Privacy Policy

Home
/
Privacy Policy

Index

Cruzeiro do Sul Educacional (“CSED”), believe in building relationships based on trust. Therefore, we are committed to acting with integrity and ethics in all our activities. This commitment includes the conscious and responsible use of personal data of our students, employees, and other audiences with whom we interact.

We place great importance on your privacy, and therefore we adopt all necessary measures to preserve it. To ensure the safe and responsible handling of your personal data, we have developed this Privacy Policy (“Policy”), through which we clarify how and which data is processed by the institutions of Cruzeiro do Sul Educacional and what measures we take to protect them and ensure your privacy.

This Policy applies to all activities carried out by Cruzeiro do Sul Educacional that involve the online or offline processing of personal data, including access and/or use of services, virtual learning platforms, social networks (Twitter, Facebook, Instagram, LinkedIn, YouTube, etc.), websites, applications, products, and other resources offered by the Company.

If you have any questions or concerns about this Privacy Policy or about processing operations involving your personal data, or if you become aware of or suspect that your data has been misused, you can contact us through our Privacy Channel (www.contatoseguro.com.br/privacidadecruzeiroeducacional) or via email: dpo@cruzeirodosul.edu.br

1.Terms and conditions

Below, we list some definitions and acronyms to facilitate understanding of this Policy:

Adolescent: Any individual between 12 (twelve) and 18 (eighteen) years of age, according to the Child and Adolescent Statute (“ECA”).
Student: An individual enrolled in any of the institutions of Cruzeiro do Sul Educacional.
Applicant: An individual who is interested in enrolling in any of the institutions of Cruzeiro do Sul Educacional.
Sharing: Any communication, dissemination, international transfer, interconnection of personal data, or shared processing of personal data databases by public agencies and entities in the fulfillment of their legal competencies, or between these and private entities, reciprocally, with specific authorization, for one or more processing modalities permitted by these public entities, or between private entities.
Data Subject’s Consent: The free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a determined purpose.
Controller: A natural or legal person, of public or private law, responsible for decisions regarding the processing of personal data.
Cookies: Text files that record user activities. The purpose is to make navigation easier, faster, and more practical by automatically configuring some information. The idea is that you don’t have to enter the same information multiple times. Additionally, they have an analytical function of saving data about user behavior in the browser.
Child: Any individual up to 12 (twelve) years of age, according to the Child and Adolescent Statute (“ECA”).
Personal Data: Any information that can identify a person, directly or indirectly, such as name, ID number, CPF, date of birth, photo, phone, geolocation, among others.
Sensitive Personal Data: Personal data about racial or ethnic origin, religious belief, political opinion, union membership, or affiliation with a religious, philosophical, or political organization, data related to health or sexual life, genetic or biometric data, when linked to a natural person.
Data Elimination: Deletion of data or a set of data stored in a data repository, regardless of the procedure used.
Data Protection Officer (DPO): A person appointed by the controller and operator to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).
Parents/Guardians: A person responsible for the custody of a child or adolescent.
Operator: A natural or legal person, of public or private law, that processes personal data on behalf of the controller.
Third Parties: Individuals or legal entities that provide services or act on behalf of Cruzeiro do Sul Educacional to assist in the performance of its activities. Third parties can include business partners, suppliers, consultants, contractors, or service providers in general.
Data Subject: An individual to whom personal data refers, which is subject to processing.
International Data Transfer: Transfer of personal data to a foreign country or international organization of which the country is a member.
Personal Data Processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.

2.Who is Responsible for Processing Your Personal Data (Controller)?

Cruzeiro do Sul Educacional S.A., a publicly traded corporation registered under CNPJ/MF nº 62.984.091/0001-02, headquartered at Rua Cubatão, 320, 3rd, 8th, and 9th floors, Vila Mariana, CEP 04.012-911, and other companies within the Cruzeiro do Sul Educacional group (as listed in Annex I), is the legal entity responsible for decisions regarding the processing of your personal data.

To support compliance with its obligations and manage its privacy program, Cruzeiro do Sul Educacional has appointed Mr. Vitor Garcia Fernandes Rocha as the Data Protection Officer (DPO), who can be contacted via email at dpo@cruzeirodosul.edu.br.

