Privacy Policy

Clique aqui para ler nossa política de privacidade em português.

1. Introduction
   • 1. This Privacy Notice for the EARJ website has been prepared to inform you, the data subject, about how our institution processes your personal data, explaining in a clear and transparent way.
   • 2. The AMERICAN SCHOOL OF RIO DE JANEIRO, a legal entity registered under CNPJ No. 33.390.659/0001-50, located at Estrada da Gávea, 132, CEP 22451-263 Gávea, Rio de Janeiro, RJ, an international school offering preschool through 12th-grade education in English, as the Data Controller, is committed to transparency, privacy, and security of the data subjects’ personal data throughout their lifecycle.
   • 3. We recognize the importance of the physical and electronic records of the personal data collected, and this Privacy Notice aims to regulate, in a straightforward, transparent, and simple manner, which personal data are collected, as well as the purposes and legal bases that justify such processing, with whom it is shared, and the retention period.
   • 4. Therefore, the way we handle your personal data is very important. We aim to maintain our relationship of transparency and trust with our students, their parents and guardians, employees, visitors, website users, and other data subjects. We emphasize that, in performing our activities, we only process the personal data that are necessary and appropriate for the purposes that justify the collection, always observing the legal bases provided by Law No. 13.709/2018 (General Data Protection Law – LGPD) and other applicable data protection laws.
2. Who is this privacy notice for?
   • 1. This Privacy Notice is intended for our students, prospective students, parents and guardians, employees, and everyone who accesses our website to seek information, services, or to contact EARJ.
3. What types of personal data do we process?
   • 1. To perform our activities and services, we may handle the following categories of personal data of the data subjects listed in item 2, described here as examples:
     • 1.1. Registration and identification data: Name, address, personal qualifications, enrollment number, grade, professional qualifications, ID, CPF (Brazilian individual taxpayer registry), and telephone number.
     • 1.2. Financial data: Bank information of parents/guardians, employees, and donors.
     • 1.3. Data related to electronic communication: e-mail addresses, IP addresses, and information about accessed web pages.
     • 1.4. Data concerning the interactions of data subjects with the Controller, provided in the service request form.

4. What are the purposes of processing personal data?
   • 1. We may process your personal data when you access our website, when we receive applications for student vacancies, when we provide services through electronic channels, or when we receive a donation. This processing is carried out to achieve specific purposes and is conducted with the minimum necessary information to reach these purposes.
   • 2. We also perform access control and monitor through Closed Circuit Television (CCTV) all individuals present on the EARJ premises. In this case, the images are used to ensure the safety of everyone at EARJ and are accessed only by the security team and school management.

Note: The images will only be displayed or made available to any requestors (visitors, employees, parents/guardians, etc.) by court order.

• 3. To facilitate understanding, we provide below an illustrative table showing some of the personal data processing activities carried out by EARJ according to their respective purposes, the data subjects affected, the legal bases for processing, and the categories of personal data detailed in item 3.

5. Why and how do we use cookies on our website?
   • 1. EARJ uses cookies to record the settings and preferences of users’ navigation, as well as to generate statistical reports. Among these cookies, those classified as primary are strictly necessary for the correct functioning of our website and help to improve your experience and provide personalized services.
6. How are your data obtained?
   • 1. We obtain your data through your access to our website or through other forms of contact and interaction, for example, when you apply for a student position, during the enrollment process, during academic activities monitoring, when you voluntarily submit your resume for participation in the employee selection process, for drafting educational service contracts, or when you exercise your rights under the LGPD.
7. How are your personal data stored?
   • 1. Your data are stored securely, using and applying our own technological tools, following the standards and best practices related to information security.

