Diversitrack Platform Terms of Use
This document aims to record the free, informed and unequivocal expression by which the “Holder” agrees to the processing of their personal data for a specific purpose, in accordance with Law No. 13,709/2019 (General Personal Data Protection Law - LGPD).
We guarantee that personal data will be treated with respect and in compliance with legal regulations (LGPD – General Data Protection Law), ensuring the privacy and protection of data subjects.
By signing this term, the Holder consents and agrees that the company DIVERSITERA CONSULTORIA LTDA, CNPJ nº 34.943.012/0001-71, with headquarters at Av. Presidente Altino, n° 1619, in the Jaguaré neighborhood, in the city of São Paulo – CEP 05323-002, telephone numbers (11) 99905-3681 and (11) 99914-3892, email contato@diversitera.com, hereinafter referred to as “Controller”, process your personal data, including sensitive personal data, as well as make decisions regarding the processing of your data, involving operations such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification , communication, transfer, diffusion or extraction.
The Data Holder declares and agrees that personal and sensitive data will be provided by him/herself, through responses to the survey to which he/she will be submitted after accepting this term, as well as by the “Contractor”, where the Holder provides services, which will transmit to the Controller the information contained in its corporate database (such as, but not limited to: full name, position, date of birth, performance evaluation, etc.)
The Data Holder is informed that, in accordance with art. 5th, II, of Law No. 13,709/2019, sensitive personal data is defined as: “personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person”;
Purposes of Data Processing
The processing of personal data listed in this term, including sensitive personal data, has the following purposes:
Enable the Controller to help the “Contracting” company to make the best decisions in the area of diversity and inclusion, always aiming for the well-being and better relationships of employees and collaborators, among themselves, as well as with the Contracting Party;
Improve understanding and assessment of diversity and inclusion in the corporate market in general, through the recording of anonymized data, without personal identification, in accordance with art. 12, combined with art. 5th, III and XI, of the General Personal Data Protection Law;
The data will be tabulated, crossed and analyzed together with the information provided by the Contracting Party, so that the Controller can transmit insights to the Contracting company, with a diagnosis of the company's situation, in relation to diversity and inclusion.
Personal Data and Sensitive Personal Data
The Controller is authorized to make decisions regarding the processing and carry out the processing of the following personal data of the Holder, which also includes sensitive personal data:
Full name.Nationality.Naturality.DocumentDate of birth.Date of hire.Marital status.Level of education or education.Position in the company.Performance evaluation.Department.E-mail addresses.Communication, verbal and written, maintained between the Holder and the Controller.Gender.Race and ethnicity.Sexual Affective Orientation.Belief.Physical disability or not.
Data Sharing
The Controller is authorized to share the Holder's personal data, whether sensitive or not, with other data processing agents, for the same purposes listed in this term, observing the principles and guarantees established by Law No. 13,709/2019.
Data Security
The Controller is responsible for maintaining security, technical and administrative measures capable of protecting all personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or any form of inappropriate or unlawful processing. The Controller undertakes to process and store data and information securely, without any risk of leakage to unauthorized third parties.
The Holder's personal data, including sensitive personal data resulting from responses to the questionnaires, will be anonymized, so that the Contracting Party will not have access to the responses of its employees and collaborators individually.
All data related to surveys and tests completed by users are collected, stored and analyzed on a proprietary platform, called Diversitrack, which uses the cloud computing infrastructure of the company Amazon Web Services, with all layers and good security practices in place. by the main technology providers on the market (HTTPS:// protocol, encrypted Rest, etc.)
As part of the security plan, Diversitera has an established process for communicating, controlling and mitigating potential risks inherent to any technology tool.
In accordance with art. 48 of Law No. 13,709/2019, the Controller will communicate to the Holder the occurrence of a security incident that may result in significant risk or damage to the Holder.
Termination of Data Processing
The Controller may maintain and process the Holder's personal data, including sensitive personal data, for as long as they are relevant to achieving the purposes listed in this term. According to art. 12, combined with art. 5th, III and XI, of the General Personal Data Protection Law, personal data, whether sensitive or not, duly anonymized, without the possibility of association with the individual, may be kept for an indefinite period.
The Holder may request via email or correspondence to the Controller, at any time, that the Holder's non-anonymized personal data be deleted. The Holder is aware that it may be impossible for the Controller to continue providing products or services to the Holder after the deletion of personal data.
Rights of the Holder
The Holder has the right to obtain from the Controller, in relation to the data processed by him, at any time and upon request: I - confirmation of the existence of processing; II - access to data; III - correction of incomplete, inaccurate or outdated data; IV - anonymization, blocking or elimination of unnecessary, excessive or processed data that does not comply with the provisions of Law No. 13,709; V - portability of data to another service or product provider, upon express request and in compliance with commercial and industrial secrets, in accordance with the regulations of the controlling body; VI - deletion of personal data processed with the holder's consent, except in the cases provided for in art. 16 of Law No. 13,709; VII - information on public and private entities with which the Controller shared data use; VIII - information about the possibility of not providing consent and the consequences of refusal; IX - revocation of consent, pursuant to § 5 of art. 8th of Law No. 13,709.
Right to revoke consent
This Terms of Consent may be revoked by the Holder, at any time, upon request via email or correspondence to the Controller, without prejudice to anonymized data, which may be kept for an indefinite period, at the discretion of the Controller, in accordance with art. 12, combined with art. 5th, III and XI, of the General Personal Data Protection Law.
If you wish to exercise any of these rights, please contact us directly with our data operator at contato@diversitera.com. To enforce your rights, we may request proof of your identity, as a security measure.
