Close this search box.

Corall's Privacy and Data Security Policy

At CORALL, we always take the protection and security of personal data of our employees and all clients seeking our organizational consulting services seriously. Therefore, the collection and processing of information and personal data in our environments and systems are conducted solely within the context of providing our services, thus ensuring the success of the proposed initiative.

CORALL has integrity in all its relationships and does not monetize collected personal data. Therefore, the data will be used for the purpose of achieving excellence in the provision of its services.

Thus, this Privacy Policy, together with the Terms of Use of our website, describes CORALL’s commitment to how it will use and treat the personal data of visitors, clients, and partners, before or after the contracting of services.

In this context, the treatment of personal data collected through the website, when visiting the site, when contracting our services, or when the treatment involved in sharing personal information with other processing agents, is included.

If, after reading our policy, you do not understand or agree with any point, we ask you to contact us via email at before continuing to browse or contract.



The General Data Protection Law – LGPD (Law No. 13.709/2018) came to protect the personal and sensitive personal data of individuals in Brazil, also called data subjects.

According to the LGPD, “personal data” is any data that identifies or makes an individual identifiable. “Sensitive personal data” refers to information that, by its nature, requires greater care, especially to protect against discrimination.

Sensitive data, as defined by the LGPD, includes data on racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical, or political nature, data related to health or sexual life, and genetic or biometric data, when linked to a physical person.



Access to all functionalities of the CORALL platform, including the contracting of services, depends on the collection and sharing of user and/or client data.

Thus, to meet the user’s request, as well as for its legitimate interests, CORALL may collect the following types of personal data:

  1. Identification and contact data, such as full name, email, and mobile phone;
  2. Navigation data, such as IP address and pages visited on our site;
  3. Geolocation data and device identification;
  4. Payment data, when contracting our services.

When filling out our forms, it is important that you, or the person authorized by you, fill in your personal data and only insert true and updated information, as we are not responsible for verifying it. The responsibility, in any case, civil and/or criminal, is yours regarding the veracity, accuracy, and authenticity of the information included in our database.

In addition to the mentioned data, we collect and store automatically information about your activity and navigation on the site, using cookies (see more details in item 09 below).

Finally, CORALL does not collect data from minors through its website. If such data is found, it will be immediately discarded, and we will take all necessary care for its complete deletion.



CORALL is a consulting company that provides specialized services in transformation processes and culture in organizations. The personal data used has a specific purpose and is restricted to the scope of the company’s expertise.

Thus, we use the information and personal data collected for the following purposes:

  1. Enable the provision of specialized consulting services;
  2. Respond to customer queries, whenever requested;
  3. Manage the provision of contracted services, maintaining quality and promoting general statistics in relation to CORALL’s service provision;
  4. Improve your experience with our services through constant customization;
  5. With your knowledge and authorization, for use in our podcast “No caminho a gente se explica” and in any commercial and/or educational videos;
  6. Detect, prevent, or investigate possible security incidents or fraud;
  7. When applicable, respond to requests from the National Data Protection Authority (ANPD) or other public and government authorities.

We may use your data in connection with our services to fulfill ancillary obligations to what we have already committed to you, including through the Terms of Use, or even to enable the execution of contracts.

We may also process your data to fulfill legal or regulatory obligations that fall on CORALL, as well as for legitimate purposes of the company that are authorized by the LGPD or other applicable sectoral regulations.



CORALL will be the controller of your personal data when its services are contracted, in relation to employees, as well as when these data are inserted through the website or captured by one of its systems. In these cases, it is our responsibility to adequately elect the legal bases consistent with the purposes set out in this policy, as well as to directly respond to your requests regarding the rights provided in the LGPD.

It is important for you to know that different types of personal data can be collected, identification data of the data subject, site visitors’ data, employees’ data, among others, depending on your use of our site, or even the requirements of labor legislation, in the case of employees.

We may share your personal data with other companies that contribute to improving or facilitating operations through the site or internal system, such as: attending to those interested in hiring our services, database management tools, email management, internal flows and user service, among others. In this case, CORALL commits to hiring only suppliers that comply with data protection legislation, by signing agreements or covenants with specific clauses for this purpose.

Thus, if our site contains links to third-party pages, it is important that you understand that each of these sites will contain its own Privacy Policy, and CORALL is not responsible for the data processing by such pages.

Similarly, in cases where there is a need for international transfer of personal data to other countries, CORALL commits to hiring only suppliers that adopt security measures and good practices compatible with the level of protection established by Brazilian legislation, as regulated by the National Data Protection Authority – ANPD. In the absence of specific regulation, CORALL commits to working only with companies adhering to other data protection regulations, such as the European GDPR, American CCPA and CDPA, and The Australian Privacy Act; companies whose contracts contain specific clauses for transfers with CORALL; as well as to restrict the transfer only to what is strictly necessary to fulfill the obligations assumed.



To protect the personal data collected, we use appropriate technologies and procedures according to the level of risk and the service provided, having a team responsible for managing them in compliance with legal provisions, regulatory requirements, changes in technology, among other relevant factors that may influence data protection.

