Privacy Policy

Privacy Policy

The purpose of this Policy is to demonstrate the commitment of the Associação Escola Superior de Propaganda e Marketing, enrolled in the CNPJ under no. 61.825.675/0001-64, located at Rua Dr. Alvaro Alvim, 123 - Vila Mariana - SP, and its affiliates ("We"), with your privacy and the protection of your Data, in addition to establishing the rules about the Treatment of your Personal Data, within the scope of services and functionalities of the electronic address https://www.espm.br and its subdomains ("Our Environments"), in accordance with the laws in force, with transparency and clarity with You and the market in general.

As a condition of access and use of the exclusive functionalities on Our Environments, You represent that You have read this Policy completely and carefully, being fully aware, thus conferring Your free and express agreement with the terms set forth herein, including the collection of the Data mentioned herein, as well as its use for the purposes specified below. If You do not agree with the provisions of this Policy, You must discontinue Your access or use of Our Environments.

ABOUT DATA WE COLLECT

How We Collect Data.

Data, including Personal Data, may be collected when You submit it or when You interact with Our Environments and services, which includes:

What do we collect?

Registration Data

  • Full Name
  • CPF/CNH
  • RG
  • E-mail
  • Date of birth
  • Genre
  • Contact phones
  • Address and proof of residence
  • Marital Status
  • Nationality
  • Place of birth
  • Current company, address, position and salary range
  1. To identify and authenticate You on our platforms for the provision of educational services in an electronic environment.
  2. Fulfill the obligations arising from the use of our services.
  3. To guarantee the portability of the Registration Data to another Controller of the same branch of our business, if requested by You, complying with the obligation of article 18 of the General Law of Protection of Personal Data.
  4. To expand our relationship, to inform You about news, features, content, news and other events that we consider relevant to You.
  5. Enrich your experience with us by promoting our products and services.
  6. Protect You by performing fraud prevention, credit protection and associated risks, and compliance with legal and regulatory obligations.
  7. For the purpose of recording in our historical and cultural archive the realization of the educational activities.
  8. School transcripts and academic records.
  9. To fulfill public policies related to improving education.

Digital identification data

  • Source IP Address and Logical Port
  • Device (operating system version)
  • Geolocation
  • Records the date and time of every action You perform
  • What screens did you access
  • Session ID
  • Cookies
  1. Identify and authenticate You.
  2. Comply with legal obligations of record keeping established by the Marco Civil da Internet - Law 12,965/2014.
  3. Protect You by performing fraud prevention, credit protection and associated risks, and compliance with legal and regulatory obligations.

Data from questionnaires

  • Survey responses and optional electronic surveys
  1. Improve our relationship by elaborating statistical analyses and studies.

Payment Data

  • Credit card number and security code
  1. Fulfill the obligations arising from the Services and the contracts signed by You, including for the processing of financial transactions;

Biometric data

  • Facial Biometrics
  1. Identify and authenticate You.
  2. Protect You by performing fraud prevention, credit protection and associated risks, and compliance with legal and regulatory obligations.

Required data.

Many of our services depend directly on some of the Data informed in the table above, mainly Registration Data. If you choose not to provide some of this Information, we may be unable to provide all or part of our services to You.

Data Update and Veracity.

You are solely responsible for the accuracy, truthfulness or lack thereof with respect to the Data you provide or for its outdatedness. Be aware that it is your responsibility to ensure the accuracy or to keep it up to date.

Similarly, We are not obliged to process or handle any of your Data if there is reason to believe that such processing or handling would bring us into violation of any applicable law, or if you are using Our Environments for any illegal, unlawful or unethical purpose.

Database.

The database formed through the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, will be done within the limits and business purposes described in this Policy.

Technologies employed.

  • We use the following technology(s):
  • Cookies, and it is up to You to configure your Internet browser if You wish to block them. In this case, some of the functionality we offer may be limited.
  • Google Adwords and TailTarget, for logging events during your browsing and delivering customized ads to You.
  • Google Analytics, for logging non-identifiable browsing data for analysis.

All technologies used will always respect the current legislation and the terms of this Policy.

How we share data and information

Data sharing hypotheses.

The Data collected and the activities recorded can be shared:

  • With commercial partners that may eventually offer services through the functionalities in Our Environments, in compliance with item 5.2 of this Policy;
  • With companies hired to provide services inherent to the educational activities, always requiring from such organizations the compliance with the security and data protection guidelines, as per item 6 of this Policy;
  • With competent judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or judicial order; and
  • Automatically, in case of corporate movements, such as merger, acquisition, and incorporation.

Data Anonymization.

For the purposes of market intelligence research, disclosure of data to the press, and advertising, the data provided by You will be shared on an anonymous basis, that is, in a way that does not make it possible to identify You.

How we protect your data and how you can protect it too

Password Sharing.

You are also responsible for the confidentiality of your Personal Data and should always be aware that sharing passwords and access data violates this Policy and can compromise the security of your Data and Our Environments.

Care You Should Take.

It is very important that You protect your Data from unauthorized access to your computer, account, or password, and be sure to always click "log out" when you are finished browsing on a shared computer. It is also very important that You know that we will never send electronic messages requesting confirmation of data or with executable attachments (extensions: .exe, .com, among others) or links for eventual downloads.

Information Security.

All payment transactions, credit card or not, are executed with SSL(secure socket layer) technology, ensuring that all your Data is not illicitly disclosed. In addition, this technology is intended to prevent information from being transmitted or accessed by third parties.

Access to Personal Data, proportionality and relevance.

Internally, the Personal Data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to our business objectives, as well as the commitment to confidentiality and preservation of your privacy under the terms of this Policy.

External links.

When You use Our Environments, You may be led via links to other portals or platforms that may collect your information and have their own Data Treatment Policy.

