This site is maintained and operated by Solu Tecnologia e Dados LTDA. (“We”). We collect and use some personal data belonging to those who use our site. In doing so, we act as the controller of such data and are subject to the provisions of Brazilian Federal Law No. 13,709/2018 (the General Personal Data Protection Law, or “LGPD”).
To ensure the responsible use and protection of your personal data, we make this PRIVACY POLICY available, containing important information about:
- Who should use our site;
- What data we collect and what we do with it;
- Your rights regarding your personal data; and
- How to contact us.
1. Who should use our site
Our site should only be used by individuals over eighteen years old (“Users”). Accordingly, children and adolescents must not use it.
2. Data we collect and reasons for collection
Our site collects and uses some personal data from our Users, in accordance with the provisions of this section:
2.1 Personal data expressly provided by Users
We collect the following personal data that our Users expressly and voluntarily provide when using our site:
- Name;
- Phone number;
- Email;
- CPF (Brazilian tax ID);
- Professional history and/or Curriculum Vitæ (“CV”);
- Compensation and/or salary expectations.
This data is collected when the user voluntarily registers through any type of form on our sites. The data provided by our Users is collected for the following purposes:
- So that we can identify opportunities aligned with their skills and include them in screenings for appropriate hiring processes;
- So that we (or our partners) may contact them when such opportunities arise;
- To avoid duplicated data or people attempting to impersonate you.
2.2 Sensitive data
No sensitive data will be collected from our Users, as defined in articles 11 and following of the Personal Data Protection Law.
2.3 Sensitive data not expressly provided
Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided they are supplied with the User's consent or that collection is permitted under another legal basis provided by law. In any case, the data collection and the processing activities arising from it will be communicated to the site's Users.
2.4 Personal-data collection through Artificial Intelligence
We use artificial intelligence (AI) to process the personal data of our Users, through a conversation with our AI that generates a report for recruiters containing information such as name, role, current company, salary, and other data relevant to hiring processes.
When using AI, we seek to ensure the security and protection of Users' personal data, observing the principles of transparency, purpose, adequacy, necessity, free access, data quality, security, prevention of harm, non-discrimination, and accountability, as required by the General Personal Data Protection Law (LGPD).
Data processed by AI is used exclusively for the specific purposes described in this Privacy Policy, such as including Users in screenings for suitable hiring processes and contacting them when opportunities arise.
We emphasize that the use of AI does not dispense with human review throughout the recruitment and selection process, which is essential to ensure the accuracy and quality of decisions based on the data collected and processed by the AI. In compliance with art. 20 of the LGPD, the data subject has the right to request review of decisions taken solely based on automated processing of personal data that affect their interests, including decisions defining their personal or professional profile or suitability for hiring processes. To exercise this right, the data subject may contact our DPO through the channels indicated in Section 10 of this Policy, and we commit to responding to the request within 15 (fifteen) days, clarifying the criteria and procedures used.
This document may be updated to reflect any changes in the practices of processing personal data through AI, always in compliance with applicable legislation and respecting Users' rights over their personal data.
If you have any questions or concerns about the processing of your personal data by the AI, please contact us through the channels indicated in this Privacy Policy (juridico@getsolu.ai).
2.5 Background Check
Due to the nature of our recruitment and selection activities, we may conduct or coordinate checks of candidates' personal and professional background (“Background Check”). For Solu, the processing arising from such checks is based on the controller's legitimate interest (art. 7, item IX, of the LGPD), as it constitutes an essential activity for the provision of the recruitment service and is expected by the candidate in the context of the hiring process; and, for the contracting partner companies, on the execution of preliminary procedures to the employment contract to which the candidate is an interested party (art. 7, item V, of the LGPD).
The checks may cover the following categories of data and information: (i) criminal and civil background, through consultation of public databases; (ii) verification of professional and academic references with third parties indicated by the candidate or identified from their professional history; (iii) consultation of credit-default records with credit-protection agencies, when the role to be performed justifies such verification on duly substantiated grounds of necessity and proportionality; and (iv) confirmation of résumé data, including academic background and employment history.
