We at the CDM Group, a legal entity governed by private law, registered with CNPJ [Corporate Taxpayer ID] No. 36.055.899/0001-97, headquartered at Rua Quatro, 205, Sala 213, Jardim Riacho Das Pedras, Contagem, MG, Zip Code 32250-030, are committed to treating your Personal Data with respect for your privacy and always seeking the most secure means. We always strive for transparency and to strengthen our values of trust and dynamism.

With this in mind, this Privacy Notice (“Notice” or “Document”) describes how we process the personal data collected from our website, describing its respective purposes, possible sharing and storage time. We recommend that you read this Document carefully, and revisit it periodically, since the processing of personal data may change, which will always be reflected in this Notice.

If you have any questions about this Notice, or if you wish to exercise your rights in relation to your personal data, you can contact our Data Protection Officer by email at dpo@cdmgrupo.com.

This Notice applies to all users of our website, whether they are customers, job applicants, business partners or internet users, and must be observed and complied with by all our employees and service providers in any operation involving the processing of personal data.

In order for you to fully understand the information contained in this Notice, we have provided some concepts below:

Anonymization: Use of technical means by which a piece of data loses the possibility of direct or indirect association with an individual, irreversibly.

National Data Protection Authority (ANPD): The public administration body responsible for overseeing, implementing and enforcing compliance with the General Personal Data Protection Law (Law 13709/2018) throughout the country.

Consent: Free, informed and unequivocal expression by which the Data Subject agrees to the Processing of his or her Personal Data for a specific purpose.

Controller: An individual or legal entity, whether governed by public or private law, responsible for decisions relating to the Processing of Personal Data.

Personal Data: Any information relating to an identified or identifiable individual, such as name, RG [General Registration], CPF [Individual Taxpayer ID], gender, date and place of birth, telephone number, address, GPS location, bank card, income, payment history, consumption habits, leisure preferences; IP (Internet Protocol) address, among others.

Sensitive Personal Data: Personal data on racial or ethnic origin, religious conviction, political opinion, membership of a trade union or religious, philosophical or political organization, data concerning health or sex life, genetic or biometric data, when linked to an individual.

Data Protection Officer (“DPO”): The individual designated as the formal data protection officer, as provided for in the data protection laws, the LGPD, for a given territory. The DPO can be an insider or an outsider.

Operator: An individual or legal entity, governed by public or private law, processing personal data on behalf of the Controller.

Data Subject: Identified or identifiable individual to whom a specific Personal Data refers.

Processing of Personal Data or Processing: Any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of disclosure, comparison or interconnection, limitation, deletion or destruction.

All the personal data we process has a specific purpose in order to provide a satisfactory experience for our customers, business partners, job applicants and users of our websites.  In addition, we follow all the principles established by the General Data Protection Law (13709/2018 – “LGPD”) in the Personal Data Processing activities carried out, guaranteeing transparency, legitimate purposes and data minimization. The table below describes the information concerning the Personal Data we process:
When do we process data? What data do we process? For what purpose?
Contact us Name, email address, telephone number and any other information you may enter in the message. In order to answer your message, we need to know your name, telephone number and email address. This communication can also be done via WhatsApp, which is available on our websites.
Website navigation Internet protocol (IP) address, interactions made and website use profile; technical data such as URL, network connection, provider and device information; device attributes such as ID, operating system, browser, geolocation and model. Enable the proper functioning of the site, generate statistics, research and surveys regarding the use of products or services. Complying with legal regulations in the Civil Rights Framework for the Internet
“Work With Us” Name, email address, CPF number, nationality, telephone number, general registration data collected by the partner selection process platform and any other personal data you choose to include in your resume. Carrying out selection processes, taking into account the interests of the candidates and alignment with the vacancy offered. Depending on the vacancy, information may be collected via the vagas.com.br website or via gupy.com.br, which can be accessed via the “Work With Us” tab on our websites.
CS – Customer Service Name, email address, telephone number and details provided in the communication. In order to respond to your question, suggestion or complaint directed to our Customer Service via email available on our websites or by telephone (0800.941.3434), we will need to process your name, to identify the request, telephone number or email address, in order to properly respond to the communication and the data that is provided, for the purpose of processing your request.
Telesales Name, email address, telephone number and details provided in the communication. Identify the requester and respond to the request made via email available on our website or by telephone (33-99955-5744). This communication can also be done via WhatsApp, which is available on our websites.
Work with us As described in the table above, we used the platforms provided by Gupy and Vagas.com to carry out the recruitment and selection procedure. So, if you are a candidate for one of our vacancies, it’s important to know that when you click on the “Work with Us” tab and select the vacancy you are interested in, you will be directed to the website of one of these platforms, depending on the type of vacancy you want. It is through these platforms that you will be able to register, at which point they will collect the data needed to identify you and you will then be able to include the data you want on your resume. We therefore recommend that you read and analyze the Terms of Use and Privacy Policies of these platforms, available from the links below: GUPY TERMS OF USE PRIVACY POLICY GUPY

We do not process the personal data of children and adolescents on our website. If it is found that this processing has taken place in error, we will delete the data as soon as it is identified, using secure means of disposal.

In order to properly carry out the processing described in topic 4, we may share with partner companies. In any case, whenever the need to share personal data is identified, we require that it be in accordance with the rules on privacy and protection of personal data and the LGPD.

Therefore, your data may be shared with third-party companies that provide technical support for the site, in order to maintain the regular operation of activities.

It may also be shared with financial institutions to make payments and for other financial matters when applicable, customer service companies, communications, marketing, recruitment companies for selection processes, consultancies to support the management of the Reporting Channel, always doing so for legitimate purposes.

