Latest update: December 08, 2021.
1. TERMS AND DEFINITIONS
Personal data: information related to an identified or identifiable natural person.
Sensitive personal data: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical, or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.
Holder: natural person to whom the personal data that are the object of processing refer.
Users (or user, when individually considered): all natural persons who use the services, whether data subjects or not.
Third-party: person or entity that does not directly participate in a contract, legal act, or business, or that, in addition to the parties involved, may have an interest in a legal process.
Controller: natural or legal person, by public or private law, responsible for decisions regarding the processing of personal data.
Operator: natural or legal person, by public or private law, who processes personal data on behalf of the controller.
Person in charge: a person appointed by the controller and operator to act as a communication channel between the controller, the data subjects, and the National Data Protection Authority.
Processing agents: the controller and the operator.
National Data Protection Authority: public administration body responsible for ensuring, implementing, and monitoring compliance with this Law throughout the national territory.
Processing: any operation carried out with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, information assessment or control, modification, communication, transfer, dissemination or extraction.
Data shared use: communication, dissemination, international transfer, personal data interconnection or personal database shared process by public bodies and entities in the fulfillment of their legal powers, or between these and private entities, reciprocally, with speciﬁc authorization, to one or more treatment modalities allowed by these public entities, or private entities.
Database: a structured set of personal data, established in one or several locations, in electronic or physical support.
Cookies: files stored on users' computers or mobile devices when accessing a web page that cache and retrieve information related to their browsing.
Confidentiality: guarantee that information is accessible only by authorized persons.
Integrity: guarantee of the accuracy and completeness of the information and the methods of its processing.
Data security: a set of practices and methods aimed at preserving the confidentiality, integrity, and availability of information. Anonymization: use of reasonable technical means available at the time of processing, through which data loses the possibility of association, directly or indirectly, with an individual.
Anonymized data: data relating to a subject that cannot be identified, considering the use of reasonable technical means available at the time of its treatment.
Personal data violation: breach of security that causes, accidentally or illicitly, the destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, preserved or subject to any other type of processing.
2. WHO IS THIS POLICY FOR?
3. WHAT PERSONAL DATA WE COLLECT ABOUT YOU AND THE PURPOSE OF INFORMATION USE
JOBCONVO collects data that we consider essential for the functioning of our various services and to improve the user experience. In addition, when processing your data JOBCONVO respects all the principles established in LGPD (Brazilian equivalent to GDPR), especially the principle of necessity, which establishes that data processing must be limited to the minimum necessary to carry out its purposes, in a proportionate manner.
3.1 PERSONAL DATA WHEN REQUESTING A DEMO
In general, your data is collected when you request a demo on any of our systems or forms: Full name, Social Security Number or similar, name, registration number and branch of the company you represent, address, e-mail, telephone numbers, position, level of the position, and area of activity of the position.
3.2 PERSONAL DATA OF CANDIDATES' REGISTRATION
In the case of a candidate for a vacancy, we collect in our systems or forms (Job Board, App Pesquisa Vagas, App Vagas Tech): Full name, social status, gender, Social Security number or similar, academic background, residential address, academic background, e-mail, telephone numbers, disability. In addition, throughout the recruitment and selection processes, candidates must provide their resume, as well as participate in virtual interviews, in which their image and voice may be collected and recorded for later use by the Company.
Access log: IP address with date and time mandatory collection according to Law 12.965/2014 3.3
4. THE PURPOSE OF PERSONAL DATA USE
Personal Data is processed by the following legal bases (the “Legal Basis”):
We use consent to legitimize the processing of Personal Data in processes that the data subject can choose to carry out or not - for example, for demonstration and application for job vacancies. In the case of collecting health data (disability), dealing with sensitive personal data provided for in art. 5, II, JOBCONVO carries out the treatment exclusively for the purpose of seeking job vacancies with an inclusive purpose, respecting all the principles of art. 6 of the current legislation.
4.2 CONTRACT EXECUTION
We use the legal basis of contract execution for the processes related to the provision of services (recruitment and selection).
4.3 LEGITIMATE INTEREST
We use legitimate interest to support services that are of interest to our customers, as well as for JOBCONVO promotion activities.
