privacidade

Privacy Notice for Gupy Corporate Education

Gupy is deeply committed to the privacy and protection of your personal data. Therefore, we present this Privacy Notice, which contains all the necessary information about when and for what purposes we process your personal data, as well as informing you about your rights when you use Gupy Corporate Education.

Your data is always treated in accordance with this Privacy Notice, due to the contract we have with the Client Company and in compliance with the instructions given to Gupy by this company.

Definitions

Controller: natural or legal person, public or private, responsible for decisions regarding the processing of personal data. In Gupy Corporate Education, the Client Company qualifies as the Controller.

Data: Personal data and/or Sensitive data;

Personal data: information related to an identified or identifiable natural person;

Sensitive personal data: personal data about racial or ethnic origin, religious belief, political opinion, membership in a union or organization of a religious, philosophical, or political nature, data related to health or sexual life, genetic or biometric data, when linked to a natural person;

Client Company: refers to the company that hires the services offered by Gupy, especially the services related to Gupy Corporate Education, i.e., your employer;

Data Protection Officer (DPO): person appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD);

Gupy: refers to the company GUPY TECNOLOGIA EM RECRUTAMENTO LTDA, registered under CNPJ No. 23.514.668/0001-52, headquartered at Avenida Paulista, 1079, Bela Vista, in the city of São Paulo, State of São Paulo, CEP 01.311-200. Manager of Gupy Corporate Education;

Gupy Corporate Education: refers to the Corporate Education Platform of Gupy for training and development of employees, which uses gamification and microlearning to develop people and improve the completion rate of training, available in both application and web formats;

Artificial Intelligence: A computational system capable of learning and performing tasks that typically require human intelligence.

Generative Artificial Intelligence: Technology that teaches computational systems to create new things, such as texts, images, music, and even ideas, in a creative manner, mimicking the way humans think and produce.

LGPD: General Data Protection Law - Law No. 13,709, of August 14, 2018;

Processor: natural or legal person, public or private, who processes personal data on behalf of the Controller. Gupy qualify as Processor in activities related to Gupy Corporate Education;

Services: activities offered through Gupy Corporate Education available in Web and Application formats with Gamification tools and microlearning methodology; Training Management Tool (Admin); functionality for creating courses of Gupy Corporate Education (Creator), through contractual formalization;

Sub-processor: have a direct relationship with the Processor and are hired to assist in the performance of personal data processing activities on behalf of the Controller.

User: means (i) an employee of the client company who has access to use the functionalities of Gupy Corporate Education; (ii) an employee of the client company who has credentials for managing the Gupy Corporate Education platform. In summary, anyone intending to use or using the services of Gupy Corporate Education;

Who we are?

Gupy is the owners of Gupy Corporate Education and act as Processor when processing your personal data. For this reason, we recommend that you also consult the Privacy Notice of the company where you work - the Controller of Personal Data.

Who is the Data Protection Officer (DPO)?

Name: Renata Benjamin
E-mail: privacidade@gupy.com.br

What data is collected? For what purposes? 

Gupy process your data on behalf of the Client Company to enable the use of Gupy Corporate Education, according to the permissions granted, especially to allow you to participate in training, events, knowledge trails, or courses defined by the company you work for or are of your interest. We take your privacy very seriously and will never sell your data.

Type of Data  Purposes How We Collect Your Data
Identification Data (CPF login):

Full name, profile picture*, date of birth*, RG, CPF, email*, phone number.

(*Optional fields)

We use this data to register and authenticate you, enabling your access to the platform, providing support, sending notifications about ongoing courses, issuing certificates, among other purposes.

Your phone number will be used exclusively for password recovery via SMS.

Such data is entered by you through self-submission or may be provided by the Client Company for registration in the Gupy Corporate Education Platform.
Identification Data (email login): 

Full name, email, language, profile picture*, date of birth*, phone number.

(*Optional fields)

We use this data to register and authenticate you, enabling your access to the platform, providing support, sending notifications about ongoing courses, issuing certificates, among other purposes.

Your phone number will be used exclusively for password recovery via SMS.

Such data is entered by you through self-submission or may be provided by the Client Company for registration in the Gupy Corporate Education Platform.
Professional Data:

Sector*, subsetor*, position*, competencies*.

(*Optional fields)
We also use this data to personalize your profile, collecting it if you choose to provide it.

