top of page
LOGO SITE.png

Privacy Policy

GO2NEXT CYNET TELEINFORMATICA S.A. respects the privacy of individuals whose personal data is under its control, always acting in good faith and ensuring the ethical use of such data. In order to achieve these objectives, this Policy provides you with the guidelines and responsibilities for implementing and maintaining good governance practices in privacy and personal data protection within the company.

We kindly ask you to carefully read this Policy to understand our practices regarding the processing of Personal Data.

This Policy applies to individuals, such as customers, suppliers, or interested parties, who interact with the services provided by GO2NEXT. It outlines how you can access and update your Personal Data and exercise your rights regarding it.

For more information about the personal data processing carried out within GO2NEXT's activities, please contact the Data Protection Officer (DPO) through the channel provided at the end of this document.

  1. PURPOSES FOR WHICH WE COLLECT PERSONAL DATA

GO2NEXT processes the personal data of individuals for the following purposes, always in compliance with the legal grounds established by Law No. 13.709/18, the General Data Protection Law ("LGPD"):

  • To enable users to purchase our products and services;

  • To allow users to contact our ombudsman;

  • To send our products and services to registered users;

  • For recruitment processes, candidate selection, and maintenance of a resume database;

  • For employee admission, termination, vacation, leave, and benefits routines;

  • For internal and external training;

  • For customer and supplier registration;

  • For administrative and legal processes, as well as any preparatory or mitigating measures;

  • For the formalization and registration of corporate acts.

  1. DATA WE COLLECT AND HOW WE COLLECT IT

The collection of personal data varies depending on the individual's interaction with GO2NEXT. Below are the main categories of personal data that may be processed, along with some examples of interactions:

  • Personal information of our users: This includes any information you provide us, preferably through the electronic contact form on our website or another collection channel. The main data collected are: full name, email address, company name, landline, and mobile phone numbers.

  • Personal information of our employees and their beneficiaries: This includes the necessary information, aligned with legislation, to manage human resources and personnel processes. The main data collected include: full name, email address, company name, landline and mobile phone numbers, social security data, ID, driver’s license (CNH), family information, education, professional experience, dependents, race, gender, social security documents, medical certificates, and health conditions as required for managing human resources and occupational health. Sensitive data of employees and their beneficiaries, when necessary, will be processed in accordance with the General Data Protection Law (LGPD).

  • Personal information of clients or suppliers: This includes the necessary information for executing service contracts or purchasing goods or services. The main data collected via email include: full name of partners or administrators, financial information, email address, company name, landline, and mobile phone numbers.

  • Personal information of GO2NEXT's clients' customers: This includes the necessary information for providing services to our clients. In this case, we conduct a Data Protection Impact Assessment (DPIA) to identify the data, processing actions, and compliance with data governance best practices.

  • Personal information of children or adolescents: GO2NEXT does not generally collect personal data from children or adolescents, but if necessary for marketing campaigns or internal actions, appropriate parental consent will be obtained, in compliance with the General Data Protection Law (LGPD).

No sensitive data, as defined in Articles 11 and following of the General Data Protection Law (LGPD), will be collected from our users. As such, we do not collect data on racial or ethnic origin, religious beliefs, political opinions, union membership, health, sexual life, genetic or biometric data, when linked to a natural person.

Occasionally, other types of data not explicitly provided for in this Privacy Policy may be collected, provided that they are supplied with the user’s consent or when their collection is permitted under another legal basis.

  1. HOW LONG YOUR PERSONAL DATA IS STORED

The personal data collected by GO2NEXT is maintained in compliance with the principles of purpose, necessity, and adequacy. GO2NEXT will retain personal data:

  • For the time required by law;

  • Until the end of the personal data processing;

  • For as long as necessary to preserve the legitimate interest of the company.

The termination of personal data processing will occur in the following cases:

  • When the purpose for which the personal data was collected has been achieved and/or the personal data is no longer necessary for that purpose;

  • When the individual has the right to request the termination of processing and the deletion of their personal data, and does so;

  • When a legal obligation determines it. In such cases, the personal data will be deleted, unless required to be retained by law.

Once the storage periods expire, personal data will be removed from our databases or anonymized, except where continued storage is legally or regulatorily required.