We clarify that, under the terms of the General Data Protection Law (Law No. 13.709/18 or “LGPD”), Cruzeiro do Sul Educacional is responsible for the personal data processing activities it performs and/or delegates within the context of its operations and institutions, but not for the processing activities conducted directly by our network of Partner Poles.

As detailed in this Privacy Policy, your personal data may be shared between Cruzeiro do Sul Educacional and its Partner Poles for purposes related to the commercialization of our products, provision of services, and operation of online or offline applications related to our educational services, in which cases the Parties may act under a joint or singular control regime.

Cruzeiro do Sul Educacional shares and disseminates best practices related to personal data processing with its entire network of Partner Poles. However, we emphasize that Partner Poles, as independent controllers, may process your personal data autonomously and for purposes different from those described above. In such circumstances, Cruzeiro do Sul Educacional is not responsible for and has no influence or participation in the processing activities performed.

3.How and What Data We Collect About You

We collect information about you through various interactions conducted with us or with third parties acting on our behalf, via documents, forms, platforms, and communication channels, both online and offline, as described below:

3.1. Visitation/Browsing Data: When you access our websites and applications, we may collect your browsing data through the use of cookies and/or similar technologies that allow us to recognize your browser or device and inform us where (geolocation), how, and when our pages and resources are visited and how many people access them.

Cruzeiro do Sul Educacional uses cookies and/or similar technologies to authenticate users, remember user preferences and settings, determine the popularity of content, advertise and measure the effectiveness of marketing campaigns, and analyze trends and interests of people interacting with our services and platforms.

You have the autonomy to restrict, refuse, or disable the use of cookies through your browser settings. However, by doing so, some areas of our website may not function correctly, which may prevent you from benefiting from some of our features. For more detailed information on the subject, please refer to our Cookie Policy available at the footer of our institutional pages.

3.2. Marketing and Advertising Data: When accessing our platforms and interacting with our materials and content, we may collect information that you decide to share with us, such as full name, CPF, phone number, email address, educational level, state, city, and educational interests. These data are collected through the completion of registration forms, requests for information and values, comments, participation in promotions, searches, among others, conducted on our websites and social media pages linked to our brands. Data can also be collected through physical forms or other formats resulting from registrations and interest surveys conducted at events, public places, or private institutions that authorize the dissemination of our services.

The collected data may be cross-analyzed to better understand your profile and direct content, products, and services that may interest you. We ensure, however, that this cross-analysis is not done for discriminatory purposes and that all individual rights and freedoms will be guaranteed. When creating an account on our websites, please note that you are responsible for keeping your account and password information confidential, including restricting access to your computer, mobile phone, or other devices. If the confidentiality of your data is compromised, please access our Privacy Channel (www.contatoseguro.com.br/privacidadecruzeiroeducacional).

3.3. Data Related to Selection Processes: To facilitate registration and participation in selection processes conducted by our Institutions (e.g., entrance exams, scholarship applications, research grants, extension, and monitoring programs), it is necessary to collect personal data of candidates, such as name, CPF, RG, RGM, email, and phone number. These data are collected through the completion of registration forms, which can be physical or electronic, following the terms provided in the respective notices of each selection process. We may also collect your data through application forms for selection processes for professional positions at Cruzeiro do Sul Educacional Institutions, such as full name, CPF, date of birth, email, phone number, educational level, and professional history.

3.4. Enrollment and Educational Services Data: To acquire our products, we need to collect some personal data necessary for contract execution, adequate service provision, and compliance with applicable laws and regulations, such as identification data (full name, date of birth, gender, CPF, RG, parentage), contact data (email and phone number), copies of documents, location data (country, state, city, residential address), professional data (job title and company name), educational data (educational level, course name, institution name), billing data (name, CPF, address, credit card), among others.

We may also collect sensitive data, such as religion, ethnic/racial origin, medical data, and physical or cognitive disabilities, to fulfill legal or regulatory obligations and/or ensure your access to rights and the proper provision of contracted services by any of the parties.

When accessing the systems, platforms, and learning environments provided for the proper provision of services, such as Student Area and Blackboard, data such as name, RGM, date, time, access IP, and user content (e.g., comments, interactions by voice and image) will be collected.