It is up to you to read the Privacy and Data Treatment Policies of such websites or platforms outside our environment and it is your responsibility to accept or reject them. We are not responsible for the Privacy and Data Treatment Policies of third parties nor for the content of any websites, content or services linked to environments other than our own.

Partner Services.

We have business partners who, from time to time, may offer services through functionalities or websites that can be accessed from Our Environments. The Data that You provide to these partners will be the responsibility of those partners and is subject to their own data collection and use practices.

Processing by third parties under our directive.

If third parties process on our behalf any Personal Data that we collect, they will comply with the conditions set forth herein and with the information security standards, as required.

E-mail communication.

To optimize and improve our communication, when we send an e-mail to You we can receive a notification when they are opened, provided that this possibility is available. It is important that you stay tuned, because the e-mails are sent only by the domains: @espm.br, @acad.espm.br and @espm.edu.br.

How we store your personal data and activity log

Collected Personal Data and activity logs are stored in a secure and controlled environment for a minimum period of time that follows the table below:

Storage period

Registration Data

5 years after the end of the relationship

Articles 12 and 34 of the Consumer Defense Code

Digital identification data

6 months

Art. 15, Marco Civil da Internet

Other data

For the duration of the relationship and without a request for erasure or revocation of consent

Art. 9, Paragraph II of the General Law of Personal Data Protection

Longer storage times.

For audit, security, fraud control, credit protection, and rights preservation purposes, we may retain your Data record for a longer period of time where required by law or regulation, or to preserve your rights.

What your rights are and how to exercise them

Your Basic Rights.

You may request our Personal Data Officer to confirm the existence of Personal Data processing, and to display or rectify your Personal Data, through our Customer Service Channel.

Limitation, opposition and deletion of data.

Through the Customer Service Channel, you can also request:

  • The limitation of the use of your Personal Data;
  • express your opposition and/or revoke consent to the use of your Personal Data; or
  • Request the deletion of your Personal Data that has been collected by Us.

If You withdraw Your consent for purposes essential to the regular operation of Our Environments and services, such environments and services may become unavailable to You.

Should You request the deletion of Your Personal Data, it may occur that the Data needs to be kept for a period longer than the request for deletion, pursuant to article 16 of the General Personal Data Protection Law, for (i) compliance with a legal or regulatory obligation, (ii) study by a research body, and (iii) transfer to a third party (subject to the data processing requirements set out in the same Law). In all cases by anonymizing Personal Data, provided that this is possible.

Upon expiration of the maintenance period and legal necessity, Personal Data will be deleted using secure disposal methods, or used in an anonymized form for statistical purposes.

Information about this policy

Change in content and update.

You acknowledge that We have the right to change the contents of this Policy at any time as necessary or appropriate, such as to conform to a provision of law or regulation having equivalent legal force, and You should check it each time You access Our Environments or use Our services.

If there are updates to this document that require new consent collection, You will be notified through the contact channels that You inform.

Should any part of this Policy be held to be unenforceable by a Data Authority or court, the remaining terms will remain in full force and effect.

Electronic Communication.

You acknowledge that all communication made by e-mail (to the addresses informed in your registration), SMS, instant communication applications or any other digital form, are also valid, effective and sufficient for the disclosure of any matter relating to the services we provide, your Data, as well as the conditions of its provision or any other subject addressed therein, being exception only what this Policy provides as such.

Service Channel.

If you have any questions regarding the provisions contained in this Privacy and Data Treatment Policy, you may contact [email protected].

A ESPM opta pela contratação de serviço gerenciado de Encarregado de Dados (DPO as a Service), contratado através do escritório Peck Advogados situado na Rua Henrique Schaumann, 270, CEP 05413-909, São Paulo, SP.

Applicable law and jurisdiction.

This Policy will be interpreted according to the Brazilian legislation, in the Portuguese language, and the jurisdiction of your domicile will be elected to settle any controversy involving this document, unless specific personal, territorial or functional competence is reserved by the applicable legislation.

Você, caso não possua domicílio no Brasil, e em razão dos serviços oferecidos por Nós apenas em território nacional, se submete à legislação brasileira, concordando, portanto, que em havendo litígio a ser solucionado, a ação deverá ser proposta no Foro da Comarca de São Paulo.

Glossary

For the purposes of this Policy, the following definitions and descriptions should be considered for better understanding:

Data:

Any information entered, processed or transmitted through Our Environments.

Personal Data:

Data related to an identified or identifiable natural person.

Anonymization:

Use of reasonable and available technical means at the time of Processing, whereby a data loses the possibility of association, directly or indirectly, with an individual.

Sensitive Personal Data:

personal data concerning racial or ethnic origin, religious conviction, political opinion, membership of a trade union or of a religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data when linked to a natural person.

Data Protection Officer (DPO):

Person appointed by Us to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD).

Cloud Computing:

Cloud computing is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the aim of reducing costs and increasing the availability of sustained services.

Our Environments:

It designates the electronic address https://www.espm.br/ and its subdomains.

Access Account:

Credential required to use or access the exclusive features of Our Environments.

Cookies:

Small files sent by Our Environments, saved on your devices, that store your preferences and little other information, with the purpose of personalizing your navigation according to your profile.

IP:

Abbreviation for Internet Protocol. It is an alphanumeric set that identifies the USERS ' devices on the Internet;

Logs:

Activity logs of any users who use Our Environments.

Session ID:

User session identification when accessing Our Environments.

Automated decisions only:

These are decisions affecting a user that have been programmed to work automatically, without the need for a human operation, based on automated processing of personal data.

Treatment:

Any operation carried out with Personal Data, such as those related to collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of the information, modification, communication, transfer, dissemination or extraction.