Explore Industries

Pharmaceutical Call Centers Banking & Finance Tech Enterprise

Pharmaceutical

Rep training with auditable evidence for ANVISA and FDA.

RDC 658FDA 21 CFRICH Q9
Learn more

Legal

GDPR — Data Protection

Last updated: February 1, 2026

Table of Contents

Our Commitment to GDPR

Roleplays, operated by Nuvvun Consultoria e Inovação LTDA, is committed to protecting personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page outlines how we process personal data of individuals in the European Economic Area (EEA) and United Kingdom.

Lawful Bases for Processing

We process personal data based on the following lawful bases:

  • Contract performance (Art. 6(1)(b)) — to deliver contracted services;
  • Legitimate interests (Art. 6(1)(f)) — for service improvement, security, and fraud prevention;
  • Consent (Art. 6(1)(a)) — for marketing communications and non-essential cookies;
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable laws and regulations.

Data Controller Information

Data Controller: Nuvvun Consultoria e Inovação LTDA

Address: Alameda Rio Negro, 503 — Sala 2020, Barueri — SP, 06454-000, Brazil

DPO Contact: legal@roleplays.com.br

Data Subject Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15);
  • Rectification of inaccurate data (Art. 16);
  • Erasure / "right to be forgotten" (Art. 17);
  • Restriction of processing (Art. 18);
  • Data portability (Art. 20);
  • Object to processing (Art. 21);
  • Not be subject to automated decision-making (Art. 22);
  • Withdraw consent at any time (Art. 7(3)).

To exercise your rights, contact us at legal@roleplays.com.br. We will respond within 30 days as required by GDPR.

International Data Transfers

As Roleplays is based in Brazil, data transfers from the EEA are protected by:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions where applicable;
  • Supplementary measures including encryption and access controls.

We use AI providers (OpenAI, Anthropic, Google) based in the US, covered by appropriate transfer mechanisms.

Data Retention

Personal data is retained only as long as necessary for its purpose. Post-account termination:

  • 30 days for reactivation, then permanent deletion;
  • Anonymized data may be retained indefinitely for statistical purposes;
  • Legal obligations may require longer retention.

Security Measures

We implement appropriate technical and organizational measures:

  • Encryption in transit (TLS 1.3) and at rest (AES-256);
  • Database-per-tenant isolation;
  • Role-based access control (RBAC);
  • Continuous monitoring and anomaly detection;
  • Regular penetration testing;
  • Staff training on data protection;
  • Incident response procedures;
  • Encrypted automated backups.

Data Breach Notification

In the event of a personal data breach:

  • Notification to the relevant supervisory authority within 72 hours (Art. 33);
  • Communication to affected data subjects without undue delay when high risk (Art. 34);
  • Internal documentation of all breaches including remedial actions.

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.

For a list of EEA supervisory authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Contact

For data protection inquiries:

Email: legal@roleplays.com.br

Address: Alameda Rio Negro, 503 — Sala 2020, Barueri — SP, 06454-000, Brazil

We aim to respond to all requests within 30 days.

Nuvvun Consultoria e Inovação LTDA

CNPJ: 64.290.716/0001-53

Alameda Rio Negro, 503 — Sala 2020, Barueri — SP, 06454-000

legal@roleplays.com.br · contato@roleplays.com.br · (11) 93619-6099