpd@tcu.gov.br 

For data processing in External Control, TCU relies on the digital platform Control Information Lab – LabContas. This platform collects information from diverse systems and databases, whether internal or external, including those under custody or public, from various sources within the Federal Government. 

Concerning the external databases contained in LabContas, TCU is merely a custodian of the information. Thus, the Data Subject’s Rights (for example, the access to the data and the correction of incomplete, inaccurate, or out-of-date data) regarding the personal data contained in some of the databases under custody should be exercised directly before the public organization responsible for the data, not the TCU. 

The TCU has custody of the following databases containing personal data for LabContas. 

Databases under the custody of TCU	Public Organization responsible for the information
Social Security Benefits	INSS
Family Grant (Bolsa Família) –   Family Grant payroll	MDS
Family Grant – Payment	CGU
Individual Taxpayer Identification Number (CPF) and Employer Identification Number (CNPJ)	RFB
Electoral Register	TSE
CADIN – Information Register of Unsettled Debts to the Federal Government	BCB
CADUNICO – Low-Income Families Unified Register for Federal Government Social Programs	MDS
CAGED – General Register of Employed and Unemployed Workers	MTE
CEE – Corporate Employer Register	MTE
University Education Census	MEC/INEP
School Census	MEC/INEP
CEP – ZIP Code	ECT
CNE – National Register of Companies (Brazilian Commercial Registry Offices)	SMPE
CNES – National Register of Healthcare Companies	DATASUS
CNIS – National Register of Social Information	MPS
Governmental Procurement – ComprasNet – Federal Government Procurement Portal	MPOG/SERPRO
CVM – Composition and Remuneration of Company Body and Shareholding Position	CVM
DAP – Declaration of Qualification to Pronaf	MDA
DECORE – Declaration of Self-employment Income	CFC
DWTG – Treasury Management – Management Information SIAFI	Treasury/Serpro
Embarkations – Brazilian Navy Register of Embarkations	Brazilian Navy
ENEM – National Examination of High School Students	MEC/INEP
FIES – Student Financing Fund	MEC
FIPE – Motor Vehicles Price Table	SEFAZ/SP
GFIP – Form for FGTS Payment and Information to the Social Security	RFB
IBGE – Brazilian Institute of Geography and Statistics	IBGE
IDEB – Basic Education Development Index	MEC/INEP
INPI – Brazilian Patent and Trademark Office	INPI
OGU – Federal Government General Budget	Câmara dos Deputados
OSCIP – Civil Society Organizations of Public Interest	MJ
PROUNI – University For All Program	MEC
RAB – Brazilian Aeronautical Register	Anac
RAIS – Annual Employee Information Report	MTE
RENACH – Driver License National Register	Denatran
RENAVAM – Motor Vehicles National Register	Denatran
RPG – Statement of Bank Accounts related to Legal and Voluntary Transfers made via Bank of Brazil – BB	BB
Sanction: CEAF – Register of Expulsions from the Federal Government	CGU
Sanction: CEIS – National Register of Unreliable and Suspended Companies	CGU
Sanction: CEPIM – Register of Impeded Non-profit Entities	CGU
Sanction: CNCIAI – National register of civil judgments against public servants who committed corruption and wrongdoing subject to political ineligibility	CNJ
Sanction: CNEP – National Register of Punished Companies	CGU
SAPIENS – Legal Intelligence System of the Office of the Attorney General	AGU
Unemployment Insurance	MTE
SIAC (DNIT) – Contract Monitoring System	DNIT/Serpro
SIAFI / Management – Federal Government Financial Management Integrated System	Tesouro/Serpro
SIAPA – Asset Management Integrated System	SPU/Serpro
SIAPE – Human Resources Management Integrated System	MPOG/Serpro
SIASG – General Services Management Integrated System	MPOG/Serpro
SIASGNet – General Services Management Integrated System	MPOG/Serpro
SICONFI – Brazilian Public Sector Accounting and Fiscal Information System	STN
SICONV – Register of Government Agreements and Management Information	MPOG/Serpro
SIDA – Outstanding Tax Debt Register Integrated System	PGFN
SIGPAA – Food Procurement Program Management System	CONAB
SIGPC – National Fund for the Development of Education – FNDE Accounts-Rendered Management System	FNDE – National Fund for Development of Education
SIM – Mortality Information System	Datasus
SIMEC – Ministry of Education’s Integrated System for Performance Monitoring and Control	MEC
SINASC – Live Birth Information System	Datasus
SINPA – National Passports System	PF
SIOPE – Information System for the Public Budget for Education	FNDE
SIORG – APF Organizational Information Systems	MPOG
SIPRA – Land Reform Projects Information System	INCRA
SIR (Rural Information System) / SNCR (National System of Rural Register)	INCRA/Serpro
SISOBI – Death Control Information System	MPS
SISTEC National Information System on Professional and Technological Education	MEC
SpiuNet – Federal Government Special-purposed Real Properties Management System	SPU/Serpro
TSE – Electoral Information Repository (Voters, Candidates, Incomes, Expenses, Assets and Donors)	TSE
Citizen Portal	TCM/SP
SAGRES – Tracking System for Management of the Society’s Resources	TCE/PB
SAGRES – Tracking System for Management of the Society’s Resources	TCE-SE
SIAPC – Information System for Audit and Rendering of Accounts	TCE/RS
Sicom – Information System for the Accounts of the Municipalities of Minas Gerais	TCE/MG
SIM – Municipal Information System	TCM/CE

