Cruzeiro do Sul Educacional is committed to acting in an honest and ethical manner when carrying out its activities, and this includes the processing of personal data of students, employees, and other audiences with which it interacts.
This Policy has been prepared in accordance with Federal Law 12,965, of April 23, 2014 (Civil Rights Framework for the Internet), Federal Law 13,709, of August 14, 2018 (General Data Protection Law – LGPD) and the EU Regulation 2016/679, of April 27, 2016 (European General Data Protection Regulation – GDPR).
The application of this Policy covers all activities carried out by Cruzeiro do Sul Educacional that involve online or offline collection of personal data, including accesses and/or use of services, virtual learning platforms, social media (Twitter, Facebook, Instagram, LinkedIn, YouTube, etc.), websites, applications, products and other resources offered by the Company.
- Terms and conditions
Below are definitions and acronyms to facilitate the understanding of this Policy:
- Student: An individual enrolled in any of the institutions of Cruzeiro do Sul Educacional;
- Candidate: An individual who is interested in enrolling in one of the Institutions of Cruzeiro do Sul Educacional;
- Children: An individual with up to 12 (twelve) years of age, in accordance with the Statute of Children and Adolescents (“Estatuto da Criança e do Adolescente – ECA”);
- Adolescent: An individual between 12 (twelve) and 18 (eighteen) years of age, in accordance with the Statute of Children and Adolescents (“Estatuto da Criança e do Adolescente – ECA”);
- Parents/guardians: The individual responsible for the custody of a child or adolescent;
- Owner of personal data: The individual to whom a personal data makes reference and which must be processed;
- Personal data processing: Any operation involving personal data, including collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
- Personal data: Any information that can be used to identify an individual, directly or indirectly, such as: name, RG and CPF numbers, date of birth, photo, telephone number, geographic location, among others;
- Sensitive personal data: personal data about racial or ethnic origin, religion, political opinion, membership to unions or to religious, philosophical or political organizations, and data concerning health or sex life, as well as genetic or biometric data of a natural person.
- Consent by the holder: The free, informed and unequivocal expression by which the holder agrees to the processing of their personal data for a specific purpose;
- Controller: A natural or legal person, under public or private law, responsible for decisions regarding the processing of personal data;
- Operator: A natural or legal person, under public or private law, that carries out the processing of personal data on behalf of the controller;
- Deletion of data: Deletion of data or a set of data that is stored in a data repository, regardless of the procedure used;
- International transfer of data: Transfer of personal data to a foreign country or international organization of which the country is a member;
- Sharing: All communication, dissemination, international transfer, interconnection of personal data or shared processing of personal data banks by public bodies and entities for the fulfillment of their legal duties, or between these entities and private entities, mutually and with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities;
Person in charge of the processing of personal data (DPO – Data Protection Officer): The individual appointed by the controller and operator to act as a communication channel between the controller, the owners of personal data, and the National Data Protection Authority (Autoridade Nacional de Proteção de Dados – ANPD).
- Cookies: Text files that record user activities. The objective is to make navigation easier, faster and more practical by setting automatic settings for selected information. The idea is that you don’t need to type the same information several times. This feature also has an analytical function to record data on the user’s behavior in the browser.
- How and which data are collected
We collect information about you through the various interactions you have with us, or with third parties acting on our behalf, by means of documents, forms, platforms and communication channels, either online or offline.
The data collected may include: name, e-mail, telephone number, mailing address, browsing data, location, payment method and any other data that you choose to provide or that are required to fulfill a certain purpose.
2.1. Visitation/browsing data: If you only access our websites, we will collect your browsing information through cookies and similar technology that recognize your browser or device and inform us how and when our pages and resources are being visited and the number of visitors.
You can restrict, refuse or disable cookies through your browser settings. In doing so, some areas of our website may not work properly and may prevent you from benefiting from some of our resources.
When creating an account on our websites, be aware that you are responsible for maintaining the confidentiality of your account data and password, keeping them under your custody and control, which includes, but is not limited to, restricting access to your computer, mobile phone or device and/or account. If your confidentiality has been compromised, access our Privacy Portal.
2.2. Data for marketing: When accessing our platforms and interacting with our materials and content, we may collect other information that you decide to share with us, such as full name, individual taxpayer’s ID (CPF), date of birth, education, telephone number, e-mail, state, city, educational interests.
Such data are collected through the filling out of registration forms and requests for information and amounts, comments, participation in promotions, searches and others. We may also collect data through physical forms or other formats, such as surveys of interest conducted in public places or private institutions that authorize the publicizing of our services.
