KIPON. WAITING LIST. SIGN IN.

Privacy Policy

PRIVACY NOTICE

Trust is a fundamental pillar of our relationship, which is why we reaffirm our commitment to transparency and to safeguarding each individual's privacy and personal data. Therefore, a Kipon Desenvolvimento de Tecnologia para Gestão de Pessoas Ltda. (“KIPON”), limited liability company registered with CNPJ under n° 52.435.003/0001-51, headquartered at Ana Hermelinda Diniz, nº 64, room A, Centro, Carvalhos/ MG CEP 37.456-000, hereby informs you, the personal data subject, about our processing activities. 

What is a privacy notice?

A Privacy Notice is a document through which a data controller provides the data subject with the necessary information regarding the processing of their personal data. This enables the data subject to manage the use of their data and to exercise the rights that have been guaranteed by General Data Protection Regulation (GDPR).

What is KIPON’s qualifications as a processing agent?

KIPON acts as a data controller, handling personal data in order to make the product available to its users and ensure the operation of its business. Therefore, KIPON is responsible for making decisions regarding the most relevant aspects of the processing activities, which will be detailed further on, including purposes, means, personal data processed, and duration of processing.

However, in certain situations, KIPON may act as a data processor. In these cases, KIPON operates according to the instructions and limits set by another data controller, who is responsible for ensuring compliance with the rights provided under the GDPR and fulfilling other legal obligations.

  1. REPRESENTATIVE

KIPON has designated Karla Ribeiro Silva karla@kipon.io or privacy@kipon.io, as its representative in the European Union to act on its behalf and ensure compliance with legal obligations related to the processing of personal data, in accordance to Art. 27 GDPR. 

The representative is a natural or legal person established in the European Union, responsible for acting as a point of contact for supervisory authorities and data subjects, particularly on matters related to the processing of personal data and GDPR compliance.

For any questions or requests regarding the processing of your personal data, you can contact the representative directly via the following channel: privacy@kipon.io.

  1. HOW WILL WE USE YOUR DATA (WHAT DATA; PURPOSE AND LAWFULL BASIS)

KIPON understands that you need to be informed about the use of your personal data. Therefore, in this section, you will find additional information about the main processing activities involving your personal data. After reading, if you have any questions, please contact the Data Protection Officer (Seccion 6).

