1. Who we are

Weplace is a consulting firm specialized in developing human capital solutions focused on Corporate Governance, Management, People, and Organizational Culture. Our mission is to offer leaders and companies human capital solutions that provide a critical and complementary perspective on the most challenging leadership topics. We focus on consulting in Strategy, Organization, and Human Capital, with the purpose of helping companies and individuals position themselves in a differentiated and competitive way in the market.

2. Purpose of this document

The Privacy Policy described here aims to demonstrate how your Personal Data is processed by Weplace, reinforcing our commitment to important values such as good relationships and transparency with Users, in line with the provisions of the General Data Protection Law (Law N. 13.709/18 – LGPD).

3. Definitions

a) “Weplace”: represents Weplace Consultoria em Recursos Humanos LTDA., the company responsible for managing the Platform https://weplace.com.br;

b) “Platform”: represents the Weplace website: https://weplace.com.br;

c) “Services”: refers to specialized consulting services in human resources and leadership development provided by Weplace;

d) “User”: any person who uses the Weplace Platform, whether simply browsing, having acquired Weplace’s Services or not;

e) “LGPD”: means the “General Data Protection Law,” Law N. 13.709/2018;

f) “Personal Data”: any information related to a natural person that identifies them or that, when used in combination with other processed information, identifies an individual. Also, any information through which a natural person’s identification or contact details are possible;

g) “Sensitive Personal Data”: Personal Data related to racial or ethnic origin, religious belief, political opinion, membership in a trade union or organization of a religious, philosophical, or political nature, data concerning health or sex life, genetic or biometric data when linked to a natural person;

h) “Anonymized Data”: data related to a Data Subject that cannot be identified, considering the use of reasonable and available technical means at the time of Processing;

i) “Anonymization”: the use of reasonable and available technical means through which data loses the possibility of being directly or indirectly associated with an individual;

j) “Data Subject”: the natural person to whom the Personal Data being processed refers;

k) “Processing of Personal Data”: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction of data of natural persons;

l) “Controller”: the natural or legal person, public or private, responsible for making decisions regarding the Processing of Personal Data;

m) “Purpose”: the objective sought by Weplace through the Processing of Personal Data; and

n) “Consent”: a free, informed, and unequivocal authorization by which the User agrees to the Processing of their Personal Data for a previously established Purpose.

4. Who does this Privacy Policy apply to?

This Privacy Policy applies to everyone who uses the Weplace Platform or contracts Weplace’s Services, as well as to anyone whose Personal Data is processed by us in any way. The use of the Platform and Weplace’s Services implies acceptance of this Privacy Policy.

5. Processing of Personal Data

Source of data: Weplace collects information provided by Users themselves when contacting us via the email: [email protected].

Data processed: Information you provide as a Platform User.

Automatically collected information: Weplace collects and stores information whenever a User interacts with the Platform. Examples include the use of session, persistent, and tracking cookies.

Furthermore, to provide Executive Search, Assessment, and Leadership Project services, among others, Weplace processes Personal Data that generally includes information contained in a standard professional résumé, such as name, address, phone number, email, professional history, qualifications, degrees, languages, and other skills. Information may also include age, nationality, compensation details, record of contact history between parties, and third-party comments, among others.

It is important to clarify that, to enable diverse and inclusive hiring, Sensitive Personal Data may be processed. However, this Processing is not mandatory and can be interrupted at any time by revoking the Data Subject’s Consent.

In summary, the Data processed by Weplace originates from information obtained directly from executives and candidates, publicly available sources, and third parties.

Depending on the progress of a candidacy, the Data Subject’s Personal Data may be verified regarding academic and professional qualifications, skills and credentials, job performance, and reference checks. Weplace understands the sensitive nature of this process and will not contact current or previous employers unless the reference is indicated by the Data Subject.

6. Purpose of Processing and Legal Basis

To provide Executive Search services:
Art. 7, I or Art. 11, I of the LGPD – Data Subject’s Consent.

To provide Assessment and Leadership Project services:
Art. 7, V of the LGPD – performance of the contract between Weplace and the User.

To maintain résumés in the Talent Bank:
Art. 7, I of the LGPD – Data Subject’s Consent.
Art. 11, I of the LGPD – Data Subject’s Consent when Sensitive Personal Data is processed.

To provide contracted Services, perform billing and invoicing:
Art. 7, V of the LGPD – execution of the contract between Weplace and the User.

To respond to requests, fulfill inquiries, and provide technical support:
Art. 7, V of the LGPD – execution of the contract between Weplace and the User or Data Subject.

For business purposes such as analysis and business management, market research for product development, Platform enhancement, and Service improvement:
Art. 7, IX of the LGPD – Weplace’s legitimate interest.

For advertising purposes – targeted or otherwise – via newsletter, email marketing, banners, cookies, or other methods:
Art. 7, IX of the LGPD – Weplace’s legitimate interest. If the Data Subject does not wish to receive this type of content, they may inform us, and the sending will be discontinued.

For data backup and database management:
Art. 7, IX of the LGPD – Weplace’s legitimate interest.

To protect rights, privacy, security, property, and operations, through cloud storage, antivirus, and firewall tools:
Art. 7, IX of the LGPD – Weplace’s legitimate interest.

In general, the Processing of Personal Data by Weplace will be based on legal or regulatory obligations, contract execution, regular exercise of rights, legitimate interest, or consent, according to Articles 7 and 11 of the LGPD. Processing will always rely on a valid legal basis, even if not explicitly listed above.

