Discover the project

Privacy and Data Protection Policy

SUMMARY

NUERNBERMESSE BRASIL – FEIRAS E CONGRESSOS LTDA., registered with CNPJ/MF under no. 00.627.805/0001-60 (“Company” or “NMB”), is committed to the security, privacy, and confidentiality of the Personal Data of its employees, clients, suppliers, and all its stakeholders.

Furthermore, NMB values the protection of Personal Data of visitors to its website and events.

By recognizing and respecting the legitimate Processing of Personal Data, in accordance with current legislation and other applicable norms, the Company has developed this Privacy and Data Protection Policy (hereinafter, the “Policy”), which must be observed by all employees, contractors, and partners.

The Company undertakes to take all measures to preserve privacy and ensure the protection of each data subject’s Personal Data; and, when collecting, processing, and using Personal Data, to observe all applicable legislation.

NMB also undertakes to adopt technical and administrative measures capable of protecting personal data from unauthorized or illicit access, destruction, loss, alteration, communication, or disclosure, as well as to prevent the occurrence of damage due to the processing of personal data.

Only authorized employees may have access to the Company’s database.

Access to personal information is restricted and ensured by good practices and strict compliance standards.

The Company undertakes not to sell, rent, or transfer your information to third parties without the prior consent of the data subject.

1. INTRODUCTION

Applicable Laws and Regulations: This Policy is governed by the parameters defined by the General Data Protection Law, No. 13,709/2018 (hereinafter the “LGPD”), in line with the legal precepts of the Constitution of the Federative Republic of Brazil, in its Article 5, item LXXII; the Habeas Data Law (hereinafter “Habeas Data”), No. 9,507/1997; and, finally, the Civil Rights Framework for the Internet, Law No. 12,965/2014 (hereinafter and jointly referred to as “Applicable Regulations”).

Scope of Application: This Policy applies to Personal Data managed by the Company and which are subject to Personal Data Processing operations.

Purpose: The objective of this Policy is to demonstrate compliance with the duties provided for by the LGPD, as well as to regulate the Personal Data Processing procedures including the collection, access, retention, and deletion of said data by the Company.

1.1. DEFINITIONS:

For the purposes of this Privacy Policy, according to the LGPD, it is understood as:

  • ANPD: National Data Protection Authority at the federal level responsible for inspecting, penalizing, and regulating topics related to Personal Data protection.
  • Database: Organized set of Personal Data subject to Processing.
  • Personal Data Controller: Natural or legal person, public or private, who, alone or in association with third parties, decides on the Processing of Personal Data and the Database (hereinafter, the “Controller”).
  • Consent or Authorization: Free, informed, and unequivocal manifestation by which the data subject agrees to the processing of their Personal Data for a determined purpose.
  • Personal Data: Any information linked to or that can be associated with one or more specific or identifiable natural persons. Some examples of Personal Data are: name, citizen card, address, email, telephone, marital status, health data, fingerprint, image, facial recognition, salary, assets, among others.
  • Personal Data Protection Officer: Natural or legal person appointed by the Controller (hereinafter, the “Officer”) to act as a communication channel between the Company, the data subjects, and the National Data Protection Authority (hereinafter, the “ANPD”).
  • Personal Data Processor: Natural or legal person, public or private, who, alone or in association with third parties, carries out the Processing of Personal Data on behalf of the Controller (hereinafter, the “Processor”).
  • Complaint: Request from the Personal Data Subject or persons authorized by them or by Law to correct, update or delete their Personal Data or revoke authorization in cases provided for by Law.
  • Personal Data Subject: Natural person whose Personal Data are subject to Personal Data Processing (hereinafter, the “Data Subject”).
  • Personal Data Processing: Any operation or set of operations and technical procedures, automated or non-automated, on Personal Data, such as collection, access, storage, registration, conservation, use, circulation, modification or deletion, among others (hereinafter, “Processing”).

1.2. PRINCIPLES APPLICABLE TO PERSONAL DATA PROCESSING:

The Company will apply the principles mentioned below, which must guide and inspire the Processing of Personal Data.