PROCESSING ACTIVITIES RELATED TO THE USE OF THE KIPON PLATFORM BY THE USERPROCESSING PURPOSE AND LAWFUL BASISWHAT DATA DO WE COLLECT?CATEGORIESCreation of a user in Kipon.Purpose: Creation of a user in Kipon.Lawful basis: Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contractFirst name, last name, UD - unique identifier, photo, email, company.Member user (client collaborator) and Admin (client collaborator).Nurturing users with new information: identifying new skills. Purpose: Providing visibility of users' skills.Lawful basis: Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contractProfessional skills, personal skills, or any other user competencies (skills).Member user (client collaborator) and Admin (client collaborator).Sending notifications to users.Purpose: Communicate with users through the registered email.Lawful basis: Legitimate interests pursued by the controller or by a third partyJustification: There is an interest in keeping the product up-to-date, aligned with the business purpose, to provide a quality user experience.Email and professional skills, personal skills, or any other user competencies (skills).
Member user (client collaborator) and Admin (client collaborator).Bond featurePurpose: Facilitate connections between users to help each other acquire skills, promoting private interactions and feedback.Lawful basis: Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contractFirst name, last name, email, company, and professional skills, personal skills, or any other user competencies (skills).
Member user (client collaborator) and Admin (client collaborator).Visualization of Skills.Purpose: Enable the viewing of users' skills within a team/company in order to improve people management.Lawful basis: Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contractFirst name, last name, email, company, and professional skills, personal skills, or any other user competencies (skills).
Member user (client collaborator) and Admin (client collaborator).Admin user.Purpose: Allow management of users within the company.Lawful basis: Legitimate interests pursued by the controller or by a third party
usua
Justification: It is necessary for the company's operation to have an administrator user who manages user accounts, identifies inactive assets, and performs other related tasks.First name, last name, email, company, and professional skills, personal skills, or any other user competencies (skills).Admin user
OTHER PROCESSING ACTIVITIES CARRIED OUT BY KIPONPROCESSINGPURPOSE AND LAWFUL BASISWHAT DATA DO WE COLLECT?CATEGORIESRecruitment of collaboratorsPurpose: Recruitment of collaboratorsLawful basis: Legitimate interests pursued by the controller or by a third partyJustification: The interest consists of the need to analyze the candidate and their skills to be recruited into the companyName, experience, professional background, relevant skills, location, GitHub (username, summary, repository, projects, and contributions), feedback on the candidate (differentiators, expertise, and whether the candidate will move to the next phase)CandidateWaiting listPurpose: Possible prospecting. Potential customers access KIPON's website by filling out a form to join the waiting list for using the product.Lawful basis: Legitimate interests pursued by the controller or by a third partyJustification: The interest consists of attracting potential customers who signed up on the waiting list to use its product.Name and email.Company representativeProspecting managementPurpose: Potential customers can contact KIPON in the following ways: (i) referral; (ii) leads at events; and (iii) proactively. After contact is made, some registration data may be processed.Lawful basis: Legitimate interests pursued by the controller or by a third partyJustification: The interest consists of engaging potential customers who have shown interest in using its product, in one of the situations listed.Name, email, and phone number.Company representativesSign contracts with suppliersPurpose: For entering into contracts with suppliers, it is necessary to use the legal representative's qualification. Contracts are signed via the Gov.br platform.Lawful basis: Legitimate interests pursued by the controller or by a third partyJustification: The interest consists of celebrating a binding instrument.Name, marital status, CPF (Brazilian individual taxpayer registry), address, job description, and CNPJ (company registration number) of the associated company.Legal representative of individual supplier or suppliersProfile of the customer attending the eventPurpose: At events, KIPON provides a computer for company representatives to access and learn about its platform and the skills mapping offered. If the representative is interested, they can sign up by providing their name and email so the company can reach out. This data is collected through a Google Forms form. The business team extracts the list of interested parties, selects potential customers, and stores the spreadsheet on Google Drive, where it is shared with the business team for communication.Lawful basis: Legitimate interests pursued by the controller or by a third party.Justification:  The interest consists of engaging potential customers who have shown interest in using its product.
Name and email.Company representative

  1. HOW WE COLLECT YOUR DATA?

KIPON may collect your data in one of the following ways:

  • Directly from the data subject: Most of the personal data processed by KIPON is obtained through the provision by the data subject themselves.

  • Through Google SSO: Only in the user creation activity, data is obtained through Google SSO, which will provide the domain and email of the data subject. 

  • For Suppliers: The personal data of representatives of supplier companies will be obtained from the company itself.

    PROFILING

To provide KIPONS’s product, we need to process personal data in a way that involves profilling. In the interest of transparency, we will explain below how the product works and how profiling may be applied.

KIPON’s product aims to share, develop, and enhance the skills of its users. Through the platform, users can add competencies to their profile by manually entering their specific skills or through personalized suggestions. These recommendations are made based on the user's profile information, ensuring relevant and development-aligned suggestions.

The teams formed on the platform can view the skills of their members, making it easier to understand each individual's competencies. The more users adopt the platform, the greater the value generated for everyone, as profiles become increasingly complete and accurate, contributing to a richer experience.

In addition to skills, users have the option to write a biography of up to five lines, where they can describe their experiences and interests, providing a more comprehensive view of their profile.

The platform also allows connections between users who are interested in helping each other acquire new skills. These users can establish a "Bond" relationship, where they interact through conversations and comments, visible only to the participants in the bond. This dynamic enables one user to take on the role of leader and another as a follower, fostering a collaborative environment.

Thus, it is clear that the profilling in Kipon is entirely focused on providing the best experience for the user, being an intrinsic operation of the product itself. The profilling does not produce legal effects on the data subject nor result in negative effects.