The Federal Court of Accounts can process personal data in four situations: external control activities, services to society, training actions, and internal administrative activities. 

External Control Activities: 

External Control Activities refer to the actions performed to fulfill TCU's constitutional and legal responsibilities stated in articles 70-75 of the Federal Constitution, particularly art. 71, as well as in the relevant legislation.  According to art. 71 of the Federal Constitution: 

Art. 71.  External control, incumbent on the National Congress, shall be exercised with the aid of the Federal Audit Court, which shall: 

I – examine the accounts rendered annually by the President of the Republic, by means of a prior opinion which shall be prepared in sixty days counted from receipt; 

II – evaluate the accounts of the administrators and other persons responsible for public monies, assets, and values of the direct and indirect administration, including foundations and companies instituted and maintained by the Federal Government as well as the accounts of those who have caused a loss, misplacement or other irregularity resulting in losses to the public treasury; 

III – examine, for registration, the lawfulness of acts of admission of personnel, on any account, in the direct and indirect administration, including the foundations instituted and maintained by the Federal Government, with the exception of the appointments to commission offices, as well as the granting of civil and military retirement and pensions, except for subsequent improvements which do not alter the legal fundaments of the conceding act; 

IV – carry out, on its own initiative or on that of the Chamber of Deputies, of the Federal Senate, or of a technical or inquiry committee, inspection and audits of an accounting, financial, budgetary, operational or property nature in the administrative units of the Legislative, Executive and Judicial Powers and other entities referred to in item II; 

V – control the national accounts of supranational companies in whose capital stock the Union holds a direct or indirect interest, as set forth in the acts of incorporation; 

VI – control the use of any funds transferred by the Union, by means of an agreement, arrangement, adjustment or any other similar instrument, to a state, the Federal District or a municipality; 

VII – render the information requested by the National Congress, by either of its Houses or by any of the respective committees concerning accounting, financial, budgetary, operational and property control and the results of audits and inspections made; 

VIII – in case of illegal expenses or irregular accounts, apply to the responsible parties the sanctions provided by law, which shall establish, among other comminations, a fine proportional to the damages caused to the public treasury; 

IX – determine a period of time for the agency or entity to take the necessary steps for the strict compliance with the law, if an illegality is established; 

X – if not heeded, stop the execution of the impugned act, notifying the Chamber of Deputies and the Federal Senate of such decision; 

XI – present a formal charge to the competent Power on any irregularities or abuses verified. 

Paragraph 1. In the case of a contract, the restraining act shall be adopted directly by the National Congress, which shall immediately request the Executive Power to take the applicable measures. 

Paragraph 2. If the National Congress or the Executive Power, within ninety days, do not take the measures provided for in the preceding paragraph, the Court shall decide on the matter. 

Paragraph 3. Decisions of the Court resulting in the imposition of a debt or fine shall have the effectiveness of an execution instrument. 

Paragraph 4. The Court shall, quarterly and annually, forward to the National Congress a report on its activities. 

Besides the constitutional provisions, the TCU has other duties mandated by legislation, such as Law No. 8.443/1992 (Organic Law of the Federal Court of Accounts). 