Due to the nature of the Internet, there is a risk that third parties with malicious intent may access information stored in our systems. If this occurs, CORALL will only be responsible within the limits provided in the applicable current legislation.

The use of any device, software, or other resource that may interfere with the activities and operations of CORALL, both through the website and other systems or databases, is prohibited. If any intrusion, attempt, or activity that violates or contradicts intellectual property rights laws and/or the provisions stipulated in this Policy, Terms of Use, and/or applicable current laws, including the LGPD, is identified, the responsible party will be subject to the applicable sanctions, as provided in law or stipulated in this document, and must also indemnify for any damages caused.



We only use your data for the time necessary to fulfill the purposes listed above and in the cases provided for and/or authorized by the LGPD and applicable legislation. To this end, we follow the following parameters to determine the retention period of your personal data:

  1. The period necessary to fulfill the purpose of collection;
  2. The moment you cease to use the site;
  3. The moment of revocation of consent or request for deletion of data by you, only if and when the legal basis for data processing is consent;
  4. The period to prove compliance with duties and obligations by CORALL;
  5. Legal, regulatory periods, contained in judicial decisions, or determined by the ANPD;
  6. Periods for compliance with legal or regulatory obligation by the controller;
  7. The period of contract execution;
  8. The period for the defense or exercise of rights by CORALL;
  9. Transfer to third parties, provided that the treatment requirements set forth in applicable legislation are respected;

Exclusive use by the controller, barring access by third parties, and provided the data is anonymized.



We guarantee you the exercise of rights provided in the LGPD, namely:

  1. Right of confirmation: You can confirm if CORALL processes any of your personal data.
  2. Right of access: You can request details of your data, as well as obtain copies of such information, through the email
  3. Right to correction: You can correct or remove any personal data that is incomplete, inaccurate, or outdated.
  4. Right to anonymization, blocking, or deletion: You can request the anonymization, blocking, or deletion of data that is unnecessary, excessive, or processed in non-compliance with the purposes set out in this Policy, subject to other legal norms. In these cases, if anonymization or blocking of data impairs the maintenance of the contracted service, the contract may be terminated.
  5. Right to information: You can request information about which types of companies we share your data with, as well as be informed of the consequences if you choose not to consent to the collection and processing of your personal data, when necessary.
  6. Right to refuse marketing: At any time, you can request the cancellation of receiving materials through the link provided in the marketing email sent.
  7. Right to data portability: After regulation by the ANPD or if technically feasible, you can request that your personal data be transferred to you or third parties, except for those that have been anonymized and deleted from our database and do not infringe intellectual and/or industrial property rights nor are confidential under contracts between you and CORALL.
  8. Right to revoke consent: When the legal basis for data processing is consent, you can cancel this previously given consent to us. It’s important to know that cancellation will not affect the use or sharing of data carried out before the request to revoke consent.

To exercise the rights provided in the LGPD and listed here, which are not absolute, you should send an email to

We also commit to informing other processing agents with whom we have shared information so that they also carry out the necessary procedures to meet your request.



CORALL has a team of professionals dedicated to data protection and privacy.

If you have a specific question not clarified by our Privacy Policy, Terms of Use, or on our platform, you can, as a last resort, contact CORALL’s DPO and open a ticket through the email



Our website uses cookies and similar technologies to store and manage your browsing preferences, enable content, and collect site analysis and usage data. The use of these technologies is common on websites and platforms in general, consisting of a small text file placed on your device or browser, which allows your identification as a user and the device used, as well as to collect navigation information.

The cookies we use can perform different functions. Some are necessary and essential for navigation and use of CORALL’s platform features, others collect information on how you use the site and serve to improve performance and browsing experience. Finally, functional cookies remember your choices and preferences, personalizing your experience on the site.

You can disable cookies through your browser settings, installing market-available plug-ins, or using other technologies you deem necessary.



We are committed to cooperating with competent authorities and third parties to ensure compliance with laws, including in matters of protection of industrial and intellectual property rights, fraud prevention, personal data protection, among others. In this context, we will only reveal your personal data upon requests from competent judicial or governmental authorities, within the scope of investigations and processes conducted by them, provided there is no legal prohibition establishing secrecy.



The use of the name CORALL, the domain (and ramifications), as well as the contents of the site screens, are the property of the company and are protected by international intellectual property laws and treaties. You should not misuse or reproduce, in whole or in part, such content, except with express authorization.

At the moment you visit the site, fill out a form to contact CORALL, or when contracting our services, you must read, understand, and accept this Policy, as per the specific option provided in the form. However, this Policy is an adhesion contract and undergoes periodic revisions, without the need for prior notification.

Therefore, it is important that you consult the document to know if you continue to agree with its terms before continuing navigation.

CORALL’s Privacy Policy is in compliance and should be interpreted based on the laws in force in the Federative Republic of Brazil.

To resolve any doubts or issues related to it, the parties elect the Court of the District of São Paulo/SP, to the exclusion of any other.