  • Purpose: Personal Data collected must be used for a lawful, legitimate, specific, and explicit purpose, which must be previously informed to the Data Subject, clearly and sufficiently (Article 6, item I of the LGPD).
  • Adequacy: Processing of Personal Data compatible with the purpose informed to the Data Subject (Article 6, item II of the LGPD).
  • Necessity: Limitation of processing to the minimum necessary for the achievement of its purposes, covering pertinent, proportional, and non-excessive data in relation to the purposes of data processing (Article 6, item III of the LGPD).
  • Free Access: Personal Data Processing can only be carried out by persons authorized by the Data Subject and/or by persons provided for in the Law (Article 6, item IV of the LGPD).
  • Quality: Guarantee, to the Data Subject, of accuracy, clarity, relevance, and updating of data, according to the need and for the fulfillment of the purpose of their processing (Article 6, item V of the LGPD).
  • Transparency: Guarantee, to the Data Subjects, of clear, precise, and easily accessible information about the processing and the respective processing agents, observing commercial and industrial secrets (Article 6, item VI of the LGPD).
  • Security: Use of technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or illicit situations of destruction, loss, alteration, communication, or diffusion (Article 6, item VII of the LGPD).
  • Prevention: Adoption of measures to prevent the occurrence of damage due to Personal Data Processing (Article 6, item VIII of the LGPD).
  • Non-discrimination: Impossibility of carrying out processing for illicit or abusive discriminatory purposes (Article 6, item IX of the LGPD).
  • Accountability and Demonstrability: Demonstration, by the agent, of the adoption of effective measures capable of proving the observance and fulfillment of Personal Data protection norms and, including, the effectiveness of these measures (Article 6, item X of the LGPD).

2. RIGHTS AND DUTIES

Data Subject Rights: According to Article 18 of the LGPD and other provisions of the Applicable Regulations on Personal Data protection, the Personal Data Subject has the following rights:

  • Obtaining confirmation about the existence of processing;
  • Free access to their Personal Data that have been subject to Processing, based on art. 9 and item I of art. 18 of the LGPD;
  • Rectification of incomplete, inaccurate, or outdated Personal Data;
  • Anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data with the provisions of the LGPD;
  • Portability of Personal Data to another service or product provider, upon express request, in accordance with ANPD regulation, observing commercial and industrial secrets;
  • Deletion of Personal Data processed with the data subject’s consent, except in the cases provided for in art. 16 of the LGPD;
  • Information on public and private entities with which the Controller shared Personal Data;
  • Information on the possibility of not providing consent and on the consequences of such refusal.

Rights Request Form: The Company has trained professionals to answer your questions and requests and to exercise your Rights. You can fill out our Rights Request Form (“Form”).

It is important to note that parents or legal guardians may exercise the rights on behalf of children or adolescents, under the terms of applicable legislation.

Analysis of Rights Request Form: When we receive your request, our privacy team will analyze it and may respond in two ways, determining that: (i) your request is lawful and legitimate, and therefore must be accepted; or (ii) your request was denied and, for certain reasons, cannot be fulfilled. Don’t worry, even in case of denial, we will inform you the reasons why your request was not approved. All our responses will always be sent by the same means by which you contacted us, whether by email or correspondence.

We may need to ask you for specific information to confirm your identity and ensure that you can exercise your Rights. This is a security measure to ensure that Data is not disclosed to anyone who is not legitimately entitled to receive it. This measure is necessary, especially considering our concern with the information we process about children and adolescents;

If your request is accepted, we will do our best to contact our suppliers and business partners who may have access to your Personal Data to likewise ensure the rectification, deletion, or any other right;

The Company may store and maintain, in the form of a record, a history of Rights requests so that we can, if necessary, present it to the competent authorities as proof that responses were made in a timely and appropriate manner.

Response Time: Once your request is received, our team will get back to you with a response within 15 (fifteen) days. If clarification or more information about your request is needed, we may send you some questions so that we can respond to your request satisfactorily, so that the deadlines will be suspended from the sending of our questions until the receipt of your response.