4.4 REGULAR EXECUTION OF RIGHTS
We use the regular execution of rights in judicial, administrative, or arbitration legal actions – for example, in judicial or administrative defenses in legal actions to which we are a party.
5. YOUR RIGHTS AS A PERSONAL DATA HOLDER
Below are all the rights you have regarding data protection and the Brazilian General Data Protection Law - LGPD:
5.1. ACCESS RIGHT
This right allows you to request and access a copy of your personal data used by JOBCONVO.
5.2. RECTIFICATION RIGHT
This right allows you to request the correction and/or rectification of your personal information if needed.
5.3. EXCLUSION RIGHT
This right allows you to ask us to delete your personal data. All data collected will be deleted as requested or when they are no longer necessary or relevant for us to offer you our services unless there is any other reason for their maintenance, such as a possible legal obligation to retain data or the need to preserve them to protect application rights.
5.4. RIGHT TO OBJECT TO PROCESSING
You also have the right to object where and in what context we are processing your personal data for different purposes.
5.5. RIGHT TO REQUEST ANONYMIZATION, BLOCKING, OR DELETION
This right allows you to ask us to suspend the processing of your personal data in the following scenarios:
(a) if you want us to establish the accuracy of the data;
(b) when you need the data to be kept even if we no longer need it, as necessary, to establish, exercise, or defend legal claims;
(c) if you have objected to the use of your data, but in this case, we need to verify that we have legitimate reasons to use it.
5.6. PORTABILITY RIGHT
We will provide you, or a third party you choose, with your personal data in a structured and interoperable format where it can be shared without prejudice to the application's business rights.
5.7. RIGHT TO WITHDRAW CONSENT
5.8. RIGHT TO REVIEW AUTOMATED DECISIONS
You also have the right to request the review of decisions made solely based on automated processing of your personal data that affect your interests, including decisions aimed at defining personal, professional, consumer, and credit profiles and/or aspects of your personality. To validate the rights of personal data holders, it will be necessary to request specific information from you to help us confirm your identity and guarantee your right and security of personal data. In these cases, we request direct contact with the data controller, via the following email: [email protected]. JOBCONVO will respond to all legitimate requests within 15 (fifteen) business days according to the deadlines indicated by the Brazilian General Data Protection Law - LGPD.
6. HOW WE SHARE DATA
I – Legal determination, request, requisition, or court order, with competent judicial, administrative, or governmental authorities.
II – In case of corporate transactions, such as merger, acquisition, and incorporation, automatically;
III – Protection of JOBCONVO's rights in any type of conflict, including those of judicial nature.
7. INTERNATIONAL DATA SHARING
8. INFORMATION STORAGE AND DISPOSAL
JOBCONVO's personal data will be kept for 24 months (twenty-four months) for as long as JOBCONVO's contractual relationship with the data subject or with the customer lasts, and may be renewed with the express consent of the data subjects for equal and consecutive periods. Once the purpose of processing Personal Data has been fulfilled, the information will be discarded or anonymized, following company policies related to the secure disposal of data. JOBCONVO is committed to applying good security practices in line with the required technical and regulatory standards. Thus, we seek to protect your data from possible vulnerabilities. However, no system is completely tamper-proof. Therefore, we strive to implement policies and measures to preserve your data against unauthorized access, use, alteration, disclosure, or destruction, which include physical and logical protection of assets, periodic backups, encrypted communications, event records, traceability and safeguarding logs, managing accesses, liability clauses in contracts signed with companies that act as data operators, and network security solutions, such as firewalls and load balancers. JOBCONVO disclaims liability for the sole fault of a third party, as in the case of external attacks, or for the sole fault of the user, as in the case where their transfers their data to a third party. JOBCONVO also undertakes to notify the user within a proper timeframe in the event of any breach of security of their personal data that may pose a high risk to their rights and freedom.
10. CONTACT CHANNEL
JOBCONVO, in compliance with article 41 of the General Data Protection Law, indicates Ronaldo Bahia, as the person in charge of data processing, and contact is possible through the following email: [email protected].
11. APPLICABLE LAW