  1. SHARING PERSONAL DATA WITH THIRD PARTIES

GO2NEXT may share personal data with regulatory agencies, public authorities, third parties, or business partners in order to facilitate the services provided by GO2NEXT or to maximize the quality and efficiency of its services and operations. Collected data may be shared with the following third parties, for the purposes described below:

  • Health plan operators and/or other benefits;

  • By request of a competent authority, to respond to or defend in investigations, legal proceedings, or to investigate, prevent, or take action regarding illegal activities, suspected fraud, or situations involving potential threats to physical safety, or as otherwise required by law;

  • Cloud database platforms that assist GO2NEXT in providing its services. In such cases, GO2NEXT conducts a thorough review of the third party's data governance and information security practices beforehand.

  1. TRANSFER OF DATA TO OTHER COUNTRIES

Although GO2NEXT operates exclusively in Brazil, some service providers, such as those hosting information in the cloud, may result in the transfer of personal data to a foreign country. In such cases, GO2NEXT conducts a thorough review of the third party's data governance and information security practices to ensure compliance with the General Data Protection Law (LGPD).

  1. DATA SUBJECTS' RIGHTS

GO2NEXT is committed to ensuring the effective protection of all rights of data subjects as provided under the General Data Protection Law (LGPD) and other applicable Brazilian laws and regulations. Specifically, data subjects have the following legal rights:

  • Confirmation of the existence of personal data processing by GO2NEXT and access to data;

  • Correction of incomplete, inaccurate, or outdated personal data under GO2NEXT's control;

  • Anonymization, blocking, or deletion of unnecessary, excessive, or illegally processed personal data, as well as the right to object to personal data processing under similar circumstances;

  • Data portability to another service provider similar to GO2NEXT, upon express request and in compliance with business confidentiality, as this right becomes regulated by public authorities;

  • Information about public and private entities with which GO2NEXT may share personal data;

  • Information on the possibility of withholding consent for personal data processing by GO2NEXT and the consequences of such refusal, as well as the right to withdraw consent at any time and request the deletion of personal data processed with such consent. These data may be retained by GO2NEXT for other lawful purposes not requiring consent or by anonymization.

For security reasons, we may request documents or additional information to verify the identity of the individual making the request to ensure that the person exercising their rights is indeed the data subject in question. This will only be done when absolutely necessary, and the requester will be informed of all relevant details.

  1. SECURITY MEASURES FOR PERSONAL DATA PROCESSING

GO2NEXT adopts technical and organizational security measures consistent with current technology and the assessed level of risk to ensure the confidentiality, integrity, availability, and resilience of its information systems, databases, physical files, and other information repositories, preventing unauthorized access and accidental or unlawful destruction, loss, alteration, communication, or dissemination of personal data. Risks and measures will be documented in policies and other normative documents, which must be periodically reviewed and updated.

GO2NEXT maintains a security incident response plan to ensure prompt assessment, interruption, remediation, and mitigation of any potential damages. Records of security incidents will be kept, identifying the categories and data subjects potentially affected, allowing immediate communication to the relevant authorities and individuals.

  1. PROCEDURES IN CASE OF PERSONAL DATA BREACHES

Any personal data breach or the potential for such a breach must be promptly reported to the Data Protection Officer (DPO), who will analyze the situation and take immediate preventive and corrective measures to ensure data security.

In case of a security incident that may pose significant risk or harm to data subjects, GO2NEXT will take all legal measures and inform the data subjects accordingly.

  1. CHANGES TO THIS POLICY

This version of the Privacy Policy was last updated on 01/01/2024.

GO2NEXT reserves the right to modify this Privacy Policy at any time by publishing the updated version on our website. In the event of significant changes, the data subject will be notified.

  1. DATA SUBJECT CONTACT AND ANPD

To clarify any questions about this Privacy Policy or the personal data we process, please contact our Data Protection Officer (DPO) through one of the channels listed below:

  • Data Protection Officer: Roney Gregorio.

  • Email: marketing@go2next.com.br

  • Phone: +55 11 5051-3200

  • Mailing address: Rua Dr. Luiz Migliano, 1986 – Cj 2402 – Morumbi – São Paulo – SP – 05711-001

bottom of page