  1. DATA SHARING

KIPON may share your personal data whenever necessary to deliver its services, aiming to provide the best user experience. This sharing generally occurs with service providers, suppliers, and partners, who are required to adopt all procedures that ensure compliance with legislation as well as the privacy and protection of your data.

  1. SECURITY MEASURES

The security of your personal data is a priority for KIPON. To mitigate risks and preserve the integrity, availability, and confidentiality of data, particularly against unauthorized access and incidents that could result in loss, alteration, destruction, or disclosure of data processed by the company, certain security measures are implemented, including:

  • Access control to databases;;

  • Two-factor authentication;

  • Encryption;

  • Data loss prevention control;s;

  • Trust rules and AI-based classification; and

  • Contextual access for applications.

Additionally, KIPON understands the essential role of the human element in building a culture of privacy protection within the company. Therefore, it directs efforts to ensure employee awareness of the importance of privacy and data protection, as well as adherence to policies, procedures, and technical and administrative measures toward this goal.    

  1. WHAT ARE YOUR DATA PROTECTION RIGHTS?

In order to maintain our relationship based on trust and transparency, we present below a list of all the rights you have regarding your personal data. If you have any questions or needs, we are available to provide support through our Data Protection Officer.

  • Right to access personal data processed by KIPON, as well as information about the processing, in accordance with Articles 15 of the GDPR;  


  • Right to rectification: right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her; 

  • Right to withdraw consent for the processing of personal data, except in situations provided for by the GDPR;


  • Right to erasure: right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  2. Consent’s withdraw according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

  3. Exercise of the right to object and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

  4. The personal data have been unlawfully processed;

  5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which KIPON is subject;

  6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1);  

The right to erasure not apply when processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation required by Union or Member State law applicable to the KIPON; or for the establishment, exercise, or defense of legal claims.

  • The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  1. The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

  2. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  3. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

  4. The data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject. 

  5. Right to data portability: right to receive the personal data concerning him or her, which he or she has provided to KIPON, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the KIPON to which the personal data have been provided, where:

  1. The processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

  2. The processing is carried out by automated means.


  3. Right to Object: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. KIPON will maintain the processing when compelling legitimate grounds for the processing are demonstrated, which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.


  4. Automated individual decision-making, including profiling: The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. 

As an exception, the right shall not apply if the decision:

  1. It’s necessary for entering into, or performance of, a contract between the data subject and KIPON;

  2. It’s authorised by Union or Member State law to which KIPON is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

  3. It’s based on the data subject’s explicit consent.

  4. Right to lodge a complaint: in accordance with Article 77, a data subject has the right to lodge a complaint with a supervisory authority. 

  5. Right to be informed whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and the possible consequences of failure to provide such data, in accordance to Art 13.2(e) GDPR.


  6. HOW TO EXERCISE YOUR RIGHTS

DPO

The Data Protection Officer (DPO) acts as an intermediary between the controller, the data subjects, and the supervisory authority. Their role involves activities aimed at promoting the company's compliance with the GDPR. The DPO is responsible for receiving requests, complaints, and inquiries from data subjects.

To fulfill these duties, KIPON has designated Ms. Karla Ribeiro as the DPO. Therefore, data subjects may reach out to the DPO through the following communication channel for any requests: privacy@kipon.io.

Please, remember: It is our duty to ensure that our users can fully exercise their rights. Generally, the privacy team has up to 1 month to respond to requests from the date of receipt. This period may be extended by an additional two months if necessary, considering the complexity and volume of requests. Data subjects need not worry, as they will be duly informed of any deadline extension and the relevant justification.

  1. CRITERIA USED TO DETERMINE THE RETENTION PERIOD OF THE DATA

Since your personal data is essential for KIPON to carry out its activities and provide the best product to users, data retention periods vary according to the data processing operation. Generally, data will be kept for the duration of the contract signed with the customer to whom the user is linked. Additionally, data will be retained to support KIPON's defense in legal claims.

The retention period for data related to other processing operations, such as recruitment, waiting lists, and other administrative activities, is determined based on the need to meet legal and contractual requirements or to support the defense of legal claims.

RELEASE NOTES | PRIVACY POLICY | TERMS OF USE | CONTACT US