Privacy Policy
Privacy Policy
Last updated: September 22, 2025
Data Protection Officer (DPO) Contact: dpo@talentflix.co
1. Introduction
Talentflix Soluções Ltda (CNPJ 54.512.817/0001-78), hereinafter "Talentflix," "we," or "our," takes your privacy and data protection seriously. This Privacy Policy ("Policy") has been prepared to provide you ("Data Subject," "you") with clear and accurate information about how we process your personal data.
This document covers our data processing activities in two distinct contexts:
As Controller: When we interact directly with you through our websites, events, and marketing communications.
As Processor: When you use the Talentflix 360 Platform as a user linked to a client company.
We recommend that you carefully read this document, which complements our Terms of Use.
2. Important Definitions
To facilitate understanding, we present some key concepts from the General Data Protection Law (LGPD - Law No. 13,709/2018):
Personal Data: Any information related to an identified or identifiable natural person.
Data Subject: The natural person to whom the personal data refers.
Processing: Any operation performed with personal data (collection, use, access, storage, etc.).
Controller: The party responsible for decisions regarding the processing of personal data.
Processor: The party that processes personal data on behalf of the Controller.
Data Protection Officer (DPO): A person appointed to act as a communication channel between the Controller, data subjects, and the National Data Protection Authority (ANPD).
3. Data Processing: Talentflix as CONTROLLER (websites, events, and marketing)
We act as Controller when you visit our websites (including the domains talentflix.com.br, talentflix.co, talentflix.work, and talentflix.app), participate in our events, or communicate with us.
3.1. What data do we process, for what purpose, and under what legal basis?
Marketing and Prospecting: Data: Name, email, phone, position, company. Legal Basis: Consent (for sending communications) or Legitimate Interest (for active B2B prospecting).
Responding to Contacts and Requests: Data: Name, email, phone, message content. Legal Basis: Pre-contractual procedures or Legitimate Interest.
Processing Financial Transactions: Data: Payment information (card details, banking information). Legal Basis: Contract Performance.
Recording and Analysis of Interactions: Data: Voice and video recordings, transcriptions, call/meeting metadata. Legal Basis: Contract Performance or Consent.
Website Analysis and Improvement: Data: IP address, browser data, geolocation (city/country), pages visited, cookies. Legal Basis: Legitimate Interest or Consent (for non-essential cookies).
Security and Fraud Prevention: Data: IP address, access logs, device information. Legal Basis: Legitimate Interest or Legal Obligation.
Marketing Opt-out: You may unsubscribe at any time through the links in the emails sent or by contacting the DPO. Withdrawal of consent does not affect the lawfulness of prior processing.
3.2. Cookies and Online Identifiers (websites)
We use cookies and similar technologies to operate, measure, and improve our websites. Categories: (i) essential; (ii) functional; (iii) analytics/performance; (iv) advertising.
Legal basis: Essential cookies = legitimate interest; non-essential cookies (analytics/advertising) = consent.
Preference management: We display a banner on first access and maintain a preference panel for you to accept/review non-essential cookies at any time. In addition to our panel, you can also configure your browser to refuse cookies, although this may affect the functionality of some website features.
Withdrawal of consent: You may revoke your consent at any time through our preference panel, by adjusting your browser settings, or by contacting our DPO.
3.3. Measurement and Advertising Tools (websites)
We may use analytics and campaign measurement tools on our websites, which only operate with your consent (when applicable). Below, we detail some of the technologies that may be used:
Google AdSense: We may use Google AdSense to serve ads. Google uses the DoubleClick cookie to make advertising more relevant based on your interests and to limit the number of times an ad is shown to you. For more information, consult the official Google AdSense privacy FAQ.
Behavioral Advertising: To offset maintenance costs and fund future developments, we may serve ads. Behavioral advertising cookies anonymously track your interests to present content that may appeal to you.
Affiliate Tracking Cookies: Some of our partners may advertise on our behalf. These tracking cookies allow us to verify whether a user accessed the website through an affiliate link, enabling proper credit to these partners and the offering of any promotions.
3.4. Processing of Audio, Video, and Artificial Intelligence Data
To provide and enhance certain services, we may process audio and video information:
Processing for the Service: We record, transcribe, and process conversations, voice and video calls to maintain records, generate reports, and enable the operation of analysis tools, in accordance with the contracted service.
AI Enhancement: We may use audio, video, and transcription data, always in a previously anonymized or pseudonymized form, to train and improve our algorithms and artificial intelligence models. This processing for training purposes will only occur with your specific consent.
4. Data Processing: Talentflix as PROCESSOR (Platform)
When you use the Talentflix 360 Platform, we act as a Data Processor, processing data on behalf of and under the instructions of your company, which is the Controller.
4.1. What data do we process and for what purpose?
Account and Access Data: Name, corporate email, position, and access logs. Purpose: To enable your secure access to the platform, manage permission profiles, and comply with legal obligations for log retention.
User-Generated Content: Survey responses, assessments, feedback. Purpose: To process data to generate aggregated and anonymized reports for the Controller company.
CPF (when applicable): Used for validation and creation of a cryptographic identifier. Purpose: To ensure data integrity and response uniqueness, without exposing the CPF.
4.2. Processing of Sensitive Personal Data
Data Collected: The platform may be configured by the Client (Controller) to collect sensitive personal data, such as gender, ethnicity, sexual orientation, or disability, for purposes such as diversity and inclusion (DE&I) censuses.
Purpose and Limitation: The processing of such data by Talentflix is strictly limited to generating aggregated and anonymized statistics and reports, always respecting the k-anonymity rule (k=5).
Transparency and Optionality: Collection will always be transparent, and the option "Prefer not to say" will be available.
5. Sharing of Personal Data
We do not sell your data. Sharing occurs in a restricted manner for the following purposes:
With Sub-processors: In addition to platform providers (Google Cloud, Google Gemini/Vertex AI, Make.com, Zenvia, SERPRO), the websites may use analytics and advertising providers. We maintain a living list of sub-processors and categories on our trust page; relevant changes will be communicated.
With the Client (Controller): On the Talentflix 360 Platform, reports and analyses are made available to your company, always in an aggregated and anonymized form.
By Legal Obligation or Court Order: We may share data to comply with a legal obligation or in response to a request from competent authorities.
6. International Data Transfer
Some of our sub-processors may be located outside Brazil. In such cases, the international transfer is carried out in compliance with the LGPD, using mechanisms such as standard contractual clauses. We clarify that identifiable sensitive data is not transferred, and that advertising/analytics trackers only operate with your consent.
7. Information Security
We implement technical and organizational measures to protect your data, including encryption, access control, monitoring, and vulnerability management.
8. Data Retention
We will retain your data only for as long as necessary to fulfill the purposes for which it was collected or as required by law (e.g., access logs for 6 months, per the Brazilian Internet Framework Law).
9. Exercise of Rights (websites vs. platform)
The LGPD guarantees you various rights. To exercise them, the correct channel depends on our role:
On our websites (where we are the Controller): You may exercise your rights directly with us. Contact our DPO: dpo@talentflix.co.
On the Talentflix 360 Platform (where we are the Processor): The request must be directed to your company (the Controller), which will instruct us to fulfill your request.
10. Updates to This Policy
This Policy may be updated. The date of the latest version will always be indicated at the beginning of the document.
11. Version History
09/22/2025 (v.2): Complete revision, expanding the scope to websites and detailing data processing, cookies, sensitive data, and sub-processors.
03/31/2025 (v.1): Publication of the first version of the Privacy Policy.