Logo do Venturus

Venturus privacy and data processing policy

Data da ultima atualização: 4 April 2023

This policy is intended to demonstrate the commitment of: Venturus Centro de Inovação Tecnológica, private association, registered CNPJ/MF under nº. 96.499.728/0001-89.

With headquarters at Giuseppina Vianelli Di Napoli Road, No. 1185, GlobalTech Campinas condominium, Polo II de Alta Tecnologia, Campinas/SP, ZIP code: 13086-530

to the privacy, and protection of the data received from its clients, including personal data, in accordance with the Brazilian laws in effect, with transparency and clarity with you and the market in general.

This policy describes the main rules on the processing of your personal data when we serve you in our physical units or through our virtual environments (“our environments”).

If you contract only one of the services, the rules set out in this policy will remain applicable, as far as they are applicable to you, without loss to additional information being provided by us.

To access and use the features offered in our environments, you declare having fully and carefully read this policy, being aware, thus conferring your free and express agreement with the terms stipulated herein, including the collection of the information mentioned herein, as well as its use for the purposes specified below.

2.1. How data is collected. Data, including personal data, may be collected when you submit it to us or when you interact in our environments and services, which includes:

 

Registration data (online and face-to-face environment)

What is collected?

  • Full name
  • Position
  • E-mail address
  • Contact phone numbers
  • Residential address

 

Why is it collected?

  • (i) to identify and authenticate you;
  • (ii) to expand our relationship, conduct research, and inform you about new features, content, news, and other events that we consider relevant to you;
  • (iii) to allow requests in the “contact us” form;
  • (iv) to enable your access to and use of the features and functionalities of our platform;
  • (v) to guarantee portability of registration data to another controller in the same field of activity, if requested by you, complying with the obligation of Article 18 of the Brazilian General Law on Personal Data Protection;
  • (vi) to comply with legal obligations to maintain records established by the Marco Civil da Internet – law 12.965/2014.

 

Professional data

What is collected?

  • Profession
  • Professional experience history
  • Educational background
  • Language knowledge

 

Why is it collected?

  • (i) to identify professional profile;
  • (ii) to conduct employee recruitment if you wish to work with us.

 

Health data

What is collected?

  • Information about disabled professionals

 

Why is it collected?

  • (i) to conduct employee recruitment if you wish to work with us;
  • (ii) to comply with the legal obligations established by the Lei das Cotas – Lei n°8.213/1991;

 

Digital identification data

What is collected?

  • Source IP address and Logic Port
  • Timestamp every action you take
  • What screens you have accessed
  • Session ID
  • Cookies

 

Why is it collected?

  • (i) to comply with legal obligations to maintain records established by the Marco Civil da Internet – law 12.965/2014.
  • (ii) security monitoring of our environments for your safety and ours;

2.2. Data required. The provision of services and the use of the features in our environments depend directly on some data shown in the table above, especially the registration data. If you choose not to provide some of this data, you may not be able to fully enjoy the services offered.

2.3. Updating and veracity of data. You are solely responsible for the accuracy, truthfulness, or lack thereof of the data you provide. Be aware as it is your responsibility to ensure accuracy or keep them up to date.

2.3.1. Similarly, we are not obliged to process any of your data if there are reasons to believe that such processing could impute to us any infringement of any applicable law, or if you are using our environments for any illegal, unlawful, or immoral purposes.

2.4. Database. The database formed by the collection of data is our property and responsibility, and its use, access, and sharing, when necessary, will be done within the limits and purposes of the business.

2.5. Technologies employed. We use the following Technology(ies):

  • i. Cookies, and it is up to you to configure your Internet Browser if you wish to block them. In this case, some features may be limited.
  • ii. Google Analytics: quantitative data to measure the number of accesses to website content.

2.5.1. All technologies used will always comply with current legislation and the terms of this policy.

2.6. We do not use any type of solely automated decision that impacts you.

3.1. Hypotheses of data sharing. The data collected and the activities recorded can be shared, always respecting the sending of the minimum information necessary to achieve the purposes:

(i) With partner companies necessary for the provision of recruitment and selection services, always requiring such partners to comply with the security and data protection guidelines, according to item 4.4 of this policy;

(ii) Automatically in the event of corporate transactions, such as mergers, acquisitions, and incorporations; and

(iii) With competent judicial, administrative, regulatory, or governmental authorities, whenever there is a legal determination, request, requisition, or court order.

4.1. Precautions. It is very important for you to protect your data from unauthorized access to your computer, as well as to make sure you always click “exit” when you are done browsing on a shared computer. It is also very important to know that we will not send you electronic messages requesting confirmation of data or with attachments that can be executed (extensions: .Exe,. com, among others) or even links to eventual downloads.

