Privacy Policy

Cruzeiro do Sul Educacional is committed to being honest and ethical in all of its activities, including regarding the collection and processing of personal data of students, employees and other stakeholders.

Your privacy is very important to us and, because of that, we seek to adopt all necessary measures to preserve it. In order to ensure safe and responsible processing of your personal data, we prepared this Privacy Policy (“Policy”), through which we clarify how and which data are collected, used, shared and stored by the Institutions of the Cruzeiro do Sul Educacional Group.
This Policy has been prepared in accordance with Federal Law 12,965, of April 23, 2014 (Civil Rights Framework for the Internet), Federal Law 13,709, of August 14, 2018 (General Data Protection Regulation) and EU Regulation 2016/679 of April 27, 2016 (European General Data Protection Regulation – GDPR).

The application of this Policy covers all activities carried out by the Group’s Institutions that relate to online or offline collection of personal data, including accesses and/or use of services, virtual learning platforms, social media (Twitter, Facebook, Instagram, LinkedIn, YouTube, etc.), websites (Orienta, Conte sua História, Passos da Rematrícula, among others), applications, products and other resources offered by the Group.

From the moment you access one of our platforms, agree to subscribe to any of our services or provide your information with a view to maintain any relation (commercial, academic or employment) with one of your Institutions, participate in campaigns, events, surveys, among others, you will be accepting our Policy.

Note that if you do not agree to provide us with your personal data necessary to perform the above-mentioned activities or compliance with the provision of this Policy, you will be required to interrupt access and/or continue with your registration. However, in some cases we will not be able to provide services or performed the desired activity if you do not register or provide us with your data.

  1. How and which data are collected:

    We collect information about you through the various interactions carried out with us or with Third Parties acting on our behalf, by means of documents, forms, platforms and communication channels, either online or offline. The data collected may include: name, email, telephone number, mailing address, browsing data, location, payment method and any other data provided by you.
    1. Visitation/browsing data:

      If you only access our websites, we will collect your browsing data through cookies and similar technology that recognize your browser or device and tell us how and when our pages and resources are visited and the number of visitors.

      Cruzeiro do Sul Educacional Institutions use cookies and similar technologies to authenticate users; remember preferences and user configurations; define content popularity; disclose and measure the effectiveness of marketing campaigns; and analyze trends and interests of people interacting with our services and platforms.

      Most browsers are configured to automatically accept cookies. However, you can restrict, refuse or disable them through your browser settings. In doing so, some areas of our website may not work properly and may prevent you from benefiting from some of our resources.

      Any information stored in cookies that allow identifying a user is considered personal data. Accordingly, all the rules provided for in this Privacy Policy will also apply to such information.
      Below are some links to the help and support pages of the most used browsers that may be accessed by users interested in learning how to manage cookies in their browser:

    2. Leads:
      When accessing our platforms and interacting with our materials and content, we may collect other information that you decide to share with us, such as full name, individual taxpayer’s ID (CPF), date of birth, education, telephone number, email, state, city, educational interests. Such data are collected through the filling out of registration forms, through comments, clarification of doubts, participation in promotions, searches and others. We may also collect data through forms filled out in person or other formats, resulting from survey of interest conducted in public places or private institutions that authorize the publicizing of our services.
      In order to offer content and information of your interest, we sometimes cross-check data collected from you. However, we make sure that such data cross-checking is not carried out for discriminatory purposes and that all individual rights and freedoms are guaranteed.
    3. Enrollment and/or employment contract:
      If you acquire any of our services, we will collect personal data necessary to perform the contract and properly provide services and comply with the law, such as: identification information (full name, date of birth, gender, CPF, identification document (RG), affiliation); contact information (email and telephone number), location (country, state, city, residential address), professional information (position and name of the company you work at), educational information (education, name of the course, name of the educational institution), billing information (name, CPF, address, credit card).
      We may also collect sensitive data, such as religion, color, medical information, physical or cognitive disabilities, when provided directly by you, in order to ensure your access to rights and proper rendering of services contracted, by any of the parties.
      When accessing the systems available to our services, such as Student Area and Blackboard, we will collect data such as name, RGM, and date, time and IP of access.
      In case of employment relationship, we will collect the data necessary for registration of the Employee in our internal systems, government systems and for labor and social security matters, which will be directly provided by the Employee during the selection process and/or upon hiring, and updated over the employment relationship.
    4. Access to Services available to the community:
      In order to properly render the services offered to the community, we will directly collect a number of personal data necessary for the rendering of the service chosen, such as legal and/or accounting advice, medical and psychological assistance, among others. Data collected will depend on the service contracted and may include: identification information (full name, date of birth, gender, CPF, RG, affiliation); contact information (email and telephone number), location (country, state, city, residential address), professional information (position and name of the company you work at), educational information (education, name of the course, name of the educational institution), medical information (exams and medical record), among others.
    5. Participation in events of the Group’s Institutions:
      If you participate in any event carried out by Cruzeiro do Sul Educacional Institutions, the data necessary to confirm your registration (name, email, telephone number, location and educational interests) will be collected.
      Data collected in our events will be shared with our Marketing team, who will send you content and news related to the event.
    6. Through Third Parties:
      Some of your personal data may also be collected by sources available to the public, service providers, government authorities and partners, such as distance-learning centers, curriculum banks, discount and/or scholarship websites and educational programs of the Ministry of Education (PROUNI and FIES).
  2. Why do we collect and use your data:

