Privacy Policy

Data Controller and Owner

Uliving Brasil Hospedagem Estudantil LTDA

Owner contact email: [email protected]

Types of Data collected

Among the types of Personal Data that this Website collects, by itself or through third parties, there are:

• first name
• last name
• date of birth
• phone number
• email address
• Usage Data
• Trackers
• number of Users
• session statistics
• device information
• Data communicated while using the Service
• answers to questions
• clicks
• keypress events
• motion sensor events
• mouse movements
• scroll position
• touch events
• address
• contact details
• browsing history
• page views

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.

Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.

Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Any use of Cookies – or of other tracking tools – by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.

Users are responsible for any third-party Personal Data obtained, published or shared through this Service (this Website).

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

International transfers

When we transfer data to providers located abroad (for example, USA), we adopt contractual and technical safeguards compatible with LGPD (art. 33 and following), such as appropriate contractual clauses, access controls, encryption and transfer assessments, seeking to ensure an adequate level of protection.

Retention time

Unless specified otherwise in this document, Personal Data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on the Users' consent.

Specific retention periods:

• Contracts, billing documents and receipts: 2 years after the end of the contractual relationship, or longer when required by law.
• CCTV images and physical access logs: 30 to 90 days, unless preservation is needed for investigation or dispute.
• Unconverted leads (commercial contacts via website): 1 year from the last useful contact.
• Technical and application security records (logs): 6 to 12 months, according to security and audit needs.
• Resumes and selection processes: 6 to 12 months.

Note: Once the purpose is fulfilled or the period has elapsed, we delete or anonymize the data, except for legal, regulatory obligations or the regular exercise of rights.

The purposes of processing

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following:

• Contacting the User
• Analytics
• Tag Management
• Displaying content from external platforms
• SPAM and bots protection
• Advertising
• Remarketing and behavioral targeting
• Traffic optimization and distribution
• Managing contacts and sending messages
• Infrastructure monitoring

Legal Bases (LGPD)

Sharing with third parties

We share personal data with categories of third parties necessary for the provision of the service and the security of operations, such as: partner universities (when applicable), security/concierge and access control companies, building maintenance and cleaning, payment and collection methods, hosting and email providers, auditing and consulting. We act as controller in relation to residents and contractually indicate the responsibilities of controllers and operators according to each data flow.

Cookie Policy

This Website uses strictly necessary cookies to function. Analytical and advertising/remarketing cookies are only installed after your consent obtained through our cookie banner.

You can accept, reject or manage categories (necessary, analytical, advertising) and revoke your choice at any time through the "Manage cookies" link available in the Site footer.

Without your consent for non-essential cookies, we will not perform individualized measurements, behavioral targeting or remarketing.

For details of each cookie, purposes and duration, see our Cookie Policy.

Detailed information on the processing of Personal Data

Contacting the User

Contact form

Personal Data processed: Usage Data, first name, last name, email, phone number, among others.

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

Managing contacts and sending messages

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.

SPAM and bots protection

This type of service analyzes the traffic of this Website, potentially containing Users' Personal Data, with the purpose of filtering it from unwanted parts of traffic, messages and content that are recognized as SPAM or protecting it from malicious bots activities.

Traffic optimization and distribution

The rights of Users

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following, to the extent permitted by law:

• Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
• Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
• Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
• Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
• Restrict the processing of their Data. Users have the right to restrict the processing of their Data for any purpose other than the storage of such Data.
• Have their Personal Data deleted or otherwise removed. Users have the right to obtain the erasure of their Data from the Owner.
• Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
• Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. Such requests are free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users' request, the Owner will inform them about those recipients.

Additional information for Users in Brazil

This section of the document integrates with and supplements the information contained in the rest of the privacy policy and is provided by the entity running this Website and, if the case may be, its parent, subsidiaries and affiliates (for the purposes of this section referred to collectively as "we", "us", "our").

This section applies to all Users in Brazil (Users are referred to below, simply as "you", "your", "yours"), according to the "Lei Geral de Proteção de Dados" (the "LGPD"), and for such Users, it supersedes any other possibly divergent or conflicting information contained in the privacy policy.

This part of the document uses the term "personal information" as it is defined in the LGPD.

Protection of children and adolescents

When the data subject is a child or adolescent, we process data observing the best interest of the minor and, when required, with consent from one of the parents or legal guardian, in accordance with art. 14 of the LGPD and the ECA (Child and Adolescent Statute).

Security and incident management

We maintain an internal retention and disposal policy, access matrix and incident response plan. In case of a personal data breach that may result in relevant risk or damage, we will adopt appropriate measures, including communication to data subjects and ANPD (National Data Protection Authority), when applicable.

Contact information

Owner and Data Controller

Uliving Brasil Hospedagem Estudantil LTDA

Owner contact email: [email protected]