Art. 1.  The Federal Court of Accounts - Brazil (Tribunal de Contas da União – TCU), an external control body, has the following mandates according to the Federal Constitution and as established in this Law: 

I – to judge the accounts of managers and other authorities in charge of public moneys, goods and values of the units of the Federal branches, as well as entities of the indirect administration, including foundations and societies established and supported by the federal public power, as well as the accounts of those that cause loss, misappropriation or any other irregularity resulting in damage to the Public Treasury; 

II – perform, of its own initiative or upon request by the National Congress, its Houses or respective committees, accounting, financial, budgetary, performance and assets audits of the units of the Federal Government branches and other entities referred to in sub-paragraph I above; 

III – analyze the annual rendering of accounts by the President of the Republic, according to Article 36 herein; 

IV - monitor collection of revenue under the responsibility of the Federal Government and of the entities referred to in sub-paragraph I above, through inspections and audits, or by examining specific statements as set forth in the Internal Regulation; 

V - for the purposes of registration as set forth in the Internal Regulation, analyze the legality of the acts of admission of personnel, in any capacity, in the direct and indirect administration. This includes admissions in foundations established and supported by the federal public power, except for the appointments to at-will positions. Analyze concession of retirement, reforms and pensions, except their further improvements that do not change the legal basis of the concession act; 

VI – observing the pertinent legislation, calculate the quotas of the participation funds referred to in the sole paragraph of Article 161 of the Brazilian Federal Constitution, overseeing the delivery of the respective resources; 

VII – in accordance with Paragraph 2 of Article 33 of the Brazilian Federal Constitution, issue a preliminary report on the accounts of the Federal Government within sixty days of receiving said report, as set forth in the Internal Regulation; 

VIII – report to the competent power any irregularity or abuse observed, stating the wrongful act and defining the responsibilities, including those of the Minister of State or of an authority at equivalent hierarchic level; 

IX – apply to the responsible authorities the sanctions provided for in Articles 57 to 61 of this Law; 

X – draft and change its Internal Regulation; 

XI – elect its President and Vice-President and put them in office;  

XII – grant leave, vacation and other legal periods of absences to ministers, auditors and members of the General Public Prosecutor’s Office within the Court. Sick leave will depend on an examination by a medical body if the leave exceeds six months;  

XIII – propose to the National Congress the establishment of remuneration for ministers, auditors and members of the General Public Prosecutor’s Office within the Court; 

XIV – organize its Secretariat, according to the Internal Regulation, and established its positions and jobs, observing the applicable legislation; 

XV – propose to the National Congress the creation, transformation and abolishment of positions, jobs and at-will positions of the staff of its secretariat, and set the respective remunerations; 

XVI – make decisions regarding denouncements reported to it by any citizen, political party, association or trade union, as provided for in Articles 53 to 55 of this Law; 

XVII – make decisions regarding consultations made by a competent authority that has doubts regarding application of legal and regulatory provisions concerning any matter under its mandate, as established in its Internal Regulation. 

In addition to the constitutional provisions of the Organic Law of the TCU, other laws can impose responsibilities on the TCU. 

The TCU processes personal data in external control activities solely to achieve its public purpose and fulfill its constitutional and legal duties; consent from the data subject is not required, as per the Data Protection Act, Article 7-III and Article 23-I. 

The General Secretarial of External Control (Segecex) is in charge of planning and executing the External Control activities at the TCU. 

The data processing duration is uncertain since the TCU's mission and duties must not be disrupted. 

The processing practices and procedures utilize audit techniques, including document examination, data extraction, data matching, and interviews. 

 

Services Offered to Society 

The TCU provides various services to the public, all of which require authentication. These services include: 

• Access the portal content with a subscription 

• Electronic protocol 

• Support systems for external control 

• Registration of accountable agents in external control procedures 

• Registration of legal representatives in external control procedures 

• Registration of stakeholders in external control procedures 

• Access to case files (for attorneys) 

• Requests to the Office of the Ombudsman 

Electronic registration with the Court is required to access these services and obtain information. To ensure proper authentication, users are requested to provide information such as name, email, Individual Taxpayer Identification Number (CPF), address, telephone number, professional qualification, and copy of identification document, among others. Once provided, users are given a login and password. 

Foreign citizens are required to provide information registered in their country of origin. Additionally, there may be a need to provide academic curriculum vitae information for selective processes, to collaborate or participate in courses and events. Some information may be obtained from sources available in other governmental registers and made available to the Court following the applicable legislation. However, if the user wishes, he or she may access, edit, and rectify those data whenever they are incomplete, out-of-date, or inaccurate (art. 18 of the Data Protection Act – LGPD). 

Our purposes in collecting data 

Personal data usage always follows current legislation and prioritizes safe delivery of services to citizens, strictly aligned with their requests. Hence, the data is used in accordance with the following purposes. 

