Global Privacy Policy

  1. ÇCONSIDERATIONS INEWS

First of all, we thank you for choosing the College of the Company of Mary (“College”)!

This Global Privacy Policy ("Policy") clarifies the main details of the processing and relationship of personal data of students ("Students"), parents, legal and financial representatives of students ("Representatives"), as well as potential students (" Potential Students”) of the College (jointly, the “Users”).

The Policy applies to all educational services of the College and any others related thereto (“Educational Services”, “Services”, or “Online Portal”). The terms governing the Educational Services are defined in the Agreement for the Provision of Educational Services (“Educational Agreement”) and can be accessed upon request at the College's secretariat or via access to the Online Portal or Application.

From time to time, new services or additional services may be developed and offered. If the introduction of these results in any change in the way we collect or treat the User's personal data, we will provide further information, terms or additional policies. Unless otherwise stated, whenever we introduce new services or additional features on the Online Portal, they will be subject to this Policy.

The Policy is intended to:

  • explain to the User their rights in relation to their personal data collected and processed by the College, as well as how we will protect their privacy;
  • ensure that the User understands which of his personal data we collect, the reasons why we collect and use it, and with whom we share it;
  • explain how we use the personal data shared by the User.

We hope that this Policy will help the User to understand our commitments regarding your privacy.

  • DEFINITIONS

For the purposes of this Policy, the following expressions shall have the following meaning:

"teenagers” refer to College students aged over 12 years old up to 18 years old; "Students” refer to students enrolled at the College that may include Children or Adolescents;

"school” refers to the College of the Company of Mary;

"Kids” refer to College students aged up to 12 years old;

"Sensitive Personal Data” refers to personal data on racial or ethnic origin, religious conviction, political opinion, affiliation to a union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person. For the purposes of the relationship between the College and the Users, it is the Students' personal medical data;

"Personal Data” refers to information related to the identified or identifiable natural person, which corresponds to the personal data of the Students, Representatives and Potential Students;

"legitimate interest” refers to the legal basis for the processing of Personal Data provided for in articles 7, IX and 10 of the LGPD, and is based on evaluating, in short, (i) the legitimacy and legality of the interests of the College or third parties for the performance of certain processing of Personal Data, (ii) the assessment of the effective need for processing for the purpose intended by the College, and (iii) the balance between the interests of the College or third parties and the rights of the holder, including their legitimate expectations in relation to the processing of your Personal Data;

"LGPD” refers to the General Data Protection Law (Law No. 13.709/2018);

"Online Portal” refers to the access platform to the College's enrollment system. It is the place where Representatives can also update Student registration and their Personal Data and Sensitive Personal Data;

"Policy" it refers to this privacy policy, which aims to regulate the rights and duties of the College with regard to the protection of Personal Data and Sensitive Personal Data.

"Potential Students” refers to individuals who are not enrolled in the College, but are in the pre-registration phase or are aware of the Services provided by the College;

"Representatives” refers to the parents, legal and financial representatives of the Students or Prospective Students;

"services” refers to the educational services provided by the College, which may also include access to the Online Portal;

"Data Holder” refers to the natural person to whom the personal data that are the object of processing refer; "User” refers to the set of Students, Representatives and Prospective Students.

  • DRIGHTS OF THOLDERS OF DADO

LGPD grants Data Subjects rights relating to their respective personal data. As provided for under applicable law and unless limited by it, the rights provided to individuals are as follows:

  • Right to confirm the existence of treatment;
  • Right of access to data;
  • Right to correct incomplete, inaccurate or outdated data;
  • Right to anonymization, blocking or deletion of unnecessary, excessive or treated data in violation of the LGPD;
  • Right to data portability to another service or product provider, safeguarding the College's commercial and industrial secrets;
  • Right to delete personal data processed with the consent of the holder, except in cases of legal custody and others provided for in the LGPD;
  • Right to information from public and private entities with which the College made shared use of data;
  • Right to information about the possibility of not providing consent and about the consequences of denial;
  • Right to revoke consent under the LGPD.

Form and conditions of exercise. The rights mentioned above will be guaranteed and may be exercised by Users in the exact terms described in the LGPD. Any and all requests, complaints, requests for information or exercise of rights by the Data Subject may be made by written message to the e-mail (dpo@ciamariabrasil.com.br)or in person at the College Secretariat. In all cases, the Data Subject must provide, at a minimum, the following information:

  1. Data Subject's full name;
  2. RG or CPF number of the Data Subject;
  • Description of the request.

Occasionally, other information or documents may be requested to meet the request, if there is any doubt about the veracity of the information provided or about the User's identity.