We would like to point out that this sharing will only take place if strictly necessary and only the data required to fulfill the purpose of the processing will be provided.

Under no circumstances will we sell or exchange your personal data, and sharing will take place by secure means, always preserving your privacy and in compliance with the provisions of the LGPD.

Occasionally, an international data transfer may occur when personal data is stored on cloud computing servers located outside Brazil. For this, the CDM Group observes the rights of the Data Subject, adopts the applicable safeguards and the data protection regime provided for by the applicable Data Protection legislation, and applies the best security and privacy practices to guarantee the integrity and confidentiality of his/her Personal Data.

On our websites we may use cookies, which are small text files that can be collected in order to improve user experience.

In this case, the cookies collected will be informed in the cookies banner of our websites, and you will be able to exercise your right to set your preferences whenever you wish.

Your Personal Data will be stored and kept securely and in a controlled environment, only for the time strictly necessary to fulfill the intended purpose, among those described above.

It’s important to know, however, that we can store your data for longer if necessary to comply with a legal obligation or to regularly exercise any rights. In these cases, we may leave them stored for the limitation period or for the period determined by the applicable legislation.

The personal data of job applicants collected via email is stored for 24 (twenty-four) months. After this period has elapsed, the data will be disposed of securely.

The LGPD guarantees that you, as the Personal Data subject, can exercise your rights against the Controllers of your information at any time and upon request. We have provided the references below so that you understand in a clear and transparent way how to exercise some of the applicable rights and the means for our assistance.

  • Confirmation of the existence of Processing and Access to Personal Data: You can ask the CDM Group to confirm that it processes your Personal Data and to inform you what Personal Data it holds about you. The CDM Group will show the personal data categories and how long the personal data will be stored.
  • Information about the entities with which the CDM Group has shared or shares data: You may ask the CDM Group to provide you with information on the sharing of your Personal Data with third parties.
  • Correction of incomplete, inaccurate or outdated data: If you find that your Personal Data is incomplete, inaccurate or out of date, you may ask the CDM Group to correct or supplement your Personal Data.
  • Information on the possibility of not giving consent: Should the CDM Group request your consent for a particular Processing of Personal Data, you may ask the CDM Group to clarify whether it is possible to carry out the relevant Processing activity without your consent, or what the consequences are of not providing consent in this case.
  • Anonymization, blocking or deletion of unnecessary, excessive or unlawfully processed data: Should any Personal Data be processed unnecessarily, beyond the scope of its intended purpose or in breach of the LGPD, you may ask the CDM Group to anonymize, block or delete such data, provided that the overprocessing, lack of necessity or breach of the law is effectively established.
  • Withdrawing consent: You may, at any time, request the withdrawal of the consent given for the Processing of your Data. The CDM Group will contact and communicate with other organizations where the Data Subject’s personal data is being processed in order to stop the Processing of information at the Data Subject’s request. The withdrawal of consent may result in the termination of the services provided, but does not prevent the use of anonymized data and data whose processing is based on another legal hypothesis provided for in the LGPD.
  • Deletion of Personal Data: If you have given your consent to the Processing of your personal data for specific purposes (and not necessary for the provision of our services or delivery of our products), you may request the deletion of such Personal Data. Note that if Personal Data is retained/stored due to situations such as legal or regulatory obligations, this data may be retained/stored regardless of the Data Subject’s consent, as an exceptional case of Processing.
  • Opposition to processing, if irregular: You may object to the Processing of your Personal Data if it is found to be irregular. The CDM Group will take appropriate measures without undue delay in case the Data Processing is contested, in whole or in part.
  • Review of automated decisions: You can question decisions made solely on the basis of Personal Data processed in an automated way that affect your interests, such as decisions aimed at defining your personal, professional, consumer and credit profile or aspects of your personality. You can also find out about the criteria and procedures used for the automated decision, with due regard for commercial and industrial secrets.

If you wish to exercise any of these rights, please contact our Data Protection Officer at dpo@cdmgrupo.com. In order to analyze your requests, we will ask you to prove your identity by sending us a photo of you holding an identification document, as well as a front and back photo of this document, as a security and fraud prevention measure, preventing any incident involving your personal data by unauthorized persons.

We will proceed with your request within 15 (fifteen) working days.

It’s also important for you to know that your rights are not absolute and do not always apply in all cases, but we will always do everything we can to honor your rights under applicable data protection laws. If your request is denied, we will explain the reasons why we are unable to grant it.

The CDM Group has appropriate security measures in place to protect your personal data against any incident, whether accidental or intentional destruction, improper alteration, unauthorized disclosure, improper use or access.  These measures exist in both virtual and physical environments, complying with standards of good practice and governance, as well as legal principles.

Nevertheless, it should be noted that no security system is completely immune to attacks by third parties such as hackers or crackers, so the CDM Group does not guarantee the absolute security of its databases or the complete impossibility of their interception. The CDM Group will not be held liable for damages that may arise from the leakage of Personal Data due to the violation or breach of security barriers by third parties such as hackers or crackers, provided that it demonstrates that it has done everything in its power to prevent such leakage.

Be careful not to fall victim to scams. We do not send emails, links, torpedoes, letters or any other means of communication requesting confirmation of data. If you receive any malicious emails in our name, please let us know. We suggest that you do not reply, click on links or download files.

If you have any questions about the processing of your Personal Data, you can always contact us at dpo@cdmgrupo.com.

This Notice contains the Personal Data processed in the day-to-day activities of the CDM Group. If there are any changes to our internal procedures, we will update this document so that it corresponds to the current reality of the Company.

We therefore suggest that you periodically access this Privacy Notice so that you are aware of the processing that takes place with your Personal Data.

This Privacy Notice was last updated in November 2022.

Scroll to Top
×