• Keeping citizens informed about the topics they registered for, such as session agendas, case updates, and responses to Ombudsman Office requests, information on the participation in educational activities and events promoted by the Serzedello Corrêa Capacity Development Institute (ISC), among others 

 

• Access log, attendance, and activities control within educational environments, to assess participation and learning; 

 

• Compliance with legal determinations, such as the exercise of external control (art. 71 and following of the Federal Constitution), compliance with requests made under the Access to Information Act (Law No. 12.527/2011), as well as the guarantee of participation, protection, and defense of public service users’ rights (Law No. 13.460/2017); 

The data is also used to provide a personalized user experience and gather usage statistics. 

With whom we share 

Data entered on the portal for registration purposes are not shared with bodies or entities external to the Court, except for data related to courses offered in collaboration with other organizations. 

Additionally, the Court does not condone or permit the sharing of information for illicit, abusive, or discriminatory purposes. 

Training Initiatives 

The Serzedello Corrêa Capacity Development Institute (ISC) is the TCU School of Government and operates in the fields of education, information, innovation, and culture, building knowledge to enhance the performance of External Control and improve Public Administration. 

It was established by art. 88 of the Law No. 8.443/92, which states: 

Art. 88. It is hereby created in the secretariat an institute directly subordinated to the Presidency, which will be in charge of: 

I – Promoting periodic public contests of exams or of exams and titles to select candidates for the training courses required to join the careers of the Court staff; 

II – The organization and delivery of courses to train university and high school level candidates selected through the contests referred to in sub-paragraph I above who must be approved in the training phase; 

III – The organization and delivery of training and specialization courses for staff members; 

IV – The promotion and organization of symposia, seminars, papers and research about issues related to the public administration control techniques;  

V – The organization and administration of a library and documentation center, both national and international, about doctrine, techniques and legislation concerning control and similar issues. 

Sole paragraph. The Court will issue a resolution to regulate the organization, the duties and working norms of the institute referred to in this article. 

In line with its institutional mission, the ISC collects, stores, and uses personal data of students and other service users. Click here to learn how the ISC collects and processes personal data (text in Portuguese). 

Internal Administrative Activities 

The Segedam (General Secretariat of Administration) handles internal administrative activities tasks for the Court and manages the administrative information systems for recording several types of transactions with the target populations of its core activity. The public consists mainly of civil servants, authorities, retirees, pensioners, interns, outsourced collaborators, and the general public. 

Segedam, as the primary administrative body of the Court, is responsible for handling the personal data of individuals who have a daily connection with the TCU. The data is distributed across different information systems used at the Court. They are listed below, together with the description of the main personal data that are processed by such systems. 

• Personnel Management Systems (GRH, CESP): they store information on the identification of civil servants, authorities, pensioners, and retirees, as well as documents, addresses, telephone numbers, employee health-related data, ethnical and racial information, contact information, and email, and financial information, whenever it involves any kind of relation between the individual and the Court. 

• Payment System: it records the financial personal information of civil servants, retirees, pensioners, interns, and authorities. 

• Salary Loan System: it records data on salary loans taken out by civil servants, retirees, and pensioners. It also tracks loan limits and repayment through payroll deductions, while sharing data with the relevant financial institutions.  

• Access Control System: It keeps image and biometric data for attendance records of civil servants, retirees, interns, and outsourced staff. It also records access to facilities at the TCU and the ISC by these individuals and outside visitors. 

• Health Management System: It keeps information on the health of active/inactive employees, dependents, and authorities, among others, patient service and tests, health records (medical, dental, nutritional), and first aid assistance (urgent care and emergency room service). Health data are sensitive, confidential, and protected information, the access to which is given only to the patient (if requested) and to health professionals in the exercise of their duties. 

• Active Persons Re-registration System: It keeps personal data on identity, parent information, dependents, addresses, telephone numbers, and personal documents, for periodical updates of the human resources system by the civil servants, authorities, and their dependents. 

• Medical/Dental Leave Management System: It maintains records of leaves for medical treatment (either the employee’s or a family member’s), including accidents and pregnancy-related leave (abortion and stillbirth cases) for managing forensic activities and tracking the employee's health history and functional life. 

• Trial Work Period System: It keeps personal data on the performance evaluation of employees during the trial work period. 

• Student Internship Management System: It keeps the personal data of students who signed student internship agreements with the Court, regarding registration, performance, and internship payment. 

• Contract Management System: It keeps personal data on the identification of outsourced collaborators who are connected to service-providing legal entities that are contracted by the Court. 