The data collected can be cross-analyzed to better understand your profile and to target content, products and services that are of interest to you. However, we ensure that cross-analysis are not carried out for discriminatory purposes and that all individual rights and freedoms are guaranteed.
2.3. Data related to selection processes: To enable enrollment and participation in selection processes conducted by our Institutions (college entrance exams, obtaining scholarships and discounts, research grants, extension and monitoring, among others), we must collect personal data from candidates, such as: Name, identification numbers (CPF and RG), RGM, e-mail and telephone number. Such data are collected through the filling out of registration forms, which may be physical or online, and follow the terms established in the respective notices of each selection process.
2.4. Data for enrollment and provision of educational services: To acquire our products, we will need to collect certain personal data to be included in the contract and to adequately provide services and comply with legislation, such as: identification information (full name, date of birth, gender, identification numbers (CPF and RG), parentage); contact information (e-mail and telephone number), location (country, state, city, residential address), professional information (position and name of the company you work at), educational information (education, name of the course, name of the educational institution), billing information (name, CPF, address, credit card number).
We may also collect sensitive data, such as religion, skin color, medical information, physical or cognitive disabilities, to ensure your access to rights and to adequately provide the services contracted by any of the parties.
When accessing the systems, platforms and learning environments available for our services, such as Student Area and Blackboard, we will collect data such as: name, RGM, and date, time and IP of access, and user content (e.g.: comments, voice and image interactions).
2.5. Data to access services available to the community: If you are interested in using any of the services we provide to the community, such as legal and/or accounting advice, medical and psychological assistance, we will need to collect, directly from the holder of personal data or legal guardian, certain personal data to provide the desired service.
The type of data to be collected will depend on the service that will be used, and may include sensitive personal health data, such as: exams and medical history. This data will only be processed to provide the services we offer and for the purposes of academic practice and development.
2.6. Access monitoring and control systems: If you visit any of our institutions, we may record your image through our internal monitoring system. Personal data may also be collected to provide your access credentials, aimed at maintaining a safe academic and work environment.
2.7. Participation in events organized and supported by Cruzeiro do Sul Educacional: If you participate in any event carried out by the Institutions of Cruzeiro do Sul Educacional, we will collect the necessary data to confirm your registration (name, e-mail, telephone number, geographic location and educational interests).
Data collected in our events will be shared with our Marketing team, aimed at forwarding you content and news on the topics related to the event.
2.8. Through third parties: Some of your personal data may also be collected by sources available to the general public, service providers, government authorities and partners, such as distance-learning centers, curriculum banks, discount and/or scholarship websites and educational programs of the Ministry of Education (PROUNI and FIES).
- Why we process your data
All initiatives related to the collection and use of personal data carried out by the Institutions of Cruzeiro do Sul Educacional are supported by the legal provisions of Law 13,709/2018 (LGPD), mainly regarding the execution of contracts, fulfilling legal/regulatory obligations, the regular exercise of rights, legitimate interest and consent.
Your data will be processed to enable:
3.1. The validation of the services you contracted from us, including the particularities of commercial agreements;
3.2. Enrollment and participation in selection processes;
3.3. Proper registration in the systems and platforms used by us to provide the contracted services;
3.4. The processing of payments;
3.5. The offer of services, promotions and special conditions that may be of your interest and customization of advertising campaigns;
3.6 The continuous improvement of our services through surveys, analysis and innovation activities;
3.7. Proper communication to answer and clarify questions and to provide technical support;
3.8. The sending of relevant information, such as information on academic calendar, internal events, alerts on deadlines or material risks, among others;
3.9 Compliance with legal, court, regulatory or administrative resolutions and official letters from competent authorities;
3.10. The monitoring of activities and trends, as well as to measure the level of interaction and engagement with our services.
3.11. To guarantee the security and physical integrity of properties.
- How we process sensitive data and personal data for minors
Sensitive personal data is processed by Cruzeiro do Sul Educacional with extra care and exclusively for the purposes in which such data are strictly required. In such cases, under provisions of Law 13,709, we adopt more restrictive access measures and apply sufficient security controls to protect data.
We understand the importance of protecting the personal data of minors. Therefore, all data collected for the purpose of providing services shall be directly obtained from their respective legal guardians, who must consent with the use of their personal data and with this Policy.
For adolescents over the age of 16 (sixteen), the data may be provided directly by the owner of the personal data, except for data which must be processed and, therefore, must be authorized by a legal guardian (e.g. signing of a contract). Data on children and adolescents under the age of 16 (sixteen) must be provided directly by their parents/legal guardians.
