The EARJ (Escola Americana do Rio de Janeiro) , applies the rules established in Law n.13709/2018 – Brazilian General Data Protection Law, regarding transparency, privacy and security of data of holders throughout the cycle of processing of personal data.
In case you better understand what data we process, we bring you important information below:
What kind of personal information and for what purpose do we collect and use it for?
We process different categories of data depending on the type of data subject, being:
Candidates for employees: We process data from resumes voluntarily submitted by their holders when we have some selection process to occupy a vacancy in our staff, and the resumes will be discarded after 1 (one) year of submission, or if, the candidate so wishes will be filed for future selection processes.
Student candidates: We process data of candidates to students and their guardians, necessary for the selection process, and will be discarded if they are not approved in the selection process.
Students: We process student data, necessary to provide the educational service, as well as ensure their physical and psychological security, within what is determined by the educational agencies.
Parents and Guardians: We process data from parents and academic leaders and financial guardians, necessary for the provision of the contracted educational service and to provide information to government agencies.
Employees: We process strictly necessary data of employees, for the execution of the employment contract and provision of information to governmental and regulatory agencies, such data will be stored for the necessary period described in the regulations themselves.
Visitors: We treat the Name, Photo and Identity Number of our visitors to control access and ensure the safety of all.
We control access and have the images recorded by the CCTV system of all the people who access our Campus. The images are used to ensure the safety of everyone on campus and will be accessed only by security and management staff. The images will be displayed or made available to visitors, employees, parents or guardians only with a court order.
How do we protect your data?
We map processes that process personal data and list potential risks to Privacy and Data Protection, continuously seeking risk mitigation through training and the adoption of technical and administrative measures applied to our processes and information systems.
EARJ has a complete Privacy and Personal Data Protection Program and has continuous advice from experts in the field who constantly evaluate a number of legal, business and Information Security controls, as well as conduct training and encourage the culture of Privacy and Data Protection within the institution.
Who do we share your data with?
EARJ shares some data with partner companies, necessary for the provision of complementary services. EARJ only shares the data strictly necessary for companies to contact parents/guardians.
Examples of complementary services are: provision of food service, intermediation of the school photography service, intermediation in the provision of school travel services and intermediation of the provision of After-school activities.
We also share data with federal and local government institutions and class entities to attend to legal requirements, such as: we send school census data to the Department of Education, Employee Data to the Ministry of Labor and the Internal Revenue Service.
How long do we store your personal data?
Your personal data is stored for as long as the need to comply with legal obligations or to provide any service to the holder himself.
What are the rights of the holder?
The holder of the personal data is entitled to obtain from the controller (EARJ), in relation to the data of the data subject, processed by him, at any time and upon request:
I – confirmation of the existence of treatment;
II – access to data;
III – correction of incomplete, inaccurate or outdated data;
IV – anonymization, blocking or deletion of unnecessary, excessive or processed data in non-compliance with the provisions of this Law;
V – portability of the data to another service provider or product;
VI – deletion of personal data processed with the consent of the holder;
VII – information of the public and private entities with which the controller made shared use of data;
VIII – information on the possibility of not providing consent and on the consequences of the negative;
IX – withdrawal of consent.
To clarify any questions or to exercise your rights, you can use our exclusive channel by sending an email to firstname.lastname@example.org and speak directly to our DPO (Data Protection Officer) Mr. Pedro Pinheiro.