Some services process personal data in the USA. By consenting to the use of these services, you also consent to the processing of your data in the USA in accordance with Art. 49 (1) lit. a GDPR. The USA is considered by the ECJ to be a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes, perhaps without the possibility of a legal recourse.
You are under 16 years old? Then you cannot consent to optional services. Ask your parents or legal guardians to agree to these services with you.
The GDPR is there to protect the data of EU citizens and residents. Therefore, it has a material and territorial scope (Art. 2-3), which means that both have to be satisfied for this legal instrument to apply.
Our products always fulfill the material scope due to the nature of our services, but since we have an international platform, we feel the need to address the matter of territoriality.
With regards to the territorial scope, this regulation applies to the processing of personal data in the context of activities of an establishment of a controller or processor in the Union, even if the processing takes place in the Union or not (Art.3(1)). It also applies to the processing of personal data of data subjects who are in the EU, by a controller or processor not established in the Union, where the processing activities are related to the offering of goods or services or the monitoring of their behavior, as long as their behavior occurs in EU territory (Art.3(2)). The GDPR also applies to the processing of personal data by a controller not established in the EU, but where the MS national law applies due to provisions of public international law.
Subsequent to other exceptions of material nature (e.g. Art. 2(2), Art. 4(18)), every data collection and processing that falls outside of Art. 3 does not meet the territorial requirements for the application of the GDPR.
Although we uphold the GDPR as a golden standard for our whole group, for our non-EEA subsidiaries, please consider national law (when dealing with personal data of EU data subjects in non-EEA countries, it is considered that the data subject’s current location takes precedence over their citizenship when determining whether the GDPR applies).
This means that our Brazilian users should consider the national provisions on the processing of their personal data, which are linked to this website, as a download file.