Non-fulfillment of Request: In case of non-fulfillment of a specific request, the Company undertakes to clarify the reasons that led to the eventual denial of your request, including:

  • preservation of the Company’s business secret and intellectual property;
  • violation of rights and freedoms of third parties;
  • anonymized information which, therefore, is not Personal Data;
  • obstruction of law and justice;
  • the Company’s legitimate interests;
  • repetitive, reiterated, or excessive requests.

Company Duties: The Company, as Controller, is obliged to comply with the following duties:

  • Request and keep a copy of the authorization granted by the Data Subject;
  • Maintain Personal Data in the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access;
  • Ensure that the information related to Personal Data provided to the Operator(s) is true, complete, accurate, updated, verifiable, and understandable, rectifying it when incorrect and communicating the pertinent to the Operator(s);
  • Update the information, communicating to the Operator(s) in a timely manner about changes in previously provided Personal Data, and adopting other necessary measures to keep the information provided to it updated;
  • Provide the Operator(s) only the Personal Data necessary to fulfill its purpose;
  • Require the Operator(s), at all times, to respect the security and privacy conditions in the Processing of the Data Subject’s Data;
  • Process inquiries and complaints made by Data Subjects and return them in a timely manner under the Applicable Regulation;
  • Inform the ANPD and the Data Subject about the occurrence of a security incident resulting from irregular Personal Data Processing;
  • Maintain a record of all Personal Data Processing operations, containing the respective legal basis for that specific Processing.

3. PERSONAL DATA PROCESSING

Authorization for Personal Data Processing: Physical, electronic, or any format document presented for the Data Subject’s knowledge, before or at the time of Data collection, being the means by which all contents of this Policy are communicated, notably, about the Personal Data Processing process that will be collected, the ways to know them and, in general, the purposes for which they were obtained.

Personal Data Processing: The Personal Data managed by the Company will be collected, used, stored, updated, transmitted, and/or transferred for the following purposes or objectives:

Regarding our clients’ Personal Data:

  • To provide the necessary and desired services and products;
  • Inform about new products or services that are or are not related to those contracted or acquired by the Data Subject, always offering opt-in and opt-out options and aiming for compatibility with the Data Subject’s consumption profile;
  • Fulfill contractual obligations entered into with the Data Subject;
  • Report changes in products or services, for transparency purposes;
  • Evaluate product and service quality, conduct market studies and statistical analyses for internal uses and improvement of offered products and services;
  • Allow Data Subjects’ participation in marketing and promotion actions (including participation in contests, raffles, and sweepstakes), and their realization on social networks;
  • Facilitate the design and implementation of loyalty programs;
  • Send by physical, electronic, mobile or mobile device, via text messages (SMS and/or MMS), commercial, advertising, or promotional information about products and/or services, events and/or promotions of a commercial or non-commercial nature, with the aim of promoting, inviting, executing, informing and, in general, carrying out campaigns, promotions or contests of a commercial or advertising nature – again, always providing opt-in and opt-out options and such approach being personalized to the Data Subject’s consumption profile;
  • Sharing, including the Transfer and Transmission of Personal Data to third parties strictly for purposes related to the operation of the Company’s activities, both in terms of internal functioning and its core activities;
  • Conduct internal studies on compliance with commercial relations and market studies at all levels;
  • Conduct optional general surveys and polls aiming at the evaluation of a good or service;
  • Conduct internal or external audit processes typical of the commercial activity developed by the Company;
  • Allow Companies linked to the Company, with whom it has entered into contracts committed to the security and proper Processing of processed Personal Data, to contact the Data Subject with the aim of offering goods or services of interest – this possibility will be duly contained in the Privacy Notice and in the contractual instruments with clients;
  • Control access to the Company’s offices and facilities, including the implementation of areas monitored by video cameras, for security reasons;
  • Respond to questions, requests, and complaints made by Data Subjects and regulatory and control bodies, such as the ANPD, as well as transmit Personal Data to other authorities that, by force of applicable legislation, must receive Personal Data;
  • Transfer the collected information to the different areas of the Company and its affiliated Companies in Brazil and abroad, when necessary for the development of its operations – provided that, according to item II of art. 33 of the LGPD, such provision is expressly stated through specific or standard contractual clauses, global corporate rules, or certifications, demonstrating compliance with principles and rights introduced by the LGPD;
  • Use the various services corresponding to websites, including content and format downloads;
  • Register your Personal Data in the Company’s internal information systems and in its commercial and operational databases;
  • Any other activity of a similar and/or complementary nature to those described above that is necessary for the development of the Company’s corporate purpose, duly registered in the Articles of Association.