In observance of the transparency principle set forth in art. 6, item VI, of the LGPD, the candidate will be previously informed, in a clear and accessible manner, about the Background Check, the categories of data that will be verified, and the sources that will be consulted — including previous employers, educational institutions, and public databases. This obligation of prior information arises directly from the duty of transparency that falls upon the controller and is not conditioned on the data subject's consent, given the different legal basis that underlies the processing.
The results of the checks will be shared exclusively with the contracting partner companies involved in the respective hiring process, within the limits of the purpose that justified the processing and in observance of the necessity principle, with use for purposes incompatible with the recruitment that originated them being prohibited, as detailed in Section 3 of this Policy.
3. Sharing personal data with third parties
Some of the personal data mentioned (such as professional history and/or CV, compensation and/or salary expectations, and contact information such as phone number and email) may be shared by Us with third parties, more specifically with partner companies that are conducting or about to conduct hiring processes.
The results of the background checks carried out within the scope of the Background Check (as per Section 2.5) may also be shared with the contracting partner companies involved in the respective hiring process, based on Solu's legitimate interest (art. 7, IX) and on the execution of preliminary procedures to the contract in favor of the contracting company (art. 7, V), with sharing for different or incompatible purposes than the hiring process that originated the processing being prohibited.
The availability of information will be controlled by Us and will follow the “need-to-know basis” principle with respect to Our actions. No third party, whether person or entity, will have free access to information that is not pertinent to its commercial relationship with Us at that particular moment.
We will share this data in order to inform the responsible recruiters about the User's skills and career stage, so that they can assess their compatibility with the hiring process(es) they are conducting or about to conduct.
In addition to the situations described here, data may be shared with third parties to comply with any legal or regulatory determination, or to comply with any order issued by a public authority.
In any case, the sharing of personal data will observe all applicable laws and rules, always seeking to ensure the security of our Users' data, in accordance with the technical standards used in the market.
3.1 International transfer of data
Due to the use of cloud-computing services and information-technology tools from international providers, personal data may be transferred to countries or international organizations outside the national territory. In such cases, we will ensure that such transfers observe the requirements set forth in arts. 33 to 36 of the LGPD, adopting appropriate safeguards, such as the execution of standard contractual clauses, or by previously verifying that the destination country or organization provides a level of personal-data protection equivalent to that established in Brazilian legislation, according to criteria established by the Brazilian National Data Protection Authority (ANPD). The User may request information about international transfers through the contact channels indicated in Section 10 of this Policy.
4. How long your personal data will be stored
Personal data collected by the site is stored and used for a period of time corresponding to that necessary to achieve the purposes listed in this document and that takes into account the rights of its subjects, the rights of the site controller, and applicable legal or regulatory provisions.
Once the storage periods of personal data have expired, the data is removed from our databases or anonymized, except in cases where there is the possibility or necessity of storage by virtue of a legal or regulatory provision.
As general guidance on the retention periods applied: (i) data collected for active-recruitment purposes will be kept for 24 (twenty-four) months, renewable upon new consent from the data subject; (ii) data of candidates effectively hired by partner companies will be transferred to the respective contracting controller and subject to its retention policy; (iii) background check results will be deleted or anonymized within 90 (ninety) days after the conclusion of the corresponding hiring process, unless required otherwise by law; and (iv) data kept for compliance with legal obligations will be retained for the periods set forth in the specific applicable legislation, including applicable limitation periods.
5. Legal bases for processing personal data
Each personal-data processing operation must have a legal basis — that is, a justification authorizing it, as provided in the General Personal Data Protection Law.
All Our personal-data processing activities have a legal basis underpinning them, from among those permitted by legislation.
The main legal bases we use are: (i) the data subject's consent (art. 7, I), applicable to the voluntary registration on the site and to the use of the Sol AI for generating profile reports, as well as for sending marketing communications when expressly authorized by the candidate; (ii) the controller's legitimate interest (art. 7, IX), applicable to screening activities, forwarding candidates, operational communications of the hiring process, and conducting the Background Check by Solu, which constitute the company's core activity and are expected by the candidate in the context in which the data was provided; (iii) the execution of preliminary procedures to a contract to which the data subject is a party (art. 7, V), applicable to the conduct of ongoing hiring processes and to the Background Check carried out in favor of the contracting partner companies, as a pre-contractual stage required by the employer; and (iv) compliance with a legal or regulatory obligation (art. 7, II), when the retention or sharing of data is required by specific legislation or by order of a competent authority.