3.5. Data for Community Services Usage: If you are interested in using any of our community services, such as legal and/or accounting advice, medical and psychological assistance, it will be necessary to collect, directly from the holder or responsible person, some personal data required for the chosen service provision. The collected data will depend on the contracted service and may include registration data (name, CPF, RG, date of birth, address, phone) and sensitive health data, such as exams and medical history. These data will be processed solely to provide the offered services and for academic practice and development purposes.

3.6. Monitoring Systems and Access Control: When visiting and frequenting our Institutions’ premises, we may record your image through our internal monitoring system. Personal data may also be collected to provide your access credentials, ensuring a safe academic and work environment.

3.7. Participation in Events Organized or Supported by Cruzeiro do Sul Educacional: If you participate in an event organized or supported by Cruzeiro do Sul Educacional Institutions, the necessary data will be collected to confirm your registration (such as name, email, phone number, geolocation data, and educational interests) and/or record your attendance.

Your contact data collected at our events may be used by our commercial and marketing teams to send you content and news related to the event or topics of interest. We may also share such data with event sponsors or supporters, with prior notice or collection of your consent.

3.8. Through Third Parties: Some of your personal data may also be collected through publicly available sources, service providers, government agencies, and business partners, such as distance learning partner centers, recruitment platforms, and resume banks, marketing and acquisition companies, information bureaus, discount sites, and/or scholarship programs and educational programs of the Ministry of Education (PROUNI and FIES). CSED, through Third Parties, may use data hygiene and enrichment measures to ensure access to correct and updated data that allow proper service provision and/or execution of the contractual relationship established with the holder, such as receiving mandatory documents or debt collection.

Part of the personal data collection methods mentioned above may be performed based on your consent, in situations where Cruzeiro do Sul Educacional has no other legal basis for processing. In such cases, refusal of consent may result in the inability to access, in whole or in part, services offered by the Company. You can obtain information about the processing activities for which you have given consent, as well as request its revocation, through the channels indicated in item 7 of this Policy.

4.Purpose of Processing Your Data

All personal data processing carried out by the Institutions of Cruzeiro do Sul Educacional is supported by the legal bases provided in Law 13.709/2018 (LGPD), primarily concerning contract execution, compliance with legal/regulatory obligations, regular exercise of rights, legitimate interest, and consent. Your data is processed to enable:

4.1. The execution of preliminary activities for contract execution and/or formalization and execution of the contract for our services, including the specifics of commercial agreements.

4.2. The provision of services offered to the community, mainly through our teaching clinics and legal or accounting practice centers.

4.3. Registration and selection in academic and professional selection processes, including compliance with legal/regulatory obligations and/or internal policies related to diversity and inclusion, during which automated decision-making tools may be used.

4.4. Proper registration of users in the systems and platforms used to provide contracted services.

4.5. Billing, processing and payment management, and debt collection.

4.6. Conducting analyses and procedures aimed at (i) updating and improving user registration, ensuring data quality, and (ii) enabling fraud prevention in contracting and billing for our services, in accordance with our legitimate interest.

4.7. Advertising and offering services, promotions, and special conditions that may interest you and customizing advertising actions.

4.8. Conducting research and statistical analyses to appropriately evaluate supply vs. demand by geographic region, identify and correct service flaws, and continuously improve our services.

4.9. Sending communications on relevant topics related to our service provision, such as changes in the academic calendar, internal events, alerts about deadlines or relevant risks, among others.

4.10. Sending marketing and advertising communications related to our products, services, and commercial conditions, such as tuition fees, discount campaigns, and new course offerings.

4.11. Compliance with legal, judicial, regulatory, or administrative obligations and orders from competent authorities.

4.12. Monitoring activities and usage trends, as well as measuring the level of interaction and engagement with our services and platforms, to improve the user experience.

4.13. Enabling access control and management, both physical and logical, as well as video surveillance of some of our spaces, to ensure the security of our systems and assets, property security, and the physical integrity of people within our premises.

We emphasize that to achieve some of the purposes mentioned above, CSED may rely on the support of partners and service providers, with whom it will share strictly necessary data for achieving the intended purpose while taking the necessary precautions, as indicated in item 8 of this Policy.