7. Rights of Data Subjects

Data Subjects have the right to request information from Weplace regarding the Processing of their Personal Data, through the following requests:

I. Confirmation of Processing – Data Subjects may contact Weplace to confirm whether any of their Personal Data is being processed.

II. Access to data – Data Subjects have the right to request access to their Personal Data processed by Weplace.

III. Correction of incomplete, inaccurate, or outdated data – Data Subjects may request correction of their Personal Data at any time if it is incorrect, inaccurate, or outdated (e.g., name update, phone number, or address change). It is the Data Subject’s responsibility to keep Weplace informed of any necessary updates.

IV. Anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD – The Data Subject may request blocking or deletion of their Personal Data, except when retention is mandatory or legally permitted. Once data is anonymized, it is no longer considered Personal Data and falls outside the LGPD’s scope.

V. Deletion of Personal Data processed based on Consent – Personal Data will be deleted after the Purpose is achieved, except when:
a) required by legal or regulatory obligations;
b) transferred to a third party, provided legal processing requirements are met; or
c) used exclusively by Weplace, with third-party access prohibited, and provided the data is anonymized.

VI. Information about public and private entities with which Weplace shared data – The Data Subject may request details about data sharing with such entities.

VII. Information about the option to withhold Consent and its consequences – Weplace is available to transparently clarify any doubts regarding Processing, including the implications of not granting Consent.

VIII. Revocation of Consent – Consent granted by Data Subjects may be revoked at any time through a written and free request to Weplace when Consent is the legal basis for Processing.

If the Data Subject wishes to exercise any of these rights, they must contact Weplace using the contact details provided in this Privacy Policy. Weplace will make every effort to take the necessary measures within the timeframes set by the LGPD and other relevant regulations.

8. International Data Transfers

Personal data collected by Weplace may be transferred outside Brazil due to Services and functionalities using technological infrastructure based abroad, such as hosting servers and cloud services, or to serve foreign clients. In such cases, we ensure that the destination countries provide data protection levels adequate to Brazilian law.

9. Cookie Policy

Cookies are digital files stored on the device used to access Weplace’s Platform. We use cookies to improve your browsing experience, identify preferences, and track Platform usage (e.g., screen positions where you clicked, buttons pressed, etc.) for statistical purposes and to improve our Services and personalize future access.

The cookies used on our site serve the following purposes:

a) Essential cookies: necessary for the website to function efficiently, allowing network management, security, and accessibility.

b) Performance cookies: help Weplace understand how Users interact with the site, providing data on visited areas, visit duration, and possible errors, supporting performance improvement.

c) Functionality cookies: collect information to enable technical and statistical analysis, improve usability, and ensure proper Platform functioning.

d) Advertising cookies: used to deliver more relevant content through targeted advertising.

Users may disable some or all cookies, usually through the “options” or “preferences” menu in their browser. Note that disabling cookies may affect Platform performance.

10. Data Sharing with Third Parties

Weplace may share Users’ Personal Data for administrative purposes, adopting all necessary security measures to provide or improve our Services. This information may be confidentially shared with:
(a) clients who must also process information for the Purposes described in this Privacy Policy; and
(b) service providers, to the extent necessary to perform work directed by Weplace, such as security, internet hosting, and administrative services.

Additionally, we may share Personal Data when required to comply with applicable law or upon request from public or governmental authorities.

The Platform may contain links to third-party websites and platforms, each governed by its own Terms of Use and Privacy Policy. Therefore, upon leaving our Platform, the User should read each respective document.

11. Data Security and Confidentiality Measures

Weplace is committed to maintaining the confidentiality, integrity, and security of all information provided by or related to the User.

All processed data is stored in a computing environment or on third-party cloud servers, with access restricted to employees, partners, advisors, and representatives who genuinely need it, always under confidentiality, continuous monitoring, and regular backups.

Although we adopt strict security measures, it is important to remember that no system is completely immune to threats. Therefore, it is essential that you also adopt good security practices regarding your Personal Data.

12. Data Retention and Disposal

Personal Data processed by Weplace is stored in Weplace’s database, protected and accessible only to authorized employees, for as long as the contract remains valid (Art. 7, V of the LGPD).

Once the contract ends, Personal Data, including third-party data, will be stored according to Brazilian statute of limitations, unless Processing is based on Consent, which may be revoked at any time. If there is legitimate interest justifying retention, an opt-out option will be offered.

After the limitation period, Personal Data processed by Weplace will be deleted, except in cases covered by Art. 16 of the LGPD:
(a) compliance with legal or regulatory obligations;
(b) research by public entities, ensuring anonymization whenever possible;
(c) transfer to third parties, provided legal requirements are met; or
(d) exclusive use by the Controller, without third-party access, provided the data is anonymized.

13. Changes to the Privacy Policy

Weplace may modify, amend, or replace this Privacy Policy at any time. The date of the latest version can be found in section 15 of this Policy, and updated versions will be published on the Platform, which should be checked regularly.

14. Communication Channel

If the Data Subject has any questions about Personal Data Processing or wishes to clarify any matter related to this document, they may contact Weplace through the following channel: [email protected].

15. Date of Amendment

Weplace Consultoria em Recursos Humanos
Avenida Pedroso de Morais, 1553, Suite 82, Alto de Pinheiros
São Paulo, SP, 05419-001, +55 11 3030-7030