Depending on the purpose, the Client Company may request additional information and collect it through Gupy Corporate Education, without interference from Gupy.
Such data is entered by you through self-submission or may be provided by the Client Company for registration in the Gupy Corporate Education Platform.
Navigation Data: 

Device information, internet application access records (such as IP, date, and time), platform usage time, access duration, clicks, and searched terms.
We use this data to monitor the platform's functionality, conduct analyses for improvements, operationalize new products and services, and comply with legal and administrative obligations.  We can collect automatically through cookies and similar technologies during your navigation on Gupy Corporate Education. For more information, please refer to our Cookie Notice.

With whom do we share your data?

We are authorized by the Controller to share your Personal Data with other data processing agents, including public entities, if necessary for the purposes listed in this Privacy Notice, observing the principles and guarantees established by the LGPD.

Your Data will be shared (and only if strictly necessary) with some service providers that we hire to assist us in carrying out our activities, namely:

Supplier Service Provided
Google Analytics  Data collection and processing to improve usability and provide services to the Client Company.
Google Cloud Platform Storage and processing of data in the cloud.
OneSignal (Sendgrid) Sending emails, SMS, or notifications on the application or web as per our contract with the Client Company.
FusionAuth Single Sign-On (SSO) system for user authentication using the access data of the Client Company.
Beamer Notification sending through the application.
OpenAI Generative Artificial Intelligence to optimize the creation of customized courses and training.

Those providers were carefully selected, hold strict confidentiality agreements, and have obligations related to the protection of your data. They can only process your data for the sole purpose of providing the service contracted by the Company through Gupy.

Other specific legal demands may lead to the sharing of personal data, including for the defense of our rights and interests in any type of conflict or to comply with determinations from competent authorities.

International Data Transfer

We may transfer your Personal Data outside of Brazil, specifically to the United States or countries within the European Union, if the Client Company or any of the Sub-processors have servers in these countries, as is the case with the data storage location.

We adhere to all guidelines established by current legislation and adopt best practices for data security and protection to ensure the integrity, confidentiality, availability, and privacy of your Personal Data throughout the process. Our relationships with such companies are governed by contracts that include obligations for data protection and information security appropriate to the nature of the Personal Data processing we carry out, and in compliance with the requirements of Brazilian legislation.

Information Security Measures

We care deeply about the privacy and protection of your personal data, which is why we have implemented technical, administrative, and organizational security measures and best practices to safeguard our systems and databases. We use cutting-edge technologies, including antivirus software, data encryption, anonymization of personal data, access control, firewalls, and the implementation of information security policies. Our software solution architecture includes intrusion prevention and HTTPS usage, along with institutional measures such as the Privacy and Data Protection Governance Program, employee training, awareness programs, and protection against unauthorized access, among others.

However, despite our efforts, considering the nature and architecture of the internet (including elements beyond our control), it is impossible to guarantee that malicious agents will not gain access to or misuse personal data, as it is an inherent risk in the use of computerized systems.

Where and for How Long Will We Keep Your Data? 

Your data is stored in the cloud by the company Google Cloud Platform, with servers located in Iowa, United States.

We store your personal data only for the time necessary to achieve the purposes for which they were collected, following the instructions of the Client Company.

Your personal data will be retained only as long as:

(i) you are designated by the Client Company as a User-Company of Gupy Educação Corporativa; and

(ii) Gupy, Niddu, and the Client Company have an ongoing business relationship. Once these conditions cease to exist, your data as a user will be deleted, retaining only those necessary for defense in a judicial or administrative process or the regular exercise of rights.

To find out about the retention and disposal period, please contact the relevant department of your company.

About the use of artificial intelligence 

How does Artificial Intelligence work? 

At Gupy Corporate Education, Generative Artificial Intelligence is used for course creation.

What data does Artificial Intelligence analyze and for what purposes? 

Generative artificial intelligence does not read personal data - unless the user intentionally enters it for course creation - only general information related to course subjects for content creation. We recommend that the user does not enter personal data when using this functionality.

What are your rights regarding the privacy of your data?

You can exercise your rights provided by LGPD, such as confirmation of data processing existence, right of access, correction of incomplete, inaccurate, or outdated data, right to data portability, withdrawal of consent, opposition, or request for account deletion or deletion of your data, by contacting your Company directly.

However, if this is not the case, and you have issues related to the usability of Gupy Educação Corporativa, you should contact us through customer support.

Gupy Educação Corporativa is in compliance with and follows the guidelines established by LGPD. The Company choosing to use them outside of Brazil should be aware that it may be subject to other legislations, in addition to LGPD, without interference from Gupy.
 

Updates

This Privacy Notice may undergo updates. Therefore, we recommend visiting this page periodically to stay informed about modifications. In case of relevant changes requiring new authorizations from your part, you will be notified through Gupy Educação Corporativa.

 

Versioning

06/10/2024 - Current version
04/22/2024 - First version