Venturus Privacy and data processing

Date of the last update: 15 December 2022

1. Introduction

The purpose of this Policy is to demonstrate the commitment of:

Venturus Center for Technological Innovation, a private association, registered with the CNPJ/MF under number 96,499,728/0001-89. Headquartered at Estrada Giuseppina Vianelli Di Napoli, No. 1185, GlobalTech Campinas Condominium, Polo II de Alta Tecnologia, Campinas/SP, CEP: 13086-530 with the privacy protection of information received from your clients, including personal data, in accordance with the laws in force, with transparency and clarity with you and the market in general.

This policy outlines the main rules regarding the processing of your personal data when we serve You in our physical units or through our virtual environments (“Our Environments”).

If you contract only one of the services, the rules set out in this policy will remain applicable, as far as you can, without prejudice to additional information being provided by Us.

To access and use the functionalities offered in our environments, you declare that you have read this Policy completely and carefully and are fully aware, thus confirming your free and express agreement with the terms stipulated here, including the collection of the information mentioned here, as well as its use for the purposes specified below.

2. About the data collected

2.1 How data is collected. Data, including personal data, may be collected when You submit to us or when You interact with our environments and services, including:

Registration data (online and in-person)

What is collected?

Full name
Job Title
Email
Contact numbers
Home address

What is it collected for?

(i) Identify and authenticate You;
(ii) Expand our relationship, carry out research, inform You about news, features, content, news and other events that we consider relevant to You;
(iii) Allow the registration of requests in the “Contact Us”;
(iv) Enable You to access and use the features and functionalities of the Platform;
(v) Ensure the portability of registration data to another controller in the same field of activity, if requested by You, complying with the obligation of article 18 of the Lei Geral de Proteção de Dados;
(vi) Comply with legal record keeping obligations established by the Marco Civil da Internet - Lei 12.965/2014.

Professional data

What is collected?

Profession
History of professional experience
Educational background
Knowledge in languages

What is it collected for?

(i) Identify professional profile;
(ii) Recruit employees if you want to work with us.

Health data

What is collected?

Information about professional PwDs

What is it collected for?

(i) Recruit employees if you want to work with us;
(ii) Comply with the legal obligations established by the Lei das Cotas - Lei No. 8.213/1991;

Digital identification data

What is collected?

Source IP Address and Logical Port
Record the date and time of each action You perform
What screens did you access
Session ID
Cookies

What is it collected for?

(i) Comply with legal record keeping obligations established by the Marco Civil da Internet - Lei 12.965/2014;
(ii) Security monitoring of our environments for the sake of your and our safety;

2.2 Necessary data. The provision of services and the use of the functionalities of our environments depend directly on some data provided in the table above, especially on registration data. If you choose not to provide some of this data, you may be unable to fully enjoy the services offered to You.

2.3 Update and Veracity of the Data. You are solely responsible for the accuracy, veracity, or lack thereof in relation to the data You provide or for its outdated data. Be aware as it is your responsibility to ensure accuracy or to keep them up to date.

2.3.1 Likewise, we are not obliged to process or process any of your data if there are reasons to believe that such processing or treatment could impute to us any violation of any applicable law, or if You are using our environments for any illegal, unlawful or contrary to morality.

2.4 Database. The database formed through the collection of data is our property and responsibility, and its use, access and sharing, when necessary, will be done within the limits and purposes of the business.

2.5 Technologies used. We use the following technology (s):

i. Cookies, and it is up to you to configure your Internet browser if you wish to block them. In this case, some of the features that are offered may be limited.
ii. Google Analytics: quantitative data to measure the number of accesses to the content of the site.

2.5.1 All technologies used will always respect current legislation and the terms of this Policy.

2.6 We do not use any type of solely automated decision that impacts You.

3. How we share data and information

3.1 Data sharing hypotheses. The data collected and the recorded activities can be shared, always respecting the sending of the minimum information necessary to achieve the purposes:

(i) With partner companies necessary to provide recruitment and selection services, such partners are always required to comply with security and data protection guidelines, in accordance with item 4.4 of this Policy;

(ii) Automatically in the event of corporate movements, such as a merger, acquisition, and incorporation; and

(iii) With competent judicial, administrative, regulatory, or governmental authorities, whenever there is a legal determination, request, requisition, or court order.

4. How your data is protected and how you can protect it too

4.1 Cautions You Must Take. It is very important that You protect your data against unauthorized access to your computer, in addition to making sure that you always click “exit” when you close your browsing on a shared computer. It is also very important that You know that we will not send electronic messages requesting confirmation of data or with attachments that can be executed (extensions: .exe, .com, among others) or even links for possible downloads.

