Privacy Policy

Welcome to the incredible journey of you becoming you.

TiJUBU and Truleadership, Unipessoal, Lda., its legal entity, (collectively, "TiJUBU", "Truleadership", "Trulea", "Company", "the Services," "we," "us," or "our") welcome you (the "User", "you" or "your") to our website at https://tijubu.com/ as well as to any additional website, webpages (such as landing pages for marketing purposes) and/or mobile applications owned and/or operated by TiJUBU (collectively, the "Site"), that allows for free or trial version or demo, or usage by the paying customer's (the "Customer") end users to our web-based and mobile platform (collectively, the "Service" or "Services").

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Site and Services. The terms used in this Privacy Policy have the same meaning as in our Terms of Use, available at https://tijubu.com/terms-of-service, unless otherwise defined here.

We process personal data in two distinct roles, and it is important to know which applies:

• As controller, for personal data relating to website visitors, individual and trial users, marketing contacts, and account administration and support. For this data we decide the purposes and means, and this Policy describes that processing.
• As processor, for the personal data that our business customers upload to the Services about their own employees and workforce (for example, compensation data in TiJUBU Pay Analysis). For that data, our customer is the controller, we act only on the customer's documented instructions under a Data Processing Agreement, and the customer's own privacy notice governs how that data subject's information is handled. Section 9 explains this further.

1.1 For the processing described in this Policy, the controller is Truleadership, Unipessoal, Lda. (details above).

1.2 You can contact us on any data protection matter at dataprotection@tijubu.com or at the registered office.

We process personal data, in our role as controller, for the following purposes and on the following lawful bases under Article 6 GDPR:

In our role as controller we may process:

We collect only the data necessary for the purposes above (data minimization). We do not collect categories of data beyond those needed for a stated purpose. You are responsible for providing accurate data and for keeping it up to date; you may correct it at any time (Section 5).

We retain personal data only as long as necessary for the purpose for which it was collected:

For newsletters, processing begins when you submit the subscription form and ends when you unsubscribe via the link in any newsletter, after which we confirm removal by email.

5.1 You have the right to be informed and to access, rectify, erase, restrict, port and object to the processing of your personal data, and, where processing is based on consent, to withdraw consent at any time without affecting prior lawful processing.

5.2 You can delete your account and associated personal data through the "My Profile" section, or by contacting dataprotection@tijubu.com. On deletion we remove personal data from our systems unless retention is legally required.

5.3 Exercise your rights in writing to the registered office or to dataprotection@tijubu.com. You also have the right to lodge a complaint with the supervisory authority, currently the CNPD (Comissão Nacional de Proteção de Dados) in Portugal, or your local authority.

5.4 Where we act as processor for customer data (Section 9), please direct your rights request to the relevant customer (the controller); if you contact us, we will forward your request to that customer.

6.1 We implement appropriate technical and organizational measures to protect personal data, including: anti-malware and firewall protection; differentiated, role-based access; unique credentials and password quality rules; detection of unauthorized access; removal of access on termination of a relationship; periodic backups; and periodic penetration testing. We review and update these measures.

6.2 If a personal data breach occurs, we will notify the competent authority without undue delay and, where feasible, within 72 hours of becoming aware, and we will inform affected data subjects where required by law. Where we act as processor, we notify the relevant customer (the controller) without undue delay so that it can meet its own obligations.

7.1 Where we share personal data with service providers acting on our behalf, we do so under contracts that require appropriate security and limit them to processing only what is necessary on our instructions.

8.1 Personal data we process as controller is processed within the EEA where possible. Some website analytics and marketing tools may involve recipients outside the EEA (see Section 10); where that occurs, we rely on an adequacy decision, the EU-US Data Privacy Framework where the recipient is certified, or EU Standard Contractual Clauses with appropriate safeguards.

8.2 Personal data we process as processor for the Services (customer data) is hosted within the EEA, in Amazon Web Services, Ireland. We do not transfer it outside the EEA except as described in the applicable Data Processing Agreement and with a compliant transfer mechanism.

9.1 When a business customer uses the Services to process personal data about its employees or workforce, the customer is the controller and TiJUBU is the processor. We process that data only on the customer's documented instructions, under a Data Processing Agreement that meets Article 28 GDPR.

9.2 In that role we do not decide the purposes of the processing, we do not use the data for our own purposes, and we do not use it to train artificial-intelligence models for the benefit of any third party or other customer.

9.3 If you are an employee or other individual whose data has been uploaded to the Services by your employer or another organization, that organization is responsible for informing you and for handling your data protection rights. Its own privacy notice applies. If you contact us, we will refer or forward your request to that organization.

10.1 We use cookies and similar technologies on the Site. You can control non-essential cookies through the banner on your first visit or via 'Cookie Preferences' in the footer at any time.

• Strictly necessary (Art. 6(1)(b) GDPR / ePrivacy Art. 5(3) exemption): required for the Site to function; cannot be disabled; retention: session.
• Analytics (consent, Art. 6(1)(a)): Google Analytics 4 for aggregate usage patterns, with IP anonymization, no cross-site tracking; retention: 14 months.
• Functional (consent, Art. 6(1)(a)): stores lens preference, language and form state; retention: 12 months.
• Marketing (consent, Art. 6(1)(a)): LinkedIn Insight Tag to measure LinkedIn campaign performance; no personal data is sold; retention: 90 days.

10.2 You may withdraw or change consent at any time via 'Cookie Preferences'. Withdrawal does not affect prior lawful processing.

11.1 We may update this Policy. We will publish the updated version with a new effective date and, where the change is material, bring it to your attention by an appropriate means (for example email to registered users or a notice on the Site) rather than by posting alone.