More information about the legal bases we use for specific personal-data processing operations can be obtained through our contact channels, indicated at the end of this Policy.
6. User rights
The site's User has the following rights over their data, granted by the Personal Data Protection Law:
- Confirmation of the existence of processing;
- Access to the data;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the law;
- Data portability to another service or product provider, upon express request, in accordance with the regulation of the national authority, observing trade and industrial secrets;
- Deletion of personal data processed with the data subject's consent, except in cases provided for by law;
- Information about the public and private entities with which the controller has shared data;
- Information about the possibility of not providing consent and about the consequences of refusal;
- Withdrawal of consent.
It is important to highlight that, under the LGPD, there is no right to deletion of data processed on legal bases other than consent, unless the data is unnecessary, excessive, or processed in non-compliance with the provisions of the law.
6.1 How the data subject can exercise their rights
Data subjects whose personal data is processed by us may exercise their rights by sending a message to our Data Protection Officer (“DPO”), by email or correspondence. The information required for this is in the section “HOW TO CONTACT US” of this PRIVACY POLICY.
To ensure that the User intending to exercise their rights is, in fact, the holder of the personal data subject to the request, we may request documents or other information that may assist in their correct identification, in order to safeguard our rights and the rights of third parties. This, however, will only be done if absolutely necessary, and the requester will receive all related information.
In compliance with the LGPD, data subjects' requests will be answered within up to 15 (fifteen) calendar days from the date of receipt by Solu.
6.2 Communication with candidates
All candidates who participate in interviews with Sol, our virtual recruiter, will have their emails automatically added to our communication base. This measure aims to keep them informed about platform updates, system improvements, news, and promotions.
This practice is aligned with our Privacy Policy, ensuring transparency and respect for our users' data. Users may unsubscribe from the message list directly via email, using the “Unsubscribe” button in the email itself.
7. Security measures in personal-data processing
We employ technical and organizational measures suitable to protect personal data from unauthorized access and from situations of destruction, loss, misplacement, or alteration of such data.
The measures we use take into account the nature of the data, the context and purpose of the processing, the risks that a possible violation would generate for the rights and freedoms of the User, and the standards currently used in the market by companies similar to ours.
Among the security measures we adopt, we highlight the following:
- Password storage using cryptographic hashes;
- Restrictions on access to databases.
In addition to the measures above, we adopt the following complementary safeguards: role-based access control and least-privilege principle, so that each employee accesses only the personal data strictly necessary for the performance of their activities; logging of access and audit records over operations carried out on personal data; use of secure connections (TLS/SSL) for transmission of data between systems; and a continuous program of training and awareness in information security and personal-data protection for all employees who handle Users' personal data.
Even though we adopt everything within our reach to avoid security incidents, an issue caused exclusively by a third party may occur — such as in the case of attacks by hackers, crackers, or even in the case of exclusive fault of the User, which occurs, for example, when they themselves transfer their data to third parties. Thus, although we are generally responsible for the personal data we process, we disclaim responsibility if an exceptional situation such as those occurs, over which we have no type of control.
In any case, should any type of security incident occur that may generate relevant risk or harm to any of our Users, we will notify those affected and the National Data Protection Authority about the occurrence, in compliance with the provisions of the General Personal Data Protection Law.
8. Complaint to a supervisory authority
Without prejudice to any other administrative or judicial recourse, data subjects who feel, in any way, harmed may file a complaint with the National Data Protection Authority.
9. Changes to this Policy
The present version of our PRIVACY POLICY was updated on: November 7, 2023.
We reserve the right to modify these terms at any time, especially to adapt them to any changes made to our site, whether through the availability of new functionalities or through the removal or modification of existing ones.
Whenever there is a change, our Users will be notified of the modification.
10. How to contact us
To clarify any questions about this Privacy Policy or about the personal data we process, contact our Data Protection Officer (“DPO”) through one of the channels below:
- Legal email: juridico@getsolu.ai
- Postal address: Virtual office
- DPO name: Gabriel Appel