5. How We Handle Sensitive Data and Minors’ Data

Sensitive personal data is processed by Cruzeiro do Sul Educacional exclusively for purposes for which such data is strictly necessary. In such cases, as provided by Law 13.709, we adopt more restrictive access measures and apply sufficient security controls for data protection.

Similarly, we understand the importance of protecting minors’ personal data. Therefore, all data collected related to these individuals is obtained and processed to serve the best interest of the minor and is restricted to professionals and partners who genuinely need access to perform their activities.

For adolescents over 16 (sixteen) years old, data may be provided directly by the individual, except for processing activities that require authorization from a legal representative (e.g., contract execution). Data of children and adolescents under 16 (sixteen) years old must be provided directly by their respective guardians/legal representatives.

Therefore, we request that minors under 16 (sixteen) years old do not use our platforms without the supervision or consent of their parents or guardians.

Legal representatives are also fully responsible in cases where children and adolescents access Cruzeiro do Sul Educacional’s websites and platforms without proper prior authorization. It is their sole responsibility to supervise the activities and conduct of the minors under their care and to be fully aware of the entirety of these Terms.

6. How We Handle Employees’ Personal Data

We apply the same level of care in handling the personal data of our employees, collecting and processing only the minimal data necessary for specific purposes and which have legitimate legal bases.

If you are one of our employees, you can obtain more details on how we handle your data by accessing our Administrative Privacy Policy, available on the Rede Cruzeiro.

7. How You Can Manage and Monitor Your Data

We recognize and respect all the rights of the data subjects we interact with, which can preferably be exercised through the Privacy Channel available at: https://contatoseguro.com.br/pt/privacidadecruzeiroeducacional or via email at: dpo@cruzeirodosul.edu.br.

Please note that to exercise some of the rights described below, Cruzeiro do Sul Educacional may request authentication of your identity to ensure that no information is shared with unauthorized individuals and that no action is taken without your knowledge and authorization.

Through the channels mentioned above, you can:

7.1. Data Consultation: You can request, through our service channels, a list of your personal data that we process.

7.2. Data Correction: You can, at any time, request the correction/alteration of your personal data when it is incomplete, incorrect, or outdated. If you are a student or former student, you can also make some corrections and updates autonomously in the Student Area or request such adjustments from the Student Service Center (CAA and CAA Online), the Academic Secretariat, or relevant Corporate Areas if you are an employee or a third party.

7.3. Objection: You can object to certain processing operations involving your data or restrict the use for specific purposes, as well as request a review of automated decisions.

7.4. Unsubscribe or Cancel Communications and Advertisements: You can request the removal of your contact from all our mailing lists or specific lists, stopping the receipt of communications that are not of your interest.

Please note that if you fill out any form and express your interest in contacting us or receiving information and materials from Cruzeiro do Sul Educacional again, your contact will be reinserted into our databases. Therefore, you must request cancellation again if it is in your interest whenever there is a new interaction with us.

7.5. Manage or Revoke Consent: For cases where the processing of your data is based on your consent, you can manage the consent you provided or even request the revocation of the given consents.

7.6. Data Deletion: You can, at any time, request the total or partial deletion of your personal data by canceling your enrollment or other registrations and subscriptions you have made. However, we emphasize that even after the deletion request, Cruzeiro do Sul Educacional institutions may retain part of your personal data to fulfill the following purposes: (a) judicial, administrative, and arbitration proceedings (for the necessary period), (b) compliance with legal and/or regulatory obligations, or (c) regular exercise of rights, such as asserting the rights of Cruzeiro do Sul Educacional institutions based on the service provision contract.

We emphasize that there may be situations where Cruzeiro do Sul Educacional, for legitimate reasons, will not comply with a request to exercise rights, such as (i) when the provision of information and documents may violate trade secrets or intellectual property rights of Cruzeiro do Sul Educacional; (ii) when there is another legal basis that obliges or legitimizes data retention by Cruzeiro do Sul, such as compliance with legal/regulatory obligations and the company’s defense in judicial, administrative, or arbitration proceedings, or (iii) when the request is outside the scope of Cruzeiro do Sul Educacional.