    All initiatives related to the collection and use of personal data carried out by the Group’s Institutions are supported by the legal bases provided for in Law 13,709/2018 (LGPD), mainly regarding the performance of contracts, meeting with legal/regulatory obligation, regular exercise of rights, legitimate interest and consent.

    Your data will be collected to enable:

    1. The validation of the contracting of our services, including the particularities of commercial agreements;
    2. Proper registration in the systems and platforms used for the rendering of the contracted services;
    3. The processing of payments;
    4. The offer of services, promotions and special conditions that may be of your interest and customization of advertising campaigns;
    5. The continuous improvement of our services through surveys, analysis and innovation activities;
    6. Proper communication regarding the clarification of doubts, technical support;
    7. The sending of material information, such as information on the academic calendar, internal events, alerts on deadlines or significant risks, among others;
    8. Compliance with legal, court, regulatory or administrative resolutions and official letters from competent authorities;
    9. Monitor activities and trends, as well as measure the level of interaction and engagement with our services.
  3. How we process minor’s data:

    We understand the importance of protecting minor’s personal data. Therefore, all data collected for service rendering purposes will be directly obtained from the respective legal representatives, who must consent with the use of the personal data provided, and agree with this Policy.

    Legal representatives will also be fully responsible for children and adolescents who access the websites and and platforms of the Group’s Institutions without duly and prior authorization. They are entirely responsible for monitoring the activities and the conduct of the minors under their responsibility, as well as for being aware of the entirety of the terms of this Policy.

  4. How you can manage and monitor your data:

    We are aware of and respect all the rights of the owners of the personal data collected, which can be exercised as follows:

    1. Consultation of data: You can use our service channels to request a list of your personal data stored in our systems and database;
    2. Correction of data: You can change your personal data when they are incomplete, incorrect or outdated at any time, using the tools available on your platforms. You can also request such adjustment from the Student Service Center, Academic Secretary or relevant Corporate Areas, in case of employees or Third Parties.
    3. Disagreement: you can disagree with certain data processing operations or restrict the use of your data for certain purposes, and also request a review on automated decisions.
    4. Exclusion of data: You can request total or partial exclusion of your personal data at any time through the cancellation of your enrollment or other registrations you have made. However, even after you request the exclusion of your data, the Group’s Institutions may anonymously keep part of your personal data to comply with: (a) judicial, administrative and arbitration proceedings (as long as necessary), (b) legal and/or regulatory obligations or (c) regular exercise of rights, such as enforce the rights of Cruzeiro do Sul Educacional Institutions based on the service contract.
  5. Which Group Institutions control your data:

    The Institutions that compose Cruzeiro do Sul Educacional share infrastructure, systems and technology in order to offer integrated and efficient services aligned with your academic interests.

    The personal data collected are controlled by all Group Institutions, as follows:

