Template Texto Corrido

Privacy Notice of Gupy Admission

Gupy is strongly committed to privacy and the protection of your personal data. Therefore, we present this Privacy Notice, which contains all necessary information about when and for what purposes Gupy processes your Personal Data when you use Gupy Admission.

Your data is always processed in accordance with this Privacy Notice, as a result of the contract we have with the Client Company and in compliance with the instructions given to Gupy by this company.


Controller: natural or legal person, public or private, responsible for decisions regarding the processing of personal data. In Gupy Admission, the Client Company qualifies as the Controller;

Data: Personal Data and/or Sensitive Data;

Personal Data: information related to an identified or identifiable natural person;

Sensitive Personal Data: personal data about racial or ethnic origin, religious belief, political opinion, union membership, or membership in a religious, philosophical, or political organization, data concerning health or sexual life, genetic or biometric data, when linked to a natural person;

Data Protection Officer (DPO): person appointed by the controller and operator to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD);

Client Company: refers to the company that hires the services offered by Gupy, especially services related to Gupy Admission;

Gupy: refers to the company GUPY TECNOLOGIA EM RECRUTAMENTO LTDA, registered under CNPJ number 23.514.668/0001-52, headquartered at Avenida Paulista, 1079, Bela Vista, in the city of São Paulo, state of São Paulo, ZIP code 01.311-200. Manager of Gupy Admission;

Gupy Admission: refers to Gupy's Admission Platform, which empowers companies to streamline and automate the process of hiring new employees, offering solutions such as automatic document validation, electronic signature, communication with pre-employees, and customization of the hiring process;

LGPD: General Data Protection Law - Law No. 13,709, of August 14, 2018;

Operator: natural or legal person, public or private, who processes personal data on behalf of the Controller. Gupy qualifies as an Operator in activities related to Gupy Admission;

Pre-employee: new employees in the hiring process;

Services: activities offered through Gupy Admission, related to the hiring process of employees, through contractual formalization;

Suboperator: has a direct relationship with the Operator and is hired to assist in the processing of Personal Data on behalf of the Controller.

Who are we?

Gupy is the owner of Gupy Admission and acts as an Operator when processing your Personal Data. Therefore, we recommend that you also consult the Privacy Notice of the company in which you are participating in the hiring process - the Personal Data Controller.

Who is the Data Protection Officer (DPO)?

Name: Renata Benjamin
E-mail: privacidade@gupy.com.br 

What data is collected? For what purposes? How?

Gupy processes your data on behalf of the Client Company to facilitate your hiring process, contact you regarding the progress of your process, and send your employment contract for signature. We take your privacy very seriously and will never sell your data.

Data Type Purposes How we collect your data
Identification Data: Full name, email, address, and CPF (Brazilian individual taxpayer registry number).  We use this data to create an account on the platform.

We may also use it to contact you for:
(i) Addressing matters related to the platform's usage, including but not limited to access issues and irregularities in your account;
(ii) Inviting you to participate in surveys related to platform usability, improvement suggestions, and the development of new products.
Entered by you on the Platform. The provision is solely your responsibility, through manual input and self-submission.
Admission Documents: RG (national identity card), CPF (Brazilian individual taxpayer registry number), voter registration card, CTPS (work card), NIS (PIS, PASEP, or NIT), proof of address, bank details, among others that may be requested by the Client Company, according to your position or role. The Client Company uses these documents in its hiring process, in accordance with labor legislation, and depending on the purpose, may request other information, without interference from Gupy. Entered by you on the Platform. The provision is solely your responsibility, through manual input and self-submission. 
Navigation Data: Information about your device, access logs to the internet application (such as IP address, date, and time), platform usage time, access duration, clicks, and searched terms. We use this data to monitor the operation of the platform, conduct analyses for improvements, operationalize new products and services, and comply with legal and administrative obligations.  Automatically collected through cookies and similar technologies during your navigation on Gupy Admission. Refer to our Cookie Notice for more information.

Who do we share your data with?

We are authorized by the Controller to share your Personal Data with other data processing agents, including public bodies, if necessary for the purposes listed in this Privacy Notice, observing the principles and guarantees established by the LGPD.

Your Data will be shared (only if strictly necessary) with some service providers we hire to assist us in carrying out our activities, namely:

Supplier Service Provided Location
Amazon Web Service Cloud data storage and processing Virginia, USA
MailGun Email sending San Antonio, Texas, USA
Zendesk Support channele Oregon, USA
Clicksign Sending contracts and documents for e-signature USA and Brazil
Exato Digital Validation of documents in official agencies BraZil

Such providers have been carefully selected, have strict confidentiality agreements, and obligations related to the protection of your data. They may only process them for the purpose of providing the service contracted by the Company through Gupy.

Other specific legal demands may lead to the sharing of personal data, including for the eventual defense of our rights and interests in any kind of conflicts or to comply with determinations of competent authorities.

International transfer of personal data

We may transfer your Personal Data outside of Brazil, specifically to the United States or European Union countries, if the Client Company or any of the Suboperator companies have servers in these countries, such as in the case of data storage location.

We observe all guidelines established by current legislation and adopt best practices for data security and protection to ensure the integrity, confidentiality, availability, and privacy of your Personal Data throughout the process. Our relationships with such companies are governed by contracts that include obligations for data protection and information security appropriate to the nature of the Personal Data processing we perform and compatible with the requirements of Brazilian law.

Information security measures

We are deeply concerned about the privacy and protection of your personal data. Therefore, we adopt technical, administrative, and organizational security measures and best practices to protect our systems and databases, using the best technologies available in the market, including the use of antivirus software, data encryption, anonymization of personal data, access control, firewalls, implementation of information security policies, software solution architecture with intrusion prevention and HTTPS, institutional measures (Privacy and Data Protection Governance Program), employee training and awareness, protection against unauthorized access, among others.

However, despite our efforts, considering the nature and architecture of the internet, which includes elements that are not under our control, it is impossible to guarantee that malicious agents will not be able to access or misuse personal data, as it is an inherent risk of using computer systems.

Where and for how long will we keep your data?

Your data is stored in the cloud by the company Amazon Web Services, whose server is located in the state of Virginia, USA.

We only store your Personal Data for as long as necessary to achieve the purposes for which it was collected, in accordance with the instructions of the Client Company.

Additionally, your data and documents will be deleted by Gupy in the following scenarios:

(i) if you or the Client Company abandon the hiring process during the admission process;
(ii) if the contractual relationship between Gupy and the Client Company is terminated.

To find out the retention and disposal period, please contact the responsible department of your company directly.

What are your rights under LGPD?

You can exercise your rights provided by LGPD such as confirmation of data processing, right of access, correction of incomplete, inaccurate, or outdated data, right of portability, revocation of consent, right of objection, or request for deletion of the account or your data, by contacting your Company directly.

However, if this is not the case and you have issues related to the usability of Gupy Admission, you should contact us via support.

Gupy Admission complies with and follows the guidelines established by LGPD. Due to labor issues, the use of Gupy Admission outside of Brazil is not permitted.


This Privacy Notice may be updated. Therefore, we recommend periodically visiting this page to be aware of any modifications. If significant changes requiring new authorizations from you are made, you will be notified through Gupy Admission.


Last updated on December 7, 2023.