1. With whom can we share your personal data?

• 1. We may share your personal data internally or externally, with public or private organizations, always in accordance with the guidelines set out in the LGPD and in a manner compatible with the purposes for which the data were collected, as already described in item 4.
• 2. Thus, we can share your personal data with:
  • 2.1. Bodies or entities that are part of the National Data Protection Authority (ANPD).
  • 2.2. Companies contracted by EARJ (for example, information technology service providers, student meal services, travel intermediation services, and other school activities), always respecting privacy and the principle of necessity, where only the data strictly necessary for the execution of the activity are shared.
  • 2.3. Judicial authorities, in the exercise of their jurisdictional functions.
  • 2.4. Data hosting and website hosting services.
  • 2.5. Any Government Authority, including labor or financial activity inspection bodies, regulatory bodies such as the Department of Education, Ministry of Labor and Employment, and the Federal Revenue Service.
  • 2.6. Third parties that have been designated by you, upon your request.
• 3. When we share your personal data with data operators, we require that the information be treated in accordance with our privacy and data protection guidelines, such as secure storage of personal data, and prohibition of sharing with third parties without our prior authorization.

9. International transfer of personal data
   • 1. In certain circumstances, such as when we use cloud hosting services, software providers located in other countries, or when we establish partnerships and agreements with foreign educational institutions, your personal data may be transferred internationally. In these cases, we will take appropriate measures to protect your personal data in accordance with Brazilian legislation coupled with international data protection standards.
10. For how long will your personal data be stored?
    • 1. The personal data processed by EARJ will be stored and used for the period necessary to achieve the purposes already described in this privacy notice, always considering the rights guaranteed by the LGPD.
    • 2. In some cases, even after the relationship you have established with us has ended, we will continue to process some personal data necessary to comply with norms requiring the retention of certain documents and information. Moreover, such data may be stored when requested by public authorities or for defense in judicial or administrative proceedings.
    • 3. Once the necessary period for storing your personal data has passed, they will be securely deleted.
11. How do we protect your personal data?
    • 1. The personal data processed by EARJ will be protected in accordance with the norms and guidelines of information security issued by competent bodies, always in accordance with the provisions contained in the LGPD.
12. Rights of the data subjects
    • 1. According to Article 18 of the LGPD, you have the right to obtain, in relation to the personal data we process, at any time and free of charge upon request:
      • 1.1. Confirmation of the existence of processing.
      • 1.2. Access to the data.
      • 1.3. Correction of incomplete, inaccurate, or outdated data.
      • 1.4. Anonymization, blocking or deletion of unnecessary or excessive data or data processed in noncompliance with the provisions of this law.
      • 1.5. Portability of the data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets.
      • 1.6. Deletion of personal data processed with the consent of the data subject, except in the cases provided for in Article 16 of this Law.
      • 1.7. Information about public and private entities with which the controller has shared data.
      • 1.8. Information on the possibility of not providing consent and the consequences of denial.
      • 1.9. Revocation of consent, under the terms of § 5 of Article 8 of this Law.
      • 1.10. Opposition to processing, in cases where consent is not the legal basis for processing your personal data, and when there is a non-compliance with the legislation.
      • 1.11. To file a complaint with the National Data Protection Authority.
    • 2. The exercise of these rights can be done through the contacts provided at the end of this privacy notice.
    • 3. All requests will be responded to in accordance with the specific regulations that govern our activities and within the legal deadlines established by the LGPD. Depending on the situation, we may fulfill your requests fully, partially, or deny requests that are inappropriate or contrary to specific laws or regulations that govern our activities.
13. Contact at EARJ
    • 1. If you wish, you can contact us directly via email at dpo@earj.com.br or through the “CONTACT” section available on our website.
    • 2. Our address is: Estrada da Gávea, 132,  CEP 22451-263 Gávea, Rio de Janeiro, RJ.
14. Data Protection Officer (DPO)
    • 1. If you have any questions, complaints, communications, or concerns about how we process your personal data, or if you wish to exercise the data subject’s rights described in item 12, just send an express request to the Controller, via email to our Data Protection Officer (DPO), Mr. Pedro Pinheiro, at dpo@earj.com.br.
15. Changes to this Privacy Notice
    • 1. This privacy notice is subject to changes and revisions at any time. Therefore, we suggest that you check this document regularly.
    • 2. This version of the EARJ privacy notice was revised on May 10, 2024.
16. Applicable legislation and jurisdiction
    • 1. This privacy notice will be governed, interpreted, and enforced in accordance with the laws of the Federative Republic of Brazil, especially Law No. 13.709/2018, regardless of the laws of other countries, and the court of the domicile of the Controller will have jurisdiction to resolve any disputes arising from this document.