Additionally, please note that some requests may not be responded to immediately. In such cases, the data subject can monitor the progress of their request through the channels indicated at the beginning of this item, with Cruzeiro do Sul Educacional committed to providing feedback within a reasonable timeframe and in compliance with applicable legislation.

8. Sharing Your Data

Your data is shared in certain situations, always respecting your privacy and data protection, as well as the principles and guidelines established by LGPD.

We list below some scenarios in which your data may be shared:

8.1. Among Institutions of Cruzeiro do Sul Educacional: Within the limits of the purposes described in this Policy.

8.2. With Judicial, Administrative, and Governmental Authorities: To comply with legal and regulatory obligations, inspections and evaluations, scholarship grants and student financing, among others. Also, for the defense of the Company’s rights in judicial or administrative proceedings.

8.3. With Our Network of Partner Campuses: To facilitate the promotion of our products and services, execute pre-contractual activities, finalize enrollments, and provide contracted educational services.

8.4. With Financial Institutions, Payment Providers, Payment Integrators, and Credit Card Companies: To process payments related to educational and administrative services purchased.

8.5. With Business Partners: To enable commercial partnerships or agreements that allow access to differentiated products or the execution of academic activities necessary for the education of our students (e.g., mandatory internships, exchanges, graduation ceremonies).

8.6. With Service Providers Processing Personal Data on Behalf of Cruzeiro do Sul Educacional: To perform specific functions such as: providing/licensing learning platforms and educational technology; financial collections and negotiation of outstanding payments; providing life and health insurance; recruitment of professionals; marketing and communication activities; physical access management and control; cloud storage services; external auditing; among others.

Cruzeiro do Sul Educacional only uses services and technologies offered by trusted Third Parties that demonstrate adherence to adequate and sufficient security standards. Therefore, all Third Parties with whom we share personal data undergo an evaluation process and sign confidentiality and privacy agreements.

Under no circumstances does Cruzeiro do Sul Educacional sell or transfer personal data to any Third Party for financial gain or contrary to this Policy or the General Data Protection Law (LGPD).

9. International Data Transfer

Cruzeiro do Sul Educacional is based in Brazil; however, in some situations, we may share your personal data with Third Parties located outside of Brazil. This includes cloud storage service providers or international universities and business partners, who may act as Processors or jointly as Controllers.

We emphasize that regardless of the location of processing/storage, we implement the necessary technical and administrative measures to ensure the security, confidentiality, and privacy of your data. These measures include privacy and information security assessments, as well as the adoption of specific contractual clauses to ensure compliance with LGPD or equivalent laws.

10. Data Storage Period

Your personal data will be retained by Cruzeiro do Sul Educacional only for as long as necessary to fulfill the purposes for which they were collected, always respecting the data retention period stipulated by applicable law.

We also emphasize that if the deletion or anonymization of personal data is requested, this will only be possible for data whose storage is not determined by law, regulatory authority requirements, contractual execution, or other legitimate reasons that justify data storage.

11. Security Measures We Adopt

To preserve your privacy and protect your personal data, Cruzeiro do Sul Educacional adopts good information security practices and continually implements improvements to safeguard the data we collect. Among these measures, we employ access controls and permission levels, multi-factor authentication, data encoding and encryption techniques for data in transit and at rest, and incident monitoring.

We expect our entire value chain to share the same level of security that we strive for, which is why we have a process for evaluating third parties who may process personal data on behalf of Cruzeiro do Sul Educacional.

Additionally, we periodically train our employees on good cybersecurity and privacy practices, and we have specific teams prepared to detect and respond appropriately if any incident compromising the security of your data is identified.

Despite the mentioned care and efforts, it is not possible to guarantee that our services and systems are inviolable. Therefore, we also rely on your cooperation to properly protect your access passwords and limit third-party access to your devices, accounts, and personal data. Cruzeiro do Sul Educacional will not be responsible for the illegal and unauthorized use of your personal data resulting from the misuse or diversion of your access credentials.

Policy Updates

We are constantly striving to improve our services and policies, and therefore, this Privacy Policy may undergo updates. Therefore, before accessing one of our platforms or using our services, please consult our Policy on our Institutions’ websites, which will contain the date of its last update.

Last updated 06/20/2024