4.2 Access to Personal Data, proportionality and relevance. Internally, the personal data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to business objectives, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this policy.

4.3 External links. When you use our environments, you may be led, via links to other portals or platforms, that may collect your information and have their own data processing policy.

4.3.1 It will be up to You to read the privacy and data processing policies of such portals or platforms outside of Our Environments, and it is your responsibility to accept or reject them. We are not responsible for the Privacy and Data Processing Policies of third parties or for the content of any websites, content, or services linked to environments other than those of the services.

4.3.2 Partner services. We have partner companies that offer services and/or products through the Services and/or functionalities that can be accessed from Our Environments. Any Data provided by You directly to these partner companies will be their responsibility and are thus subject to their own data collection and use practices.

4.4 Processing by third parties under our guidance. If third-party companies carry out the Processing on our behalf, of any Personal Data that is collected, they will respect the conditions stipulated here and the information security regulations, compulsorily.

4.5 Communication by e-mail. To optimize and improve our communication, when we send an e-mail to You we may receive a notification when they are opened, provided that this possibility is available. It is important that you be aware, as emails are sent only through the domains: [@venturus .org.br and @vntschool .org.br].

5. How are your personal data and activity logs stored

5.1 The personal data collected and activity records are stored in a secure and controlled environment for a minimum period of time that follows the table below:

Registration data

Storage period: 5 years after the termination of the relationship.
Legal basis: Art. 12 and 34 of the Código de Defesa do Consumidor.

Digital identification data

Storage period: 6 months.
Legal basis: Art. 15, of the Marco Civil da Internet.

Other data

Storage period: for as long as the relationship lasts or there is no request for deletion or revocation of consent.
Legal basis: Art. 9, Section II of the Lei Geral de Proteção de Dados.

5.2 Longer storage times. For auditing, security, fraud control and preservation of rights, We may keep the record of recording your Data for a longer period of time in the event that the law or regulatory regulation so establishes or for the preservation of rights.

5.3 The collected data will be stored on servers located in Brazil, as well as in an environment for the use of resources or cloud servers (cloud computing), which may require a transfer and/or processing of this data outside Brazil.

6. What are your rights and how to exercise them

6.1 Your basic rights. You may request confirmation of the existence of personal data being processed, in addition to the display or rectification of your personal data, through our service channels.

6.2 Limitation, opposition and deletion of data. Through service channels, you can also request:

(i) The limitation of the use of your personal data;

(ii) Express your opposition and/or revoke your consent regarding the use of your personal data; or

(iii) Request the deletion of your personal data that has been collected by us.

6.2.1 If You withdraw your consent for fundamental purposes from our environments and services, those environments and services may become unavailable to You.

6.2.2 If you request the deletion of your personal data, it may be that the data must be kept for a period longer than the deletion request, in accordance with article 16 of the Lei Geral de Proteção de Dados for (i) compliance with a legal or regulatory obligation, (ii) study by a research body, and (iii) transfer to a third party (subject to the data processing requirements set out in the same Law). In all cases, through the anonymization of Personal Data, whenever possible.

6.2.3 At the end of the maintenance period and the legal requirement, personal data will be deleted using secure disposal methods, or used in an anonymized form for statistical purposes.

7. Information about this policy

7.1 Amendment of content and update. You recognize our right to change the content of this policy at any time, depending on the purpose or need, such as for the adaptation and legal compliance of a provision of law or regulation that has equivalent legal force, and it is up to You to verify it whenever you access our environments or use our services.

8. Glossary

8.1 For the purposes of this policy, the following definitions and descriptions should be considered for your better understanding:

(i) Cookies: Small files sent by our environments, saved on your devices, that store preferences and little other information, with the purpose of customizing your browsing according to your profile.

(ii) Cloud Computing: It is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the objective of reducing costs and increasing the availability of sustained services.

(iii) Automated decisions only: These are decisions affecting a user that have been programmed to work automatically, without the need for human operation, based on automated processing of personal data.

(iv) Data: Any information entered, processed, or transmitted through Our Environments.

(v) Personal Data: Data related to an identified or identifiable natural person.

(vi) Sensitive Personal Data: Personal Data about racial or ethnic origin, religious conviction, political opinion, membership in a religious, philosophical or political union or organization, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.

(vii) Data Protection Officer (DPO): Person appointed by us to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD).

(viii) Session ID: Identification of the user session when accessing Our Environments.

(ix) IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies USERS' devices on the Internet;

(x) Treatment: Any operation carried out with Personal Data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.