Privacy Notice for Gupy Sites 

Who we are?

GUPY TECNOLOGIA EM RECRUTAMENTO
CNPJ (Brazilian Business Registry) No. 23.514.668/0001-52

Gupy is the owner and controller of all websites with the domain gupy.io and acts as the controller when handling your personal data. 

By accessing our sites, contacting us, downloading materials and contents available in our website, taking our courses, or registering for Gupy events, your acceptance of this Privacy Notice is going to be requested, which indicates your awareness and agreement to Gupy obtaining and processing your data for these purposes.

Who is the Data Protection Officer (DPO)?

Name: Renata Benjamin
E-mail: privacidade@gupy.com.br

What data is collected? And how?

We collect data such as your name, contact information, event ticket purchase details, content preferences, website usage information, all to cater to your interests and provide relevant HR content. At times, to proceed with certain operations, we may request these details, and it's up to you to decide whether to provide them or not. Depending on your interactions with our sites, the personal information collected may vary. 

There are four ways in which Gupy may obtain your personal data when you visit our sites:

1. Personal data entered by the User on the site: related to your interest in (1) downloading materials prepared by Gupy, (2) requesting a demonstration of our platform, (3) taking a Gupy course, (4) registering for a Gupy event, (5) providing feedback on an event, or (6) subscribing to a newsletter;
2. Data resulting from ordinary use of the site: collected through cookies and similar technologies automatically during User navigation. This may involve information about the User's device, geolocation data, internet application access logs (such as IP, date and time), platform usage time, access duration, clicks, and search terms. For details on how we use cookies, please refer to our Cookie Notice;
3. Marketing and newsletter sending: we may prepare materials to be aailable on the Gupy website or partner companies' sites. Occasionally, we may request some data for downloading such materials;  
4. Gupy-sponsored events: if you register for a Gupy-sponsored event, we collect data to facilitate your participation.

Which are the legal bases for processing the collected data?

Gupy will process your data for the purposes described in this Privacy Notice due to a contract you have or wish to have with us. Therefore, for contract execution. We may also process them to meet Gupy's legitimate interests in offering content to you, and whenever necessary, we will seek your consent.

Additionally, we may retain data to fulfill legal obligations, as well as to exercise our rights in potential legal actions.

How are the collected personal data used?

We use the collected personal data to:

• Contact you in the case you have requested a demonstration of our platform;
• Send you relevant content about Human Resources, Recruitment and Selection, and the use of technology in these areas;
• Send newsletters and communications when you register on our sites through specific forms for this purpose;
• Personalize your interaction experience with us, online and offline, whether on our blog, through emails, or at our events;
• Provide information about our courses and events;
• Invite you to participate in our surveys;
• Monitor our service and interactions with you.

With whom do we share the collected data?

We hire service providers to assist in our activities and which, due to the nature of the services provided, may receive your personal information strictly for the purpose of delivering the contracted services. These providers are carefully selected, have strict confidentiality agreements and obligations related to the protection of your data, and may only process your data for the purpose of providing the service contracted by Gupy.

Occasionally, we make relevant content available to our Users for download in partnership with other companies. The data you provide during download may be shared with such companies, explicitly identified in our content.

Finally, the data provided by you for participation in our events may be shared with event sponsors, as long as we have obtained your consent.

Other specific legal demands may lead to the sharing of personal data, including for the eventual defense of our rights and interests in any kind of conflicts or to comply with determinations from competent authorities.

Information security measures and storage

As mentioned in the previous section, we may share your information with companies located outside of Brazil, which may require the transfer and/or processing of this data abroad.

We prioritize the privacy and protection of your personal data and because of that, we adopt security measures that safeguard our systems and databases with the best available technologies in the market.

Security measures we employ include:

Antivirus usage, data encryption, anonymization of personal data, access control based on the principle of least privilege, segregation of duties, firewall usage, implementation of internal information security policies, software solution architecture with intrusion prevention and HTTPS usage, institutional measures (governance program and structure), adverse event log monitoring, protection against unauthorized access, WAF, annual external and semi-annual internal penetration testing, vulnerability analysis for each new feature, and control implementation based on security policies.

However, despite our efforts, considering the nature and architecture of the internet, which includes elements beyond our control, it is impossible to guarantee that malicious actors will not gain access or misuse personal data, as it is an inherent risk in the use of computerized systems.

How long will we keep your data?

Gupy stores the personal data it collects only for the time necessary to achieve the purposes for which they were collected. After this period, your data will be deleted from our database or anonymized, provided there are no legal impediments.

If you wish, you can request the deletion of your data at any time.

What are your rights regarding the privacy of your data?

You can exercise your rights under the Brazilian General Data Protection Law (“LGPD”), such as confirmation of the existence of processing, the right of access, correction of incomplete, inaccurate, or outdated data, portability rights, revocation of consent, opposition rights, or deletion request, by submitting a request through our Privacy Portal.

To do so, click here to open a request in the Gupy Data Holder Portal. The response time is up to 15 business days, as stipulated by law.

How do I stop receiving marketing emails?

At any time, you can manage your email preferences through the link "Update your preferences if you no longer want to receive our emails," located in the footer of emails sent by Gupy. There, you can select the types of emails you would like to receive or not.

If you fill out any form and express your interest in contacting us or receiving materials from Gupy again, the reinsertion of your email into the list will be considered. Therefore, if it is your interest, the cancellation request must be made again.

Updates

This Privacy Notice may undergo updates. Therefore, we recommend visiting this page periodically to stay informed about modifications. If significant changes requiring new authorizations from your part are made, we will publish a new privacy notice.

Version History

10/10/2023 - Current Version

19/06/2023 - Privacy Notice for Sites - 5th versão 

13/12/2022 - Privacy Notice for Sites - 4th versão

28/11/2022 - Privacy Notice for Sites - 3rd versão

28/03/2022 - Privacy Notice for Sites - 2nd versão

13/07/2021 - Privacy Notice for Sites - 1st versão