  • FORM OF ÇOLETTE OF DADO FORPERSONAL

Data provided directly by the Representative. We collect User Personal Data in the following ways:

  • when the Representative performs the physical registration at the College Secretariat, by telephone or via the College website, demonstrating interest in contracting the Services;
  • when the Representative enrolls the Student at the College, or fills in the documents relating to enrollment;
  • when the Representative accesses the Online Portal;
  • when the Representative updates the Student record, fills out forms or provides information through the Online Portal;
  • by Students and/or Representatives in the day-to-day provision of Services, contacts, reports, evaluations and other activities of the College.

Data collected directly from the Student. We collect the User's personal data in the following ways:

  • of the student, throughout the provision of Educational Services, through assessments, tests, simulations, classroom notes, observation and behavioral assessment, interviews and meetings with the faculty and coordination of the College, and any other usual means for the provision of such services;
  • of the student, through forms, forms, questionnaires, registration forms, attendance lists and other usual documents for the provision of educational services and associated services or accessories.

Data provided to access the College's facilities. We collect personal data from each and every person who accesses or seeks to access the private space of the College, through temporary registration (in the case of occasional visitors) or permanent (Representatives and Students, while the Services are provided) at the entrance and/or at the College Secretariat.

Data collected automatically by the Online Portal. It is possible for the Online Portal to automatically collect some technical information, including but not limited to, type of device used to access the Online Portal and the App, connection IP (with access time), approximate geographic location, numbers of identification of your device, information about the use of the Online Portal, the software or browser used to access the Online Portal, the operating system and your version of the device used, among others.

Data provided by third parties. By virtue of the provision of the Services, we also collect personal data from Students through third parties authorized by the Parents, such as authorized specialists, physicians, therapists, speech therapists and other health or development assistance professionals. and are willing to share such personal data with the College, always in the best interests of the Child and Adolescent. In addition, we can receive photographic souvenirs from Students during the academic year directly from partner companies

  • DADO FORPERSONAL ÇOLETTED BY ÇCOLLEGE

In the table below, we organize the groups of Personal Data and Sensitive Personal Data that the College collects from Users:

  Personal Data Group  Personal Data    Sensitive Personal Data
            Students (Children and Adolescents)Full name, gender, marital status, date of birth, place of birth, UF, nationality, RG, CPF, birth certificate, passport, telephone, email, zip code, full residential address, information on pedagogical performance (such as observations, evaluations, tests), information about behavior and personal development (such as observations, assessments, reports from parents, teachers and experts)            Social or ethnic origin, health data.
        RepresentativesFull name, marital status, date of birth, nationality, place of birth, RG, UF, CPF, telephone numbers, e-mail, zip code, full residential address, education, company, title, profession, full business address.        AT
    Potential Students (Children and Adolescents)Full name, gender, marital status, date of birth, place of birth, state, nationality, RG, CPF, birth certificate, passport, telephone, e-mail, zip code, full residential address      AT
   
  • FPURPOSES OF TRATIO

In the table below, we set out the reasons why we treat Users' Personal Data, the associated legal grounds on which we are based and which allow us to legally process User's Personal Data:

PurposesData Involved
Pre-enrollment  Child Data
   Adolescent Data
  Legal Representative Data
            Registration  Child Data (including Sensitive Personal Data)
  Adolescent Data (including Sensitive Personal Data)
  Legal Representative Data
      Provision of Educational Services, including planning and directing didactic-pedagogical-educational actionsChild Data (including Sensitive Personal Data)
Adolescent Data (including Sensitive Personal Data)
  Legal Representative Data
    Use of medical data for emergency careChild Data (including Sensitive Personal Data)
Adolescent Data (including Sensitive Personal Data)
      Communication channel between College, Parents and StudentsChild Data (Excluded Sensitive Personal Data)
Adolescent Data (Excluded Sensitive Personal Data)
  Legal Representative Data
  Commercial Communications - Current Students  Legal Representative Data
  general business communicationsLegal representative of former student or potential new students
Homage to Students approved in Entrance ExamsAdolescent Data (Excluded Sensitive Personal Data)
Keeping Mandatory Records on School RecordsChild Data (Excluded Sensitive Personal Data)
 Adolescent Data (Excluded Sensitive Personal Data)
  Legal Representative Data
      Alumni AssociationAlumni (Children)
Former students (teenagers)
Former students (+18 years)
Representatives
  Communication to third parties for the legal defense of the College's interests (collection, execution and other legal actions or extrajudicial measures)Child Data
Adolescent Data
Legal Representative Data
  • ÇCONSENT

For kids: Representatives must consent,  specifically and highlighted in a separate document