• CASA System: It stores information on the identification of civil servants, authorities, pensioners, retirees, outsourced staff, and interns, besides addresses, telephone numbers, contact information, email, and personal documents necessary for administrative purposes. 

• e-TCU Administrativo: It keeps the personal data of active civil servants, retirees, or pensioners who are stakeholders within a given case. The personal data and all collected information on active and inactive civil servants as well as pensioners may be accessed, treated, processed, reproduced, edited, translated, uploaded, downloaded, adapted, and entered on new systems, applications, and software, directly by the TCU or by third parties duly authorized by the TCU. 

 

The data collected by the General Secretariat of Administration are used for compliance with its legal and contractual obligations. Regarding active and inactive civil servants and pensioners, the data is notably used for the following purposes: 

• Identification 

 

• Making payments 

 

• Active transparency 

 

• Compliance with obligations related to the income tax (Decree No. 9580/2018), the actuarial legislation of the Specific Regime of Social Security– RPPS for Federal Government civil servants (Law No. 9.717/1998), the e-Social system (Decree No. 8373/2014), the Gfip (Law No. 9.528/97), and labor legislation; 

 

• compliance with the provisions of the Racial Equality Statute, Law No. 12.288/2010; 

 

• assessment of civil servants' compliance with their obligations, including voting obligations; 

 

• granting of benefits and advantages, as well as legality assessment of the benefits and advantages granted; 

 

• telephone calls, sending of communications, notices, messages, surveys, and other information by email or messaging applications; 

 

• communication and forwarding of documents by mail service 

 

• sending of information to external control, including through the e-Pessoal system 

 

• registration and confirmation of registration for access and use of the resources, functionalities, and tools available on the website, applications, and platforms used by the TCU 

 

• Compliance with a legal/court order principle/provision 

 

• Internal selection processes 

 

• Institutional improvement efforts 

 

Access to data collected from interns, active civil servants, retirees, and pensioners is given only to TCU civil servants and collaborators authorized to use those data. 

Requests for anonymization, lock, or removal of personal data that are unnecessary, excessive, or processed in defiance of the legislation in force must be sent to Segedam through a reasoned request, which will be granted provided that they do not violate any legal obligation.

Resolution No. 342/2022 TCU Corporate Policy on Information Security  

Regulation No. 163/2023 TCU Personal Data Protection Policy  

Resolution No. 354/2023 Regulates, within the TCU, the data processing of the Individual Taxpayer Identification Number (CPF) 

Regulation No. 89/2023 Approves the Regulation on the TCU Corporate Policy on Information Security 

Resolution No. 347/2022 Defines the structure and the duties of the TCU Departments 

Regulation No. 28/2021 Creates the Technical Committee for Information Protection and Security (CPS) 

Usage data 

We may collect information that your web browser sends whenever you visit our Service or whenever you access the Service through a mobile device (“Usage Data”). 

Those Usage Data may include information such as your computer’s IP address, web browser type, web browser version, pages of our Service that you visited, date and time of your visit, time spent on those pages, unique device identifiers, and other diagnostic data. 

When you access the Service through a mobile device, those Usage Data may include information such as the type of the mobile device used, the unique identification of the mobile device, the mobile device IP address, the mobile’s operating system, the type of web browser used, unique device identifiers and other diagnostic data. 

(*Those data are obtained through Google Analytics and Hotjar) 

 

Tracking data and cookies 

We use similar cookies and tracking technologies for trailing activity on our Portal and for keeping some information. 

Cookies are files containing a small amount of data which may include an anonymous unique identifier. The cookies are sent to your web browser from a website and stored on your device. 

You may instruct your browser to refuse all cookies or to alert you when a cookie is being sent. However, not accepting cookies could limit your access to certain resources on our Service. 

Examples of cookies we use: 

Session cookies. We use session cookies for operating our service. 

Preference cookies. We use preference cookies to store your preferences and several other settings. *We do not use cookies for tracking your usage preferences. 

Security cookies. We use security cookies for security purposes, and to prevent issues on shared computers, for example. 

Data usage 

The TCU uses collected browsing data for various purposes: 

• Providing and maintaining the service 

 

• Giving you notice of changes in our service 

 

• Allowing you to use our service’s interactive resources, if you choose to do so 

 

• Providing customer service and support   

 

• Providing analyses or valuable information so that we may improve the service 

 

• Monitoring the use of the service 

 

• Detecting, preventing, and solving technical problems 

This page contains information that was updated for the last time on Jan-25-2024. 

This information can be updated at any time to align with current legislation, work processes, and IT solutions. For this reason, we recommend periodically checking this page.