Regarding the Personal Data of our employees and suppliers:

  • Manage and operate, directly or through third parties, personnel selection and hiring processes, including evaluation and qualification of participants and verification of work and personal references, and conducting security studies;
  • Develop human resources management activities for the operation, such as payroll, affiliations with general social security entities, occupational health and social security activities, exercise of the employer’s sanctioning power, among others;
  • Make necessary payments arising from the execution of the employment contract and/or its termination, and other social benefits that may be applicable under the terms of applicable legislation;
  • Contract labor benefits with third parties, such as life insurance, medical expenses, among others;
  • Notify authorized contacts in case of emergencies during working hours or during their development;
  • Coordinate the professional development of employees, employees’ access to the Company’s IT resources, and assist in their use;
  • Plan business activities;
  • Control access to the Company’s offices and establish security measures;
  • Transfer the collected information to the various areas of the Company and its affiliated Companies in Brazil and abroad, when necessary for the development of its operations and payroll management (portfolio collection and administrative collection, treasury, accounting, among others), observing the provisions of art. 33, item II of the LGPD;
  • Register contractors and suppliers in the Company’s systems and process their payments;
  • Conduct training;
  • Register your Personal Data in the Company’s information systems and in its commercial and operational databases;
  • Any other activity of a similar and/or complementary nature to those described above that is necessary for the development of the Company’s corporate purpose.

Data Transfer to Processor. When the Company wishes to send or transmit Data to one or more Processors located in the country’s territory, contractual clauses must be established or a Personal Data Processing Agreement must be entered into, in which, among others, the following must be agreed upon, regarding the scope and purposes of the Processing:

  • The activities that the Processor will carry out on behalf of the Company;
  • The obligations that the Processor must fulfill in relation to the Company’s Data Subject;
  • The Processor’s duty for Data Processing in accordance with the authorized purpose for it and observing the principles established in the Applicable Regulations and in systematic integration with the Brazilian legal system, as well as with this Policy.
  • The Processor’s obligation to adequately protect Personal Data and Databases, as well as to maintain confidentiality regarding the transmitted Data;
  • A description of the specific security measures to be adopted by both the Company and the Data Manager at their destination.

Database Validity Period: Personal Data under the Company’s control will be kept for the necessary time according to the purpose of the Processing and/or for the period necessary to comply with a legal or contractual obligation, under the terms of Article 15 of the LGPD.

Personal Data Retention and Deletion Period: The Company has a Personal Data retention policy aligned with applicable law. Personal Data is stored only for as long as necessary to fulfill the purposes for which it was collected, unless there is any other reason for its maintenance, such as, for example, compliance with any legal, regulatory, contractual obligations, among others permitted according to law. We always carry out a technical analysis to determine the appropriate retention period for each type of Personal Data collected, considering its nature, need for collection, and purpose for which it will be processed, as well as any retention needs for the fulfillment of obligations or the safeguarding of rights.

4. SECURITY MEASURES AND COOKIE POLICY

Web Analysis and Provider Sources: In order to offer the best possible service and continuously improve our website for the benefit of our visitors, we use web analysis software provided by Google Inc. (“Google”), Google Analytics.

This is an analysis service that also uses cookies. The information related to the use of this website generated by the cookie (including your IP address) is transferred to one of Google’s servers in the USA and stored there for 26 months. Google uses this information to evaluate your use of the website, to compile reports on website activities for website operators, and to provide additional services related to that and Internet usage. Furthermore, Google may also transmit this information to third parties if this is stipulated by law or if third parties process this data on behalf of Google. Under no circumstances will Google link your IP address to other data maintained by Google. In any case, this website uses Google Analytics with the extension “anonymizeIP()” to ensure that IP addresses are processed only in abbreviated form and thus prevent data from being linked to individual persons. However, we would like to point out that, in this case, you may not be able to use all or part of the functions offered by this website. By choosing to use it, you agree that data about you collected by Google will be processed in the manner described above and for the purpose described above. You can revoke your consent for Google Analytics to collect and use your IP address at any time.