    • Braz Cubas (SOCIEDADE EDUCACIONAL BRAZ CUBAS LTDA. – 52.556.412/0001-06)
    • Colégio Alto Padrão (ACEF S.A. – 46.722.831/0006-82)
    • Colégio Objetivo Itu (SOCIEDADE DE EDUCAÇÃO NOSSA SENHORA DO PATROCÍNIO LTDA. – 45.466.752/0006-95)
    • Colégio Objetivo Salto (SOCIEDADE DE EDUCAÇÃO NOSSA SENHORA DO PATROCÍNIO LTDA. – 45.466.752/0002-61)
    • Colégio Cruzeiro do Sul (CRUZEIRO DO SUL EDUCACIONAL S.A. – 62.984.091/0008-70)
    • Colégio Objetivo São Sebastião (COLÉGIO SÃO SEBASTIÃO – EDUCAÇÃO INFANTIL E ENSINO FUNDAMENTAL LTDA. – 04.778.582/0001-92)
    • Cruzeiro do Sul Virtual (CRUZEIRO DO SUL EDUCACIONAL S.A. – 62.984.091/0001-02)
    • FSG (SOCIEDADE EDUCACIONAL SANTA RITA S.A. – 91.109.660/0001-60)
    • Centro Universitário Módulo (SOCIEDADE EMPRESÁRIA DE ENSINO SUPERIOR DO LITORAL NORTE LTDA. – 50.005.735/0001-86)
    • Centro Universitário do Distrito Federal “UDF” (CENTRO DE ENSINO UNIFICADO DO DISTRITO FEDERAL LTDA. – 00.078.220/0001-38)
    • UNIFRAN (ACEF S.A. – 46.722.831/0001-78)
    • UNIPÊ (IPÊ EDUCACIONAL LTDA. – 08.679.557/0001-02)
    • Universidade Cruzeiro do Sul (CRUZEIRO DO SUL EDUCACIONAL S.A. – 62.984.091/0001-02)
    • Universidade Positivo (CENTRO DE ESTUDOS SUPERIORES POSITIVO LTDA. – 78.791.712/0001-63)
    • Faculdade Positivo (CESA – COMPLEXO DE ENSINO SUPERIOR ARTHUR THOMAS LTDA. – 04.961.394/0001-03)

    The list above may be updated.

  6. With whom we share your data:

    1. Government Bodies and Authorities: For compliance with legal and regulatory resolutions or obligations, inspections and evaluations, granting of scholarships and student financing, among others. Or for defense of the Group’s rights in court or administrative proceedings;
    2. Partner Centers: For enrollments and provision of educational services contracted;
    3. Financial institutions, payment providers, payment integrators and credit card companies: For the processing of payments related to educational and administrative services acquired;
    4. Service providers that process personal data on behalf of Cruzeiro do Sul Educacional, in order to carry out specific duties related to their activities, such as, but not limited to:
      • Collection and negotiation of existing outstanding financial obligations;
      • Marketing and communication actions (advertising, marketing email, telemarketing and measurement of the scope of our services and communication activities);
      • Cloud services for our platform and systems and hosting of services and content;
      • External audit for identification and prevention of weaknesses related to illegal, fraudulent or suspicious activities.

    Cruzeiro do Sul Educacional only uses services and technologies from reliable Third Parties that follow appropriate security standards and are subject to confidentiality.

    Under no circumstances Cruzeiro do Sul Educacional licenses, sells or transfers personal data to any third party with the aim of obtaining profit or in a way contrary to this Policy.

  7. Where your data is stored, processed and transferred to

    To store personal data, Cruzeiro do Sul Educacional uses reliable data center and cloud services provided by suppliers in Brazil or abroad.

    By accepting this Policy you agree that your personal data may be transferred, stored and processed in Brazil or abroad by the Group’s Institutions or by Third Parties previously mentioned in this Policy. However, we emphasize that, regardless of the place of processing/storage, we will adopt the appropriate technical measures to ensure security, confidentiality and privacy to your data.

  8. Data storage period

    Your personal data will be kept by the Group’s Institutions for the time necessary to comply with the purposes for which they were collected, always respecting the data retention period foreseen in the legislation in effect.

    We also emphasize that the request to delete or make personal data anonymous will only be carried out for data whose storage is not determined by law or regulatory authority.

  9. Security measures adopted

    In order to preserve your privacy and protect your personal data, Cruzeiro do Sul Educacional adopts good information security practices and implements continuous improvements that enable the protection of the data collected.

    In spite of the care and efforts mentioned above, we cannot ensure that our services and systems are unbreachable. For this reason we also count on you to properly protect your passwords and limit Third-Party access to your devices, accounts and personal data. We also have teams prepared to detect and act in cases of incidents that compromise the security of your data.

  10. Policy Updates

    We are always seeking to improve our services and policies and, for this reason, this Policy may undergo updates. Therefore, before accessing any of our platforms or using our services, check our Policy on the websites of our Institutions, which will provide the date it was last changed.

    Access to our services and channels after disclosure of such changes assumes that you agree with the new version of the Policy.

  11. Our contact information

    Should you have any question about our Privacy Policy or the processing of your personal data, or if you become aware of or suspects that your data has been misused, contact us preferably through the Privacy Portal ( or directly with our DPO(
  12. We respect and protect your privacy!

    Last updated in December 2020