Therefore, we ask that minors under the age of 16 (sixteen) do not use our platforms without being accompanied by, or having consent from, their parents or legal guardians.
Legal guardians shall also be fully responsible for children and adolescents who access the websites and platforms of Cruzeiro do Sul Educacional without having received previous authorization. They are entirely responsible for monitoring the activities and conduct of minors under their responsibility, as well as for being fully aware of the terms contained in this Policy, in their entirety.
- How you can manage and monitor your data
We are aware and respect the rights of the owners of the personal data that were collected, which can be exercised as follows:
5.1. Consultation of data: You can use our service channels to request a list of your personal data stored in our systems and database;
5.2. Correction of data: You can change your personal data when they are incomplete, incorrect or outdated at any time, using the tools available on our platforms. You can also request these changes be done through our Student Service Center, Academic Secretary or relevant Corporate Areas, when they are related to employees or third parties.
5.3. Disagreement: you can disagree with certain data processing activities or restrict the use of your personal data for certain purposes, as well as request the review of automated decisions.
5.4. Deletion of data: You can request a total or partial deletion of your personal data at any time through the cancellation of your enrollment or other registrations you may have made.
However, even after you request the deletion of your data, the Institutions of Cruzeiro do Sul Educacional may anonymously keep part of your personal data to comply with: (a) judicial, administrative and arbitration proceedings (for the time required), (b) legal and/or regulatory obligations, or (c) the regular exercise of rights, such as to enforce the rights of the Institutions of Cruzeiro do Sul Educacional based on the service contract.
Additionally, we inform you that to execute some of the actions described above, Cruzeiro do Sul Educacional may request the authentication of the owner of the personal data to ensure that no actions will be performed without being duly authorized by the owner of the personal data and/or that no information will be shared with unauthorized individuals.
- With whom we share your data
Your data will be shared under certain situations, but always respecting your privacy and data protection, as well as the principles of the LGPD.
Below is a list of situations in which your data may be shared:
6.1. With the Institutions of Cruzeiro do Sul Educacional, within the limits and purposes described in this Policy;
6.2. Judicial, administrative and government authorities: To comply with legal and regulatory resolutions or obligations, inspections and assessments, granting of scholarships, student financing, among others. To defend the Company’s rights in court or administrative proceedings;
6.3. Partner Centers: For enrollments and provision of educational services that have been contracted;
6.4. Financial institutions, payment providers, payment integrators and credit card companies: For the processing of payments related to educational and administrative services acquired;
6.5. Service providers that process personal data on behalf of Cruzeiro do Sul Educacional to carry out specific activities related to collecting and negotiating pending financial matters, marketing and communication actions, cloud storage services, and external auditing.
Cruzeiro do Sul Educacional only uses services and technologies from reliable third parties that follow appropriate security standards and are subject to confidentiality.
Under no circumstances will Cruzeiro do Sul Educacional license, sell or transfer personal data to any third party aiming to obtain a financial advantage or in a way that is contrary to this Policy or to the LGPD.
In certain situations, data may be shared with third parties located outside Brazil, such as cloud storage service providers or partners with international operations. However, we emphasize that, regardless of the place of processing/storage, we will adopt the appropriate technical measures to ensure security, confidentiality and privacy to your data, in addition to maintaining specific contractual clauses to ensure this data is processed under the rules of the LGPD or similar legislation.
- Data storage period
Your personal data will be kept by Cruzeiro do Sul Educacional for the time necessary to comply with the purposes for which they were collected, always respecting the data retention period foreseen in applicable legislation.
We also emphasize that the request to delete or make personal data anonymous will only be carried out for data whose storage has not been determined by law or by a regulatory authority, the execution of a contract, or any other situation that justifies the storage of data.
- Security measures adopted
In order to preserve your privacy and protect your personal data, Cruzeiro do Sul Educacional adopts good information security practices and implements ongoing improvements that enable the protection of collected data. We also have teams prepared to detect and act in the event of incidents that compromise the security of your data.
In spite of the care and efforts mentioned above, we cannot ensure that our services and systems are unbreachable. For this reason, we also rely on you to properly protect your passwords and limit third-party access to your devices, accounts and personal data. Cruzeiro do Sul Educacional shall not be responsible for the illegal and unauthorized use of your personal data, resulting from the misuse of your access credentials.
- Policy Updates
We are always seeking to improve our services and policies and, for this reason, this Policy may be updated as necessary. Therefore, before accessing any of our platforms or using our services, please read our Policy on the websites of our Institutions, which will provide the date in which it was last updated.
Last updated 08/26/2022