What personal data do we collect and for what purposes?

We typically utilize the personal data we gather for things like:

• • Business relationships with our clients, partners, suppliers, and anyone who are interested in our services;
  • Providing services to our clients;
  •  Relationships with candidates for our open positions.
  • When it comes to this, we typically use personal data for the following purposes:
  • To administer, provide the services and comply with the contractual and legal obligations assumed, ensuring operability and continuity in the delivery of our services;
  • To define and adjust the format of our content, including to serve personalized and more assertive materials;
  • To customize the user experience, improving the performance, functionality, and efficiency of GIC’s presence;
  • To identify and authenticate users.
  • Inform users about news, products, services, features, articles, news, booklets, periodicals, newsletters and other content relevant to our services;

Provide information on the courses offered by the GIC Business School;

Track usage data on our platforms and analyze traffic trends to gauge the success of our marketing campaigns;

Detailed user profiles and operations to tailor the services, benefits, and communications with our customers;

Filter and direct job opportunities based on the candidate’s profile when resumes are sent to apply for a vacancy at GIC;

In addition to these situations, we may use data in an anonymised form (i.e., in a way that does not lead to the identification of an individual) for the purpose of producing analytical business intelligence reports.

 

 

 

 

Depending on the above purposes, we may collect:

Registration and personal identification data: such as name, e-mail, address, identification documents, telephone, title, company/organization, function or position, date of birth, location, matters of interest that are usually provided directly by you in your interactions with us.

Information from Electronic Device Records and user interaction, including IP addresses, mobile device IDs, information obtained through the use of cookies, Google Analytics, web beacons, and other information related to the user’s interaction with our platforms (web and application), including date and time of access, time spent on pages, areas visited, features and tools used, click logs, and cookie identifiers (for more information see our Cookie Policy).

Data inherent to the provision of our services: to enable the exercise of our activities, we treat personal data that are shared by our customers, suppliers, as well as public information and made available by third parties, such as the Central Bank of Brazil, the Federal Revenue Service, the Judiciary, the Board of Trade and the Securities and Exchange Commission, as needed.

Geolocation Data: We may collect geolocation data to identify and point out the GIC offices and facilities closest to you.

Professional data: like those in your resume when you sign up and apply for a job at GIC.

Children’s Data: We do not knowingly collect data from children as our website and services are intended for an adult audience. However, there may be times when we get information about children, including their name, date of birth, address, information about their parents or legal guardians, and details about the specific GIC initiatives in which they and their guardians are involved. Children’s data is processed as long as their parents or legal guardians have given their explicit consent.

Closed Circuit Television Data: Visitors’ sights and sounds can be recorded at our actual locations. After 30 days, such data is automatically overwritten.

Sensitive personal information: With your permission or in accordance with legal requirements, we may collect sensitive personal information in certain circumstances, such as during recruiting and selection procedures and for inclusion and diversity initiatives. Sensitive personal information on an individual’s race or ethnicity, health, gender identity, and sexual orientation are just a few examples of the kind of information we may collect or retain on file.

 

What legal bases do we use to process personal data?

GIC typically use the following legal foundations to run our company and offer our goods and services:

Contractual Performance: In order to carry out our obligations under a contract with you, we may process personal data.

Consent: If you give us permission to use your personal information, we may use it.

Legitimate Interests: We can rely on legitimate interests, which are always first assessed for fairness, reasonableness, and balance. We have the following scenarios among the hypotheses for processing personal data based on legitimate interests:

• • To make it possible to offer our clients services.
  • To alert visitors to our website of information and/or service offerings.
  • To enlighten people about available employment options.

• • To provide information about business prospects and services targeted to their industry to our customers or holders registered on our platforms and mailings.
  • Know Your Customer, Know Your Partner, Know Your Employee/Professional Programs: This principle applies to fraud prevention, risk management, anti-corruption programs, prevention of money laundering and terrorist financing programs.
  • To personalize and enhance users’ and visitors’ online experiences on our digital platforms.

For GIC’s marketing and promotional initiatives.

Obligations under the law and regulations, as well as routinely exercising rights: We may process personal data in order to comply with our legal and regulatory requirements, as well as in connection with judicial proceedings, administrative appeals, or arbitral hearings to which we are parties.

 

How does GIC protect your data?

To safeguard personal data from unauthorized access and against situations where it might be accidentally or unlawfully destroyed, lost, altered, communicated, or disseminated, GIC complies with internal rules and industry-standard information security protocols. We specifically call out the following mechanisms, which are used in accordance with GIC’s internal procedures: firewalls, encryption programs, access control through passwords, level-based access profile management, biannual criticality reviews, vulnerability management procedures, vulnerability scan execution, and periodic penetration tests. Even if, within our capacity, we employ all available security measures to prevent incidents from happening, security cannot be absolutely guaranteed against all existing threats if we consider the circumstances inherent in the architecture of the internet.

In addition, we care about training our employees on the importance of data protection in order to keep them updated on the best market practices.

 

 

How long will we keep your data?

Personal data is kept for the period necessary to:

• • Fulfill the purposes for which the personal data were collected.
  • Meet legal or regulatory obligations.
  • Exercise GIC’s rights in judicial, administrative or arbitral claims.

After the necessary deadlines, the personal data will be deleted.