Furthermore, this website uses fonts that are loaded directly from a legitimate and reliable provider. With this, the provider technically obtains your IP address. We do not provide any information about you to the provider and do not have access to the data collected by the provider. Without further data, that is, through anonymization techniques, your IP address does not allow any conclusion about your identity.

Work Here on our Website: Regarding online applications submitted through our website, we will only process the Personal Data declared therein for the purpose of processing the application and carrying out the selection process for that specific position, or to do so in relation to other positions in addition to that specific advertisement, which we may consider appropriate to the candidate’s profile, according to their declared qualifications.

Cookies/Similar Technologies

A cookie is a small file added to your device or computer by websites you visit. They are widely used to make websites work, or work more efficiently, as well as to provide a personalized access experience and provide information to website owners. The Company uses cookies to adapt its website according to its visitors’ use to better understand its use by customers and visitors in general. The Company also uses other similar technologies for the Company’s websites, including IP addresses, log files, and web beacons, which also help us adapt our website to visitors’ needs. The Company (or a third party on our behalf) may collect information in the form of Log Files that store website activities and collect statistics on user Browse habits, which are generated anonymously and help the Company collect the following data: (i) user’s browser and system type; (ii) information about the user’s session (such as their origin URL, date, time. pages visited and usage time) and, (iii) other Browse or click-counting data. Users can manage and disable Cookies in their browser settings, including to warn them before accepting Cookies or simply refuse them. However, it is important to emphasize that some types of cookies are necessary to enable the use of the Company’s website.

5. INTERNATIONAL DATA TRANSFER

The transfer of Personal Data of any kind to countries that do not offer adequate levels of Data protection is prohibited, as per Article 33, item I of the LGPD and ANPD Resolution CD/ANPD nº 19/2024. It is understood that a country offers an adequate level of Data protection when it complies with the standards established by the ANPD, which in no case can be lower than those required by the Applicable Regulations, especially by Article 34 of the LGPD.

This prohibition does not apply in cases of:

  • Information for which the Data Subject has granted their express and unequivocal authorization for the transfer, with prior information about the international nature of the operation, highlighted in relation to other purposes;
  • Bank or share transfers, in accordance with applicable legislation;
  • Transfers strictly necessary for the execution of the contract between the Data Subject and the Data Controller, or for the execution of pre-contractual measures.

FINAL CONSIDERATIONS

Considering that the Company does business globally, our employees are subject to the laws and regulations of different countries. However, this Privacy Policy has specific application in Brazilian territory and is subject to applicable laws and regulations and eventual updates, following legislative changes or in our internal processes, so we recommend reading its terms regularly;

This Policy may contain errors and inaccuracies and may be updated or changed in the future. Therefore, we recommend that you periodically visit this page to be aware of modifications. Before using information for purposes other than those defined in this Policy, we will request your authorization.

If you have questions, comments, or suggestions related to this Policy, you can contact the Company’s privacy team through the following means:

  • Officer: Michael Johannes Harald Hans Karl Lob
  • Contact Email: lgpd@nm-brasil.com.br
Facebook Instagram Youtube Linkedin

NürnbergMesse Brasil is a subsidiary of the NürnbergMesse Group and one of the largest promoters of business meetings in the country. With a portfolio of more than 10 events, all leaders in their markets, the company moves various segments of the national economy with a high level of professionalism and competence.

NürnbergMesse: The NürnbergMesse Group is among the 15 largest organizers of business meetings in the world. Its portfolio includes more than 120 international trade shows and congresses. Every year, around 30,000 exhibitors and more than 1.5 million visitors take part in the events organized by the multinational, which is present through its subsidiaries in China, North America, Brazil, Greece, Italy and India. The group also has a network of around 50 representatives operating in more than 116 countries.

© 2025 NMB - All rights reserved

Discover the project

Facebook Instagram Youtube Linkedin

Get to know

The showcase of knowledge and innovation at Brazil's biggest industry events.

Access NMB Play