4.2. Access to personal data, proportionality, and relevance. Internally, the personal data collected is accessed only by fully authorized professionals, respecting the principles of proportionality, necessity, and relevance to business objectives, in addition to the commitment to confidentiality and preservation of your privacy in accordance with this policy.

4.3. External Links. When you use our environments, you may be led, via link, to other portals or platforms, which may collect your information and have their own data processing policy.

4.3.1. It will be up to you to read the privacy and data processing policies of such portals or platforms outside our environments, and it is your responsibility to accept or reject them. We are not responsible for the privacy and data processing policies of third parties and for the content of any websites, content, or services linked to environments other than those of the services.

4.3.2. Partner services. We have partner companies that offer services and/or products through the services and/or features that can be accessed from our environments. Any data provided by you directly to these partner companies will be the responsibility of these partner companies and will therefore be subjected to their own data collection and use practices.

4.4. Processing by third parties under our directive. In the event that third-party companies on our behalf carry out the processing of any personal data that is collected, they will respect the conditions stipulated herein and the information security standards, obligatorily.

4.5. Communication by email. To optimize and improve our communication, when we send you an email, we may receive a notification when they are opened, provided that this possibility is available. It is important for you to watch out, as emails are sent only by domains: [@venturus.org.br and @vntschool.org.br].

5.1. The collected personal data and activity logs are stored in a secure and controlled environment for a minimum period that follows the information below:

 

Registration data

  • Storage period: 5 years after the end of the relationship.
  • Legal basis: Art. 12 and 34 of the Brazilian Consumer Protection Code.

 

Digital identification data

  • Storage period: 6 months.
  • Legal basis: Art. 15, Marco Civil da Internet.

 

Other data

  • Storage period: as long as the relationship lasts or there is no request for erasure or revocation of consent.
  • Legal foundation: Art. 9, Inciso II da Lei Geral de Proteção de Dados Pessoais.

5.2. Longer storage times. For the purposes of auditing, security, fraud control, and rights preservation, we may remain with the history of registration of your data for a longer period of time in the cases that the law or regulatory norm establishes, or for the preservation of rights.

5.3. The data collected will be stored on servers located in Brazil, as well as in an environment of use of resources or servers in the cloud, which may require the transfer and/or processing of this data outside of Brazil.

6.1. Your basic rights. You may request confirmation of the existence of personal data processing, in addition to the display or rectification of your personal data, through our service channels.

6.2. Limitation, opposition, and deletion of data. Through the service channels, you can also:

(i) Request limits to the use of your personal data;

(ii) Express your opposition and/or revoke consent to the use of your personal data; or

(iii) Request the deletion of your personal data that has been collected by us.

6.2.1. If you withdraw your consent for fundamental purposes of our environments and services, those environments and services may become unavailable to you.

6.2.2. If you request the deletion of your personal data, the data may need to be kept for a longer period than the deletion request, in accordance with Article 16 of the Brazilian Lei Geral de Proteção de Dados Pessoais, for (i) compliance with a legal or regulatory obligation, (ii) study by a research body, and (iii) transfer to a third party (respecting the data processing requirements set out in the same law). In all cases through the anonymization of personal data, as far as possible.

6.2.3. At the end of the retention period and the legal requirement, the personal data will be deleted using secure disposal methods, or used in anonymized form for statistical purposes.

7.1. Change of content and updates. You acknowledge our right to change the content of this policy at any time, for any purpose or need, such as for legal adequacy and compliance with a provision of law or regulation that has equivalent legal force, and it is up to you to check it every time you access our environments or use our services.

8.1. For the purposes of this policy, the following definitions and descriptions should be considered for your better understanding:

(i) Cookies: Small files sent by our environments, saved on your devices, that store preferences and other information, in order to customize your browsing according to your profile.

(ii) Cloud Computing: technology that digitizes services built from the interconnection of more than one server through a common information network (eg. the Internet), with the goal of reducing costs and increasing the availability of sustained services.

(iii) Solely automated decisions: These are decisions that affect a user and have been programmed to work automatically, without the need for a human operation, based on the automated processing of personal data.

(iv) Data: Any information entered, processed, or transmitted through our environments.

(v) Personal data: Data relating to an identified or identifiable person.

(vi) Sensitive personal data: Personal data on racial or ethnic origin, religious affiliation, political affiliation, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data when linked to a natural person.

(vii) Data Protection Officer (DPO): Person appointed by us to act as a communication channel between the controller, the data subjects, and the Brazilian National Data Protection Authority (ANPD).

(viii) Session ID: Identification of the user session when accessing our environments.

(ix) IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies users’ devices on the Internet;

(x) Treatment: Any operation carried out with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, or control of information, modification, communication, transfer, dissemination, or otherwise extracting.