 ("Consent Term for the Handling of Personal and Sensitive Data"), with the collection of Personal Data and Personal Data of Students and Potential Students, who are, on the present date, Children, for the purposes listed below:

  • Registration data: full name, number of documents, affiliation, date of birth, place of birth, photo, telephone, e-mail, home address;
    • School data: school results/report, participation in sporting, artistic, extracurricular and complementary activities, school life and final evaluation, as well as a letter of payment, grades and school history of the school of origin/previous;
    • Medical data: medical insurance card, vaccine, diseases/diseases and medication use, allowing for prompt assistance to the student in case of emergency needs.
  • ÇOMUNICATION AND UONLY ÇSHARED

Users' Personal Data will only be shared based on the reasons and justification set out in the table below:

  Reason for sharing    Justification
    Provision of Educational ServicesThe College may share the Personal Data of Students, Potential Students and Representatives in order to provide the Services, such as providing additional, complementary or directly related services to Educational Services, such as educational outing service companies, travel insurance companies,
 pedagogical assessment companies, other educational institutions, government agencies and supervisory bodies, or other international higher education institutions for selection processes, in this case as requested by the Student or their Representatives.
    Photographic Remembrance Service ProvidersThe College may share the Personal Data of Students and Representatives with partner companies that provide Photographic Remembrance services, for the purpose of photographing the regular activities of the College, recording social activities and other events of the College (balls, parties, graduations, etc), including with the purpose of enabling the acquisition, by the Responsible, of such records for remembering by the Student and their Responsible, as per item 9 of this Policy.
      Technology and Marketing Service ProvidersWe use technical service providers that operate the technical infrastructure we need to provide the Online Portal and to host the College's systems, in particular providers that host, store, manage and maintain the Online Portal and the Application, its content and data that we process. We use technical service providers to help us communicate with Representatives. We use marketing and advertising partners to show Representatives personalized content.
        Compliance with the law, compliance with a court order and/or the National Data Protection AuthorityWe will share the User's Personal Data when we believe, in good faith, that it is necessary to fulfill a legal obligation under applicable law, or to respond to a valid legal process, such as a search warrant, a court order or a subpoena. We will also share the User's personal data if we believe, in good faith, to be necessary for our legitimate interest, or that of third parties, in matters of national security, law enforcement, litigation, criminal investigation, protection of the safety of anyone, or to prevent death or imminent physical damage, provided that we consider that such interest does not prevail over the interests or fundamental rights and freedoms of the User that require the protection of the User's personal data.
  Student Emergency Assistance  Students' Sensitive Personal Data may be shared with Hospitals in emergency care.
  • ÇREMARK AND ANDEXCLUSION OF DADO FORPERSONAL

At the request of the Student Representative, Potential Student Representative and/or Alumni Representative (who presumably are of legal age), the College will delete or anonymize your Personal Data and/or Sensitive Personal Data so that they do not identify you, unless it is legally permissible or mandatory to keep certain personal data. The deletion of the data stored by the College may be requested, under the conditions established by the LGPD, through the email (dpo@ciamariabrasil.com.br).

The College declares itself committed to making the best efforts to respond to all requests for exclusion, when applicable, as soon as possible. However, the College may keep the Personal Data it deems necessary, in order to comply with its legal obligations, including regarding the maintenance of records

mandatory schooling, or for possible exercise of rights or defense in legal proceedings, as well as to serve legitimate interests, in accordance with the definition of the LGPD.

  1. sSAFETY OF DADO

We are committed to protecting the Personal Data and Sensitive Personal Data of our Users, keeping them safe, secure and confidential. We implement technical and organizational measures to help protect the security of your data.

  1. TINTERNATIONAL TRANSFERS

Personal Data and Sensitive Personal Data collected by the College will always be treated on the basis of the LGPD. The College is based in Brazil, but our subcontractors, service providers or partners may also be based or may process data in countries other than Brazil. In this case, we guarantee that our subcontractors, service providers or partners will also be subject to the obligations of this Privacy Policy. Thus, by agreeing to this Privacy Policy, the User agrees also that Personal Data and Sensitive Personal Data may be subject to international transfers and declares itself aware of all guarantees applicable to treatment abroad.

  1. THECHANGES TO THE PRESENT FORTHE POLICY OF FORRIVACY

We may from time to time make changes to this Policy.

When we make material changes to this Policy, we will make visible and appropriate communication in accordance with the circumstances, such as presenting a notification on the College's Online Portal, or by sending an email to the User through the College's official channels. We may also send a notice to the User in advance.

Thus, it is essential that the User be sure to read any notification carefully.

If you want to know more about this Policy, please contact us at the email address

(dpo@ciamariabrasil.com.br).

Last change: January 1, 2020.

Implementation: January 1, 2020.