Privacy policy
1. Purpose
The purpose of this document (“Privacy Policy”) is to describe for the User the methods, processes and procedures used by GSGA when handling personal data, and to inform the User about the privacy measures employed, respecting the principles of article 6 of the LGPD and data protection good practices.
By using the Website and GSGA’s materials/services, as well as by registering for any events promoted by GSGA or in partnership with GSGA, the User expressly acknowledges and agrees to this Privacy Policy.
The terms and expressions used here have the same meaning given to them in the TCU (available at: https://gsga.com.br), unless otherwise expressly indicated here.
Please note that the definition of data handling in the LGPD is broad and is defined as: every operation done with personal data, such as those concerning the collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of the information, modification, communication, transfer, distribution or extraction.
2. Who are the handling agents?
The handling agents are defined by the LGPD as Controller and Operator. The Controller is a natural person or company who makes the decisions regarding the handling of personal data (article 5(VI)). The Operator is a natural person or company who handles the personal data in the Controller’s name (article 5(VII)).
GSGA can act at times as the Controller and at times as the Operator, depending on the situation, but it will always keep a record of the personal data handling operations that it engages in.
3. Person Responsible
The Person Responsible, who is more commonly referred to as the DPO (Data Protection Officer), is the person appointed by the Controller and Operator to serve as liaison for communication among the Controller, the owners of the data and the ANPD (article 5(VIII) of the LGPD). The Person Responsible at GSGA is Mr. Ivan Alberto Hasse, who the User and any third party can contact by e-mail: ivan.hasse@gsga.com.br, or by telephone: +55 (41) 3304-8800.
4. What data is handled?
GSGA collects, stores and uses the data contained in the Contact Us and Work with Us forms, located on our website at https://gsga.com.br.
Other types of data not expressly provided for in this Privacy Policy could potentially be collected, so long as they are provided with the User’s consent or if collection is allowed or required by law.
5. When is the data collected and how is it used?
GSGA collects and uses personal data on the following occasions:
| When? | How? |
| The owner provides personal data by email or other correspondence sent to GSGA and those who work there. | To fulfill the specific purpose requested by the owner or for the provision of services by GSGA, in general. |
| If the owner of the personal data is an employee or third party hired by GSGA, we can collect and handle personal data at the time of hiring or during the employment agreement. | To manage the employment relationship, in accordance with internal policies. |
| If the owner provides his or her personal data as a candidate for a job at GSGA or to receive professional opportunities, whether by registering on the Website or participating in student fairs and events in which GSGA takes part. | To contact the owner, analyze his or her background for the job in question and conduct employment interviews. |
| If a client sends us personal data of third parties for contact within the framework of a service for which we were hired. | To fulfill a specific purpose in which GSGA provides services. |
| If the owner of the personal data or his or her company is a business partner of GSGA or in parallel projects, such as charitable activities. | Para troca de informações e benchmarking. |
| If the owner of the personal data attends one of GSGA’s events or talks about a specific GSGA practice with someone who works there and provides his or her contact information. | Envio de correspondências conforme descrito abaixo. |
In all the cases of personal data collection mentioned above, GSGA can use personal data to send (i) information about GSGA’s areas of activity; (ii) news in which GSGA or those who work there appear in the media; (iii) invitations to events, as well as reminders about them; (iv) client satisfaction surveys; (v) other materials produced by GSGA about its areas of activity and for events; and (vi) physical materials, such as books and promotional gifts from GSGA, always in a reasonable manner and in keeping with the reasonable expectations of the owner of the personal data.
6. Data sharing
GSGA does not share User’s personal data with third parties, except if the disclosure is: (i) necessary to provide services to the User with GSGA partners; (ii) with partners of the User, on the User’s request; (iii) required by a court order or request from a government body with jurisdiction.
7. How long is the data stored?
GSGA will retain the User’s personal data and store it until any request for its exclusion, or until it has fulfilled its purpose.
GSGA can keep the User’s personal data after receiving a request for its exclusion or after it has fulfilled its purpose if this is necessary to comply with legal obligations, resolve disputes, maintain security, avoid fraud and abuse and ensure the performance of contracts.
8. Data security
GSGA undertakes to take security, technical and administrative measures appropriate to protect personal data from unauthorized access and accidental or illegal situations of destruction, loss, alteration, communication or any form of inappropriate or illegal handling. An example of a measure is data encryption, which scrambles the data provided. Among other things, GSGA uses Secure Socket Layer (SSL) encryption technology for transactions over the Internet.
GSGA is committed to protecting the User’s personal data, however, it bears noting that no system is completely and absolutely secure, for which reason GSGA accepts no liability for the exclusive fault of a third party, as in the case of attacks by hackers or crackers, or the exclusive fault of the User, as when he or she transfers his or her data to third parties.
Finally, GSGA undertakes to inform the ANPD and the User within a reasonable time about the occurrence of a security incident that could lead to material risk or harm to the owners.
Please remember that the channel indicated in item 3. Person Responsible serves for the communication of possible violations, flaws and vulnerabilities of the service so that any security incidents are reported, identified and dealt with quickly and preemptively.
9. Cookies
GSGA uses cookies, which are small text files that are stored on the hard drive of the User’s computer (or on any other device connected to the Internet, such as smart phones or tablets). The cookies used do not collect personal data. The cookies are used, for among other purposes, to improve the performance of the Website, to provide personalized viewing options to the User, to compile statistical reports about the Website’s activities and for security purposes. GSGA also uses cookies to recognize a User as someone who has previously visited our Website or to fill in forms. This information can be disclosed to third parties for the provision of any of the activities mentioned above in GSGA’s name.
GSGA makes specific use of Google Analytics. Google Analytics is a free analysis tool that Google provides to help us understand how Users interact with the Website. Google Analytics collects information anonymously and examines Website trends without identifying the Users. These cookies are used to store information, such as the time at which the access occurred, if the User has accessed the Website before and what website directed the User to the Website. Google Analytics customers can see various reports about how the Users interacted with the website itself so they can improve their website and how people find it. A different set of cookies is used for each website, and the Users are not tracked. Google Analytics clients are required to notify users about the use of Google Analytics. To deactivate this kind of cookie, some browsers indicate when a cookie is being sent and allow you to refuse cookies on a case-by-case basis. In addition to refusing cookies, you can also install a tool to deactivate Google Analytics in your browser, which stops Google Analytics from collecting information about visits to the website. You can choose to do this by clicking on: https://tools.google.com/dlpage/gaoptout
10. International data transfer
GSGA, in principle, does not internationally transfer the User’s personal data, but if this is necessary it undertakes to comply with all the requirements in article 33 of the LGPD.
11. Liability disclaimer
The Website does not make any guarantee regarding the availability, continuity of operation or infallibility of the services and/or content, and likewise does not guarantee that they will be useful for performing any particular activity. Moreover, given the characteristics of the Internet medium, the Website does not guarantee the security and privacy of the Content outside of the domain of the Website, except under the terms of the Privacy Policy, nor does it guarantee that it will be uninterrupted, free of viruses or other problems, errors or attacks and, in particular, does not guarantee that unauthorized third parties cannot access and, potentially, intercept, eliminate, alter, modify or manipulate in any way the data contained on and/or transmitted to its servers.
12. Applicable law and venue
This Privacy Policy is governed by Brazilian law and any disputes or controversies arising from this Privacy Policy will be resolved by the Central Court of the District of Curitiba, Paraná, with the express waiver of any other, no matter how privileged it may be.
Without prejudice to any other form of administrative or judicial remedy, all data owners have the right to present a claim to the ANPD.
