Summary
- Processing agent
- Kentro Soluções e Sistemas Ltda
- Role in processing
- Controller and Processor
- Nature of data
- Personal data provided by the Data Subject, of registration, financial and sensitive nature (art. 5, II, Law 13.709/2018).
- Sharing
- Essential processors and suppliers; government authorities by legal or regulatory requirement.
- Protection
- Technical and administrative measures appropriate to the nature of the data processed.
- Your rights
- Confirmation, access, anonymization, correction, deletion, portability, blocking, objection and sharing.
1. What data we collect about you
To provide services to our customers or hire employees, we collect some information about you:
Data you provide directly
| Service | Personal data |
|---|---|
| Receiving CVs | Name, age, address, phone, email, professional qualifications, CV. |
| Job interview | Name, phone, professional qualifications, CV. |
| Hiring employees | Name, spouse and dependents (if any), parents, taxpayer IDs, RG, work card, email, date of birth, address, phone, social security, health data (medical certificate), salary and bank details. |
| Wi-Fi for customers | MAC address, connection IP. |
| Customer prospecting | Name, phone and email. |
In some cases we may collect data of children with a parental link to you or under your legal responsibility — in such cases express consent will be required. It is your duty to provide correct and up-to-date information.
Data provided by third parties
As permitted by law, we may receive data from partners, providers and other independent sources, including public databases, to enable our service.
Automatically collected data
We also automatically collect Wi-Fi connection data and browsing data (cookies).
2. How we use your personal data
| Legal basis | Purpose |
|---|---|
| Performance of contracts or preliminary procedures (art. 7, V, LGPD) | Receiving CVs; job interviews; hiring; customer prospecting. |
| Compliance with legal or regulatory obligation (art. 7, II, LGPD) | Keeping Wi-Fi access records (art. 13 Brazilian Civil Internet Framework); keeping labor and social security documents. |
| Consent (art. 7, I, LGPD) | Processing of children's data; external contacts of subject interest via electronic messages. |
3. Who we share your personal data with
- With service providers for hiring employees.
- With government bodies to fulfill legal obligations.
- In corporate transactions or changes involving the Controller, to ensure service continuity.
- Upon court order or request from competent administrative authorities.
All providers are subject to strict contracts that prohibit unauthorized use or disclosure of the personal data they access.
4. How we keep your personal data secure
- Protection against unauthorized access to systems.
- Restricted access to storage locations by specific people.
- Strict confidentiality commitment from agents, employees and partners that handle data.
- Privacy governance program managed by the Data Protection Officer (DPO).
Although the Controller makes best efforts, no transmission is completely secure. In case of suspected security breach, we may totally or partially suspend services without prior notice and we guarantee transparency about what happened.
5. How long your data is stored
Your data will be stored for the period strictly necessary for each purpose and/or according to the relevant legal and regulatory deadlines.
6. Your rights as a data subject and how to exercise them
- Confirmation of processing.
- Access to data.
- Correction of incomplete, inaccurate or outdated data.
- Anonymization, blocking or deletion of unnecessary, excessive or non-compliantly processed data.
- Portability of data to another provider, upon express request.
- Deletion of data processed under consent.
- Information about public or private entities with which the Controller shared your data.
- Information about the possibility of not providing consent and its consequences.
- Revocation of consent.
Requests are free and subject to identity validation. To exercise your rights, contact our DPO through the Privacy Portal or by email at contato@kentro.com.br.
Your request may be legally rejected for formal reasons (e.g. inability to verify identity) or legal reasons (e.g. deletion request for data whose retention is a free exercise of a right). In such cases, we will provide reasonable justifications.
7. Applicable law and changes
This document was prepared based on Brazilian Federal Law 13.709/2018 — General Data Protection Law (LGPD). The Controller reserves the right, at its sole discretion, to modify, alter, add or remove parts of this document at any time.
Drafted on: 10/01/2023 · Updated on: 11/09/2023 · Version 1.0
Glossary
- Anonymization
- Process by which data loses the possibility of being associated, directly or indirectly, with an individual, considering reasonable technical means available at the time of processing.
- ANPD
- Brazilian National Data Protection Authority: public body responsible for overseeing, implementing and enforcing the LGPD nationwide.
- Database
- Structured set of personal data, established in one or several locations, electronic or physical.
- Controller
- Natural or legal person, of public or private law, responsible for decisions regarding the processing of personal data.
- Consent
- Free, informed and unambiguous expression by which the data subject agrees with the processing of their personal data for a determined purpose.
- Cookies
- Files sent by the server to the user's computer to identify them and obtain access data, allowing browsing to be personalized.
- Personal data
- Any information related to an identified or identifiable natural person (name, address, email, IP, phone, taxpayer ID, among others).
- Sensitive personal data
- Special category of data concerning racial or ethnic origin, religious belief, political opinion, union membership, religion, health, sex life, genetic or biometric data.
- IP
- Internet Protocol — set of numbers that identifies the user's computer on the internet.
- Processor
- Natural or legal person that processes personal data on behalf of the controller.
- Data subject
- Natural person to whom the personal data refers (customers, employees, partners and third parties).
- Processing
- Any operation performed with personal data: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation, control, modification